Bug#731933: marked as done (libmicrohttpd: CVE-2013-7038 CVE-2013-7039)

Mon, 06 Jan 2014 13:48:49 -0800 

Your message dated Mon, 06 Jan 2014 21:47:06 +0000
with message-id <e1w0i0o-0007br...@franck.debian.org>
and subject line Bug#731933: fixed in libmicrohttpd 0.9.20-1+deb7u1
has caused the Debian Bug report #731933,
regarding libmicrohttpd: CVE-2013-7038 CVE-2013-7039
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
731933: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731933
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: libmicrohttpd
Severity: grave
Tags: security

Please see 
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7038
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7039

This doesn't warrant a DSA, but can still be fixed in a point
update if needed:
http://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
Source: libmicrohttpd
Source-Version: 0.9.20-1+deb7u1

We believe that the bug you reported is fixed in the latest version of
libmicrohttpd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 731...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bertrand Marc <beberk...@gmail.com> (supplier of updated libmicrohttpd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 26 Dec 2013 15:41:39 +0100
Source: libmicrohttpd
Binary: libmicrohttpd10 libmicrohttpd-dbg libmicrohttpd-dev
Architecture: source i386
Version: 0.9.20-1+deb7u1
Distribution: wheezy
Urgency: medium
Maintainer: Bertrand Marc <beberk...@gmail.com>
Changed-By: Bertrand Marc <beberk...@gmail.com>
Description: 
 libmicrohttpd-dbg - library embedding HTTP server functionality (debug)
 libmicrohttpd-dev - library embedding HTTP server functionality (development)
 libmicrohttpd10 - library embedding HTTP server functionality
Closes: 731933
Changes: 
 libmicrohttpd (0.9.20-1+deb7u1) wheezy; urgency=medium
 .
   * Fix various security issues (closes: #731933):
     + out-of-bounds read in MHD_http_unescape(), patch picked upstream,
     CVE-2013-7038.
     + stack overflow in MHD_digest_auth_check(), patch picked upstream,
     CVE-2013-7039.
     + handle case that original allocation request was zero and fix theoretical
     overflow issue reported by Florian Weimer, patch picked upstream.
Checksums-Sha1: 
 2ad3bcacca5a2ed2ed603fe791195b5871ad6624 2109 libmicrohttpd_0.9.20-1+deb7u1.dsc
 34bd0638c4dcc5472fd31ab4bee645f69272491d 6287 
libmicrohttpd_0.9.20-1+deb7u1.debian.tar.gz
 d39ad4b1081af3b7536f642227af80446e5a6f50 53944 
libmicrohttpd10_0.9.20-1+deb7u1_i386.deb
 3ff905db886529e2fe6c84276fb947929e3cafe5 93094 
libmicrohttpd-dbg_0.9.20-1+deb7u1_i386.deb
 f82d6ea05e9839ae3a265f797cd0455b546536d5 154108 
libmicrohttpd-dev_0.9.20-1+deb7u1_i386.deb
Checksums-Sha256: 
 d29b50599135c137b69a80006d497b421b77f17167f0ff47bcaae0426e8f1d54 2109 
libmicrohttpd_0.9.20-1+deb7u1.dsc
 932e2cc723f887142774b3ea2dc2a1a925d08d709c1df7da61abd4171c4e2032 6287 
libmicrohttpd_0.9.20-1+deb7u1.debian.tar.gz
 c455f4bcd94b296191b1d6413d7b54f2cad78a48c0370b6b033ecfaa159e1fef 53944 
libmicrohttpd10_0.9.20-1+deb7u1_i386.deb
 bb463feaa7ce7ad753215c33dfc9838925d8aa64080211208d625cd331a367aa 93094 
libmicrohttpd-dbg_0.9.20-1+deb7u1_i386.deb
 932c81efa084512994f9f1ecb9c7f6a53fc3a6edd3061c547f825d9b6f8ed913 154108 
libmicrohttpd-dev_0.9.20-1+deb7u1_i386.deb
Files: 
 f99fbcad11e1011aa3d85edcddfb32fb 2109 libs optional 
libmicrohttpd_0.9.20-1+deb7u1.dsc
 09d41fd786bf533c9cbb26e93e272556 6287 libs optional 
libmicrohttpd_0.9.20-1+deb7u1.debian.tar.gz
 841399858bed85a98170da927d31d43a 53944 libs optional 
libmicrohttpd10_0.9.20-1+deb7u1_i386.deb
 e3ba52102cc66379fd1961eaf46412bf 93094 debug extra 
libmicrohttpd-dbg_0.9.20-1+deb7u1_i386.deb
 f8a44ee51e36f75349089fc67a7adcdd 154108 libdevel optional 
libmicrohttpd-dev_0.9.20-1+deb7u1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIVAwUBUsSOmgkauFYGmqocAQgi9A//VdMJZlFbZO3cBWgv17RFWJ3kiso9LBi2
++kSL2onBk0/37h1LCseNXfUl9Z1s5IP+I6tEL/PbYJjXQOTUoswIRQfM5//l5EC
8VEGQg+yeECSeig1njOVoutETLHJ0cmro0q3jawmks5MMYh1YG8fhI6py7e58x5j
KFm4gbADfhHf69ei0hxVk3LxQM2LMkiuXvPzvtHnGZ30KTEWhAd9fzdoDSFeN8Uu
DOYXs4A04dtQZdfKrIBop7RM96auXVn6sdhumA6p/go4IbcxAyjpg8q+LK+k+9CA
AxmZuBer+Fmu0Rn0hkOq523667Bx91JCETXvHK3GJOqv+d2JoM2hjQSFqPKMAzqt
k3WMVVTzXQSL4dh+oVaq/sMehadp21YglxhktWNJmX6PFYbKF7BRfOqlPOsoc2+e
BDAq0HeR9MfJOwYW9mmQEZCjfIHX0erDmZW4Jz1A6uQK3c0DHzDJ6dDgg7mv1Grk
dRFyMpwE2JfgnZeMzybDd33IG+Lptj8fXliKGhFUc2l3rwtBctsWXvXp4793KP+r
crFj3P+lCEt2lfu4LzPnyhymInUwhTQ/YCxwndwLAv66fekv/p1Q8trEM3mJy8fc
Eb60tbCZPEe+SCRB1vYg4aUFmC73Q1kLu8BocX/mRTb9qvVIJf3TX2WY7XbPYxOb
raikhpsLXLc=
=/kzo
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to