Your message dated Wed, 20 Feb 2013 22:49:01 +0100
with message-id <512544cd.1010...@thykier.net>
and subject line Re: Bug#700956: RM: djmount/0.71-5
has caused the Debian Bug report #699561,
regarding djmount: multiple vulnerabilities in libupnp
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
699561: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699561
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: djmount
Severity: grave
Tags: security
Justification: user security hole
libupnp has multiple vulnerabilities in unique_service_name() function.
djmount embeds libupnp (which is a bad thing per se, another bug is
coming).
As djmount is a “client” application I'm not sure it's really vulnerable
to this, so please investigate and adjust the severity if needed.
Regards,
--
Yves-Alexis
-- System Information:
Debian Release: 7.0
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-grsec-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
On 2013-02-20 19:20, Dario Minnucci wrote:
>
> Hi Niels,
>
> On 02/20/2013 06:03 PM, Niels Thykier wrote:
>> On 2013-02-20 15:03, Dario Minnucci wrote:
>>> [...]
>>>
>>> djmount is always built using --with-external-libupnp and
>>> --with-external-talloc arguments to ensure
>>> is using libs provided by libtalloc-dev and libupnp-dev debian packages.
>>>
>>> Regards.
>>>
>>> [...]
>>>
>>
>> [...]
>
>
> Oops, I wasn't aware of #699561.
>
> I'll update and downgrade it in a minute.
>
> Sorry and thanks for the pointer.
>
> Regards,
>
Thanks for following up to #699561, I have taken the liberty of closing
it[1] along with this request so both will be removed from our TODO list.
~Niels
[1] Due to Yves-Alexis Perez's suggestion to do so and because it is
currently still of RC severity.
--- End Message ---
