Bug#669024: marked as done (CVE-2012-2090 / CVE-2012-2091)

[Debian Bug Tracking System]

Your message dated Sun, 08 Sep 2013 13:05:41 +0000
with message-id <e1viegp-0000ug...@franck.debian.org>
and subject line Bug#669024: fixed in simgear 2.10.0-3
has caused the Debian Bug report #669024,
regarding CVE-2012-2090 / CVE-2012-2091
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
669024: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669024
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: simgear
Severity: important
Tags: security

CVE-2012-2090:
http://sourceforge.net/mailarchive/message.php?msg_id=28957051

CVE-2012-2091:
http://sourceforge.net/mailarchive/message.php?msg_id=29011989

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: simgear
Source-Version: 2.10.0-3

We believe that the bug you reported is fixed in the latest version of
simgear, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 669...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Wanner <mar...@bluegap.ch> (supplier of updated simgear package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 08 Sep 2013 10:25:53 +0200
Source: simgear
Binary: libsimgearcore2.10.0 libsimgearcore2.10.0-dbg libsimgearscene2.10.0 
libsimgearscene2.10.0-dbg libsimgear-dev simgear-dev
Architecture: source amd64 all
Version: 2.10.0-3
Distribution: unstable
Urgency: low
Maintainer: Debian FlightGear Crew <pkg-fgfs-c...@lists.alioth.debian.org>
Changed-By: Markus Wanner <mar...@bluegap.ch>
Description: 
 libsimgear-dev - Simulator Construction Gear -- development files
 libsimgearcore2.10.0 - Simulator Construction Gear -- core library
 libsimgearcore2.10.0-dbg - debugging symbols for libsimgearcore
 libsimgearscene2.10.0 - Simulator Construction Gear -- scene library
 libsimgearscene2.10.0-dbg - debugging symbols for libsimgearscene
 simgear-dev - transitional dummy package
Closes: 669024
Changes: 
 simgear (2.10.0-3) unstable; urgency=low
 .
   * Correct an off-by-one bug in patch CVE-2012-2091.diff.
 .
 simgear (2.10.0-2) unstable; urgency=low
 .
   [ Scott Kitterman ]
   * Fix for CVE-2012-2091: add checks against buffer overruns in
     sg_socket_udp.cxx when reading from UDP sockets.
 .
   [ Markus Wanner ]
   * Fix for CVE-2012-2090: prevent %n being passed to format
     strings. Together with the above fix, this closes: #669024.
   * Update copyright file. Now in DEP-5 style.
Checksums-Sha1: 
 243dcd2bed0db2fdc20c21670cc7e6e666995880 3302 simgear_2.10.0-3.dsc
 78da3565af3b3e9d3cf38de3230cbc81ee211217 12033 simgear_2.10.0-3.debian.tar.gz
 5782aacbe3723904b5fe4b06aaf160521d35c099 467146 
libsimgearcore2.10.0_2.10.0-3_amd64.deb
 e4af224ff4abe85ccc6b36e562bb4ab272422880 2013702 
libsimgearcore2.10.0-dbg_2.10.0-3_amd64.deb
 e0905a71b6d20870a88c60f9712adf6907e1a211 796410 
libsimgearscene2.10.0_2.10.0-3_amd64.deb
 b8f90f20537e13484512d18196be61c1844678a7 12994674 
libsimgearscene2.10.0-dbg_2.10.0-3_amd64.deb
 6511277ed8e1d9336e2e3768868d8fbab3f695d3 315548 
libsimgear-dev_2.10.0-3_amd64.deb
 1035cb8144780ed4878b44bb23db92ba489013e3 123728 simgear-dev_2.10.0-3_all.deb
Checksums-Sha256: 
 8b29444aea1917f70547db05388b4390bf1481847d87c3dddf88e6905c54927f 3302 
simgear_2.10.0-3.dsc
 26132bf364398afd29912f6c507aadab76dcc07fa77d13c58db543ea346f19bd 12033 
simgear_2.10.0-3.debian.tar.gz
 85500ceab554de9639faf90b9a4ee2d1a29dc77823596f04c54409a6c06952cd 467146 
libsimgearcore2.10.0_2.10.0-3_amd64.deb
 c86bc040c8a1e9a1a46ca110213f06a65cb4809bf4cb690fea01ceeb734a11f0 2013702 
libsimgearcore2.10.0-dbg_2.10.0-3_amd64.deb
 515dfe4c7f3c09efb1bc9715f07d3ef25cfd4086131c3d5955d7ee54037a6213 796410 
libsimgearscene2.10.0_2.10.0-3_amd64.deb
 f0f6625b5924700b0ea64e59c6dbab0af1a2d512e813507a820400e0b2361b46 12994674 
libsimgearscene2.10.0-dbg_2.10.0-3_amd64.deb
 0089141c39397ed0d2bd22fea5a3d03c782e1deb8a6b9e66e4829902720b0029 315548 
libsimgear-dev_2.10.0-3_amd64.deb
 b893b043644d1ac9baccfcab7ca4a06cba013a2cc8d813c14771c5b33cfbf24d 123728 
simgear-dev_2.10.0-3_all.deb
Files: 
 757548a8f724575b1d1fa1b2b37d3c9a 3302 libs extra simgear_2.10.0-3.dsc
 9887f7bb99830bc3f6ff8b0b6e0b6b2d 12033 libs extra 
simgear_2.10.0-3.debian.tar.gz
 77bab6393367144bf23666d776ce0fcc 467146 libs extra 
libsimgearcore2.10.0_2.10.0-3_amd64.deb
 f6e659b7ca866b95e2512996cef19fa6 2013702 debug extra 
libsimgearcore2.10.0-dbg_2.10.0-3_amd64.deb
 b9b47a8eb1ed5d9c2e8fda6d157b46c9 796410 libs extra 
libsimgearscene2.10.0_2.10.0-3_amd64.deb
 a4b07d2e65becb698387dcded797cb45 12994674 debug extra 
libsimgearscene2.10.0-dbg_2.10.0-3_amd64.deb
 843ce255636438a2fd1ba0f96e521929 315548 libdevel extra 
libsimgear-dev_2.10.0-3_amd64.deb
 a405aad2811e0bf96ee7846673b5f984 123728 oldlibs extra 
simgear-dev_2.10.0-3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQQcBAEBCgAGBQJSLGJzAAoJEOhoLRs/MemzFtMgAMh80uz3cH16BXbiRZmth8+6
wwcSZEY1EXvcq7aCClgyphCQpndxo4+zOJJuTevUY8Op7Lw64A6wXdFzIlQZkfAT
xHMQG2Ss5tZ4xiW9+mcUOS5MRPBuYn66ooVqdVoa70+lkNLc67QkL9GU8ckXHaQj
qpm2gyWgJAK1p/Y0R4qdCpo9X1bBO9XLhOSFMgl0phKkLxAreEgxyrvr46MAoVTM
I9eAEVHoN6SDyi+of3Mt/cA/sTG9D1vnKbtAAc7MgClIqNehSeZiBm8bOA44KvUx
hRQOf3GFW2Aff32/dsQDgXHhEI/jRauRR6gknRGfMl6fy2DPu/Ej00qrAnuwewIM
DUnBv3txNgis5BVw4KsuwGq4abtn49QKGbVnS4IJYZBo9HH+T7LkBM1Wt0PBGTEI
vTN+QsjhfhzV1UYPwaV7NoUn10upvjyhMuCVYiVc0w/i99f/9d0/Lv7HUelDcesp
eme3VE2aC7nvxTt8+vUhAieFVZeszRRMq13BTMKZxwKaXkFfXxVoPXY2fKAu0QjA
VDZ9creVxK0mOSVX1JuW2oYrHekECehEwPuLf7RaHbJAjfgr+zndFcYs37ZJ0y/W
a0sRxhlooqtxkLCn9HZ2Jm0uUUpZRMNE+Q/OWkL2gXfB5Mcx5wTuwYvm70xQUZbM
pd5p89YQJ3r5mzfgf2lNIVC8ycYT3C6iuOI0dmUH5mEgivYkE2w864kC4DENhIgt
2LcFAaOSLj62lSGb0IBpffQmPegykTR41+MwSZLf51D8sLxV4RKkhougoY1yyBhn
12G76oGTr2ohDi5k337HqzXupFPzXb08g+PYHSvUcBvlV3uoKjYVho+OFXcGc5ak
6lZwgg0gKqRnVCymMtfSL9pwsSw5oGmX4emoLWwV3kO2z78MWqwdJ/FP6BgPIJnb
LzNabEJ3osPtsaMI6KUbSDEneH/sYH62udKlzbOlYMFrMPr15UzwBvDcdv36gMWE
9vQJQT940QKvlDEqhxYWzwRyAZC6Y1yQYpo3QQNMh/3AAvonDe6A7hmrzn9hDmMY
3ks7tzeDRZ4pWNQ4Ne2qPxqE2gS7LgOgldQl7GyoRrNAFJPfF5m6Rz8RXUINIQC+
wMATFFn8PM9Kf773wT840i31m1xVLqEii71KtPOPI/rGaz7y5dGNETfMIDxn+0Tt
OgCgaX6RKsG93pSV9n48iZiDnlC9feRuUvVLFQ8UDBIoE0t9Wjg7e4qECHKWcolh
+3BilWcDYRUsXEJbnxYpmsv+HFykuTu8yhQOuAo8HFHdwKXryLFtRjuKevZk1MpN
yz4XaYF7+/7yUZ/sEYgD49Q2gUIo6+xpNGEt8WLb8lB7v2qMXXndIdO1AaP4+1A=
=Wu+W
-----END PGP SIGNATURE-----

--- End Message ---