Bug#699459: marked as done (libupnp4: Multiple stack buffer overflow vulnerabilities)

Debian Bug Tracking System Sun, 03 Feb 2013 15:06:20 -0800

Your message dated Sun, 03 Feb 2013 23:02:05 +0000
with message-id <e1u28zz-0006k3...@franck.debian.org>
and subject line Bug#699459: fixed in libupnp4 1.8.0~svn20100507-1+squeeze1
has caused the Debian Bug report #699459,
regarding libupnp4: Multiple stack buffer overflow vulnerabilities
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
699459: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699459
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libupnp4
Severity: grave
Tags: security


More information is available at bug #699316 (including a patch).
According to bug #699351, these security problems are also found in
libupnp4.

Here's the original posting by Salvatore Bonaccorso <car...@debian.org>


Hi,

the following vulnerabilities were published for libupnp.

CVE-2012-5958[0]: Stack buffer overflow of Tempbuf
CVE-2012-5959[1]: Stack buffer overflow of Event->UDN
CVE-2012-5960[2]: Stack buffer overflow of Event->UDN
CVE-2012-5961[3]: Stack buffer overflow of Evt->UDN
CVE-2012-5962[4]: Stack buffer overflow of Evt->DeviceType
CVE-2012-5963[5]: Stack buffer overflow of Event->UDN
CVE-2012-5964[6]: Stack buffer overflow of Event->DeviceType
CVE-2012-5965[7]: Stack buffer overflow of Event->DeviceType

Upstream changelog for 1.6.18 states:

*******************************************************************************
Version 1.6.18
*******************************************************************************

2012-12-06 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

        Security fix for CERT issue VU#922681

        This patch addresses three possible buffer overflows in function
        unique_service_name(). The three issues have the folowing CVE numbers:

        CVE-2012-5958 Issue #2: Stack buffer overflow of Tempbuf
        CVE-2012-5959 Issue #4: Stack buffer overflow of Event->UDN
        CVE-2012-5960 Issue #8: Stack buffer overflow of Event->UDN

        Notice that the following issues have already been dealt by previous
        work:

        CVE-2012-5961 Issue #1: Stack buffer overflow of Evt->UDN
        CVE-2012-5962 Issue #3: Stack buffer overflow of Evt->DeviceType
        CVE-2012-5963 Issue #5: Stack buffer overflow of Event->UDN
        CVE-2012-5964 Issue #6: Stack buffer overflow of Event->DeviceType
        CVE-2012-5965 Issue #7: Stack buffer overflow of Event->DeviceType

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5958
    http://security-tracker.debian.org/tracker/CVE-2012-5958
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5959
    http://security-tracker.debian.org/tracker/CVE-2012-5959
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5960
    http://security-tracker.debian.org/tracker/CVE-2012-5960
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5961
    http://security-tracker.debian.org/tracker/CVE-2012-5961
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5962
    http://security-tracker.debian.org/tracker/CVE-2012-5962
[5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5963
    http://security-tracker.debian.org/tracker/CVE-2012-5963
[6] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5964
    http://security-tracker.debian.org/tracker/CVE-2012-5964
[7] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5965
    http://security-tracker.debian.org/tracker/CVE-2012-5965

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: libupnp4
Source-Version: 1.8.0~svn20100507-1+squeeze1

We believe that the bug you reported is fixed in the latest version of
libupnp4, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 699...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Yves-Alexis Perez <cor...@debian.org> (supplier of updated libupnp4 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 01 Feb 2013 21:55:51 +0100
Source: libupnp4
Binary: libupnp4 libupnp4-dev libupnp4-dbg libupnp4-doc
Architecture: source amd64 all
Version: 1.8.0~svn20100507-1+squeeze1
Distribution: stable-security
Urgency: high
Maintainer: Nick Leverton <n...@leverton.org>
Changed-By: Yves-Alexis Perez <cor...@debian.org>
Description: 
 libupnp4   - Portable SDK for UPnP Devices, version 1.8 (shared libraries)
 libupnp4-dbg - debugging symbols for libupnp4
 libupnp4-dev - Portable SDK for UPnP Devices, version 1.8 (development files)
 libupnp4-doc - Documentation for the Portable SDK for UPnP Devices, version 1.8
Closes: 699459
Changes: 
 libupnp4 (1.8.0~svn20100507-1+squeeze1) stable-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * debian/patches/0001-Security-fix-for-CERT-issue-VU-922681 added, fix
     various stack-based buffer overflows in service_unique_name() function.
     This fix CVE-2012-5958, CVE-2012-5959, CVE-2012-5960, CVE-2012-5961,
     CVE-2012-5962, CVE-2012-5963, CVE-2012-5964, CVE-2012-5965. closes: #699459
Checksums-Sha1: 
 c9d636a8dd417e354c6132bb4bde63ab99401c94 1557 
libupnp4_1.8.0~svn20100507-1+squeeze1.dsc
 3391bf13f2947a87fcc2995d473d77317b909679 1387405 
libupnp4_1.8.0~svn20100507.orig.tar.gz
 f4f406717d702f7a843bd180fd93ad7c9b37311d 28270 
libupnp4_1.8.0~svn20100507-1+squeeze1.diff.gz
 d70849aec43942d2fd6a2c1c81f61b8bab6c3c7f 167212 
libupnp4_1.8.0~svn20100507-1+squeeze1_amd64.deb
 7e3f9e3482bfc9e9bb683b71573960f29e3b6f52 242890 
libupnp4-dev_1.8.0~svn20100507-1+squeeze1_amd64.deb
 1c93d50fbcc5be5fb919f795a795e263b0c0c912 196762 
libupnp4-dbg_1.8.0~svn20100507-1+squeeze1_amd64.deb
 1d94996708be8682a16225fba77ba1ab5079d87c 12388496 
libupnp4-doc_1.8.0~svn20100507-1+squeeze1_all.deb
Checksums-Sha256: 
 c00d826afdcb2c5f7b6900af80a70f22827a190463da185395328a8372d6c3cb 1557 
libupnp4_1.8.0~svn20100507-1+squeeze1.dsc
 02a27bb68c5e6b30fec9a0eb69d73b3c667637c7156f7aa641cdbc244ed156ab 1387405 
libupnp4_1.8.0~svn20100507.orig.tar.gz
 deb61fe6df39fd91c123f72e8673d04e5f25d3f2495a58b3d48e32aa9d83f654 28270 
libupnp4_1.8.0~svn20100507-1+squeeze1.diff.gz
 9e5d9eb9f42f81fe2b57f319db39abd8996ede1b81c2a130940ed8e823720a21 167212 
libupnp4_1.8.0~svn20100507-1+squeeze1_amd64.deb
 e14a3b3757af7634a527320ab7f8ceed312572ed5805de98399ce2f88cbca04d 242890 
libupnp4-dev_1.8.0~svn20100507-1+squeeze1_amd64.deb
 09cc44a46e64c71e803af41180c2ee709d320e05e58021dc57b90fe9e332382c 196762 
libupnp4-dbg_1.8.0~svn20100507-1+squeeze1_amd64.deb
 ba481891e4364934b6664ca5bc738bfa8a0c7781c5de59e873cce2b4b9cdb8e5 12388496 
libupnp4-doc_1.8.0~svn20100507-1+squeeze1_all.deb
Files: 
 3112aa993d3d4c16a3961c12773b65e8 1557 net extra 
libupnp4_1.8.0~svn20100507-1+squeeze1.dsc
 ff32bd8d39668a0ffe659274c0273f45 1387405 net extra 
libupnp4_1.8.0~svn20100507.orig.tar.gz
 706e1fbb87e9aae9e857fed54acaaed8 28270 net extra 
libupnp4_1.8.0~svn20100507-1+squeeze1.diff.gz
 f4b2018918fafc304cfe177c8adff33e 167212 libs extra 
libupnp4_1.8.0~svn20100507-1+squeeze1_amd64.deb
 2c970458862b17f941a26aaec379090f 242890 libdevel extra 
libupnp4-dev_1.8.0~svn20100507-1+squeeze1_amd64.deb
 cc2d4ad0244df8613ea7a03702d21686 196762 debug extra 
libupnp4-dbg_1.8.0~svn20100507-1+squeeze1_amd64.deb
 124c30a27ee2f9332beee02a89e24835 12388496 doc extra 
libupnp4-doc_1.8.0~svn20100507-1+squeeze1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iQEcBAEBCgAGBQJRDC0qAAoJEG3bU/KmdcClmFMIAJV3289Js4F1tGZkzv8RVyvO
5Gt8Mw93M/qeuoqvneg8JfkUEz5ZowpDVwSCiDuzQ/bOUuY8rgjuusUJzqZJRBAC
N2GMUhRXOc8ig0ak2StI+eJAcBTrzP30m2mazhQvWlgg/cn+eir5TMlEjUoDHbqM
0sFLnslJk26FZJS9DsmdcK7Jb2wgSccZnJuCW/LIuEmB8VeamoRP5CabF9e1TcY1
sOG5jpnxhk2LQJBsHE/CStB993KI2uj+FpvPvawnR8FUiCg//BxlWUhPwXhoJ4g/
Wqhrzuy7VSMZuzCb3w2Z1Si+2ZARfvWDCL9DRt7jEoIx041GmHuqk/fyvExvTQY=
=DnUO
-----END PGP SIGNATURE-----

--- End Message ---

Bug#699459: marked as done (libupnp4: Multiple stack buffer overflow vulnerabilities)

Reply via email to