Your message dated Wed, 28 Aug 2013 00:19:09 +0000 with message-id <e1vettz-0006so...@franck.debian.org> and subject line Bug#720287: fixed in nas 1.9.3-6 has caused the Debian Bug report #720287, regarding nas: CVE-2013-4256 CVE-2013-4257 CVE-2013-4258 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 720287: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720287 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: nas Severity: grave Tags: security upstream patch Hi, the following vulnerabilities were published for nas (originally reported by Hamid Zamani): CVE-2013-4256[0]: Buffer Overflows CVE-2013-4257[1]: Heap Overflow CVE-2013-4258[2]: Format string If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. Patches are also available, see [3] and [4]. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4256 http://security-tracker.debian.org/tracker/CVE-2013-4256 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4257 http://security-tracker.debian.org/tracker/CVE-2013-4257 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4258 http://security-tracker.debian.org/tracker/CVE-2013-4258 [3] http://radscan.com/pipermail/nas/2013-August/001270.html [4] http://marc.info/?l=oss-security&m=137694353908055&w=2 Please adjust the affected versions in the BTS as needed, 1.9.3 was confirmed by the reporter, but might also be present in 1.9.2. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: nas Source-Version: 1.9.3-6 We believe that the bug you reported is fixed in the latest version of nas, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 720...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Steve McIntyre <93...@debian.org> (supplier of updated nas package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 23 Aug 2013 00:35:04 +0100 Source: nas Binary: libaudio2 nas libaudio-dev nas-bin nas-doc Architecture: source all amd64 Version: 1.9.3-6 Distribution: unstable Urgency: high Maintainer: Steve McIntyre <93...@debian.org> Changed-By: Steve McIntyre <93...@debian.org> Description: libaudio-dev - Network Audio System - development files libaudio2 - Network Audio System - shared libraries nas - Network Audio System - local server nas-bin - Network Audio System - client binaries nas-doc - Network Audio System - extra documentation Closes: 720287 Changes: nas (1.9.3-6) unstable; urgency=high . * Fixes for various long-standing security issues found by Hamid Zamani <m...@hamidx9.ir>. Closes: #720287 + Validate the port offset of nasd to fix a potential buffer overflow (CVE-2013-4256) + Use better string functions to guard against heap overflows (CVE-2013-4257) + Sanity-check the TCP_DEVICE environment variable to remove a format string bug (CVE-2013-4258) Checksums-Sha1: 44fed3d9055d9890c925baf42e701e375a37a1ca 1890 nas_1.9.3-6.dsc f2b3baddd2f637146ae6b1be45c1c3ad6d0eb581 44723 nas_1.9.3-6.diff.gz fd55da4f34ed0c1581e27d1dc57307c536ed12f9 158284 nas-doc_1.9.3-6_all.deb 46979d70fb345ff65f86c7690674991d23dcf543 110812 nas_1.9.3-6_amd64.deb e9e925bd8da069af56244fef8c9a675d3b1a9449 148378 nas-bin_1.9.3-6_amd64.deb 9d90b03bf5f02ebee04e9842162612e6f9ba738e 78326 libaudio2_1.9.3-6_amd64.deb fb883a9fef0b98f2db941ae693ba613c9e52317c 420278 libaudio-dev_1.9.3-6_amd64.deb Checksums-Sha256: d813d63a5c043d5e0362cc2069405d46482d6050ce6ef240b20f64787a38cc03 1890 nas_1.9.3-6.dsc 0df3509d5350efa15f79aa769b287067475af128fe8a443cf6e729d2941b238e 44723 nas_1.9.3-6.diff.gz 35fe49c8e681078a021c3420d5911ba530ffced2a5972bea7b3d0cc88f0acfc5 158284 nas-doc_1.9.3-6_all.deb 26ad5071526af4f7083fa78b86546747adb3ef21d9cf5bb09d73fe83161e29b3 110812 nas_1.9.3-6_amd64.deb 646f23fc2bafa4631d99097291e0e7821e23fef4457e05ec98f2fc17c1543600 148378 nas-bin_1.9.3-6_amd64.deb f475c4f9638f845f028dceb7e9315e20fdb30fe7325491b47c44fe08f7c9dadb 78326 libaudio2_1.9.3-6_amd64.deb d29222f02204ab48c8873f01aef0900fad0092d65553447d6c655066a01f4573 420278 libaudio-dev_1.9.3-6_amd64.deb Files: 6b241e2bf715c454ba8c582d11321e65 1890 sound optional nas_1.9.3-6.dsc b2eaf2745167196c247ec5a842fd9ef5 44723 sound optional nas_1.9.3-6.diff.gz 9f4cfc202ee495113193a3c81c3d4cf4 158284 doc extra nas-doc_1.9.3-6_all.deb ad3545ad3713b24086db31fea0002f00 110812 sound optional nas_1.9.3-6_amd64.deb f2c87702652bd8bb38a4cc5b8cae39ea 148378 sound extra nas-bin_1.9.3-6_amd64.deb ca71ec5b837ce6b4856b513050c94792 78326 libs optional libaudio2_1.9.3-6_amd64.deb 047e0688dc404e3857059e157b06e5d0 420278 libdevel optional libaudio-dev_1.9.3-6_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJSHTbeAAoJEFh5eVc0QmhONS4P/1Y87G7xHXILGgNPjL5IuiOo FbdunRSlXTTz38fwBk2YBO5onhn0PK+7k6x4d7UhoXU+QFQZrdACADvvhYUz+ztN QyTBCYzAN5k1E3FNSrD9JbzS3Zw4b5EpbbQ3Nuyvwyjv7mi0EwcDe5+BGZs1aKGN JcvSjlN/ugqDgVZk1SCQqr0zHYIoyKCxiPXzhlbpEwPEg6km/NgZb0Xl1QOOj7ju LHz6jctDmPeY8VXcbSCzjCvuh2fkI5EVys4VjK7DG20VKalYYivUQECdzaXawARb 5BJlNLxwa1i+jTzWVi5hw26SsWzy0Slv1v7tCzWvFl+09LEFACGg+0aPgJhWFpVW PmmLogBQ8/ygTEcYc+Brn0lnLgtRC+V1ZQDPAt2SPmM++UH2ALATv2qjmnC5Wrgm kM13NwG6O0uUXqKAaGOHoAz8H1IFDTxDWGDn8GGiAx6y7VWHS8uAf4knt5k53orj psjkby6O1vnV8v/9jBVAGp/Miipaavu4OpN8y6jgZytkQb5JUQyWJn0jZ47esQWP 8qGI1itBbC2LCx3rMOJ9bx3SIEiHPQrR3/8LGhhubPiR6Zl4RuBeM5PTTd3sJl9P PD1dLLmVASes2gn1+s4JOgWX2ynQZ/GwKWRDFHelGmkc0j0ADXt6o4IhFYrbFT6t JNCBEsqSEBEutpzhSQjW =Rd8B -----END PGP SIGNATURE-----
--- End Message ---
