Your message dated Thu, 29 May 2014 18:00:06 +0000 with message-id <e1wq4cy-0002n2...@franck.debian.org> and subject line Bug#748913: fixed in miniupnpc 1.9.20140401-1 has caused the Debian Bug report #748913, regarding miniupnpc: Buffer overread in miniwget to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 748913: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748913 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: miniupnpc Severity: grave Tags: security Justification: user security hole A CVE assignment is pending. The fix is here: https://github.com/miniupnp/miniupnp/commit/3a87aa2f10bd7f1408e1849bdb59c41dd63a9fe9 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: miniupnpc Source-Version: 1.9.20140401-1 We believe that the bug you reported is fixed in the latest version of miniupnpc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 748...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand <z...@debian.org> (supplier of updated miniupnpc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 28 May 2014 07:10:52 +0000 Source: miniupnpc Binary: miniupnpc libminiupnpc10 libminiupnpc-dev python-miniupnpc Architecture: source amd64 Version: 1.9.20140401-1 Distribution: experimental Urgency: medium Maintainer: Thomas Goirand <z...@debian.org> Changed-By: Thomas Goirand <z...@debian.org> Description: libminiupnpc-dev - UPnP IGD client lightweight library development files libminiupnpc10 - UPnP IGD client lightweight library miniupnpc - UPnP IGD client lightweight library client python-miniupnpc - UPnP IGD client lightweight library Python bindings Closes: 680214 698705 748913 Changes: miniupnpc (1.9.20140401-1) experimental; urgency=medium . * New upstream release (Closes: #748913, #698705) * Uploading to experimental because of the needed transition. * Enabled hardening build flags (Closes: #680214). * Removed 000-Setup.py_CFLAGS_override.patch now applied upstream. * Refreshed fix-ftbfs-on-hurd.patch. * Upstream bumped SONAME, so now packaging libminiupnpc10 instead of 8. * Switched to upstream branch tags git packaging. Note that upstream Git cannot be used directly, as it contains all projects of miniupnp in a single repository. * Removed patch applied upstream: debian/patches/fix-ftbfs-on-hurd.patch. * Bumped Standards-Version. Checksums-Sha1: 2723c42d316d349bab8d79732e792f4646c2eb54 2097 miniupnpc_1.9.20140401-1.dsc f9bda6fc5b9f01184acdeb3c77bc557218329a6a 59432 miniupnpc_1.9.20140401.orig.tar.xz 6bce71cfb68fee999c31cd71c4e1bd906b0b850c 5088 miniupnpc_1.9.20140401-1.debian.tar.xz 2e7cadce20f0e0743e7f85940843e9930f460316 19712 miniupnpc_1.9.20140401-1_amd64.deb e01377a5aa67ad96a890b9da169053b032a5a067 28138 libminiupnpc10_1.9.20140401-1_amd64.deb e2b5b8cb5af22ca05e2bd8f23ca3787c211763d5 34208 libminiupnpc-dev_1.9.20140401-1_amd64.deb 23ac11a0b9b6f975b31104e95fa637cb98602d07 30506 python-miniupnpc_1.9.20140401-1_amd64.deb Checksums-Sha256: 83c52728e0209c25de38e66052a576960688a894e8d52699fdee4025a5afd2c2 2097 miniupnpc_1.9.20140401-1.dsc 0c8c40109f2cca6fa51820ea4bc000da06ecf4754a27874c52a7e89f211ba7bf 59432 miniupnpc_1.9.20140401.orig.tar.xz d72d6c910e31e43d8fb58e33fadd028d8966c88a9cab81552ba923b7aa99e70d 5088 miniupnpc_1.9.20140401-1.debian.tar.xz b7584576c9690134899d65d0a39e723fa72b3d39ab026c0697913a59e8bd5971 19712 miniupnpc_1.9.20140401-1_amd64.deb 69225a6742541a1e0e14fcc186ffa72f8998c0c12b94e8a4ef63df46cbf66fa5 28138 libminiupnpc10_1.9.20140401-1_amd64.deb 63bc4df14a470b43246be052d2356edecf9acd90d7ac6722d30b9b132220094f 34208 libminiupnpc-dev_1.9.20140401-1_amd64.deb 3e758c20dd653c63d74aa94cd91b30afeba97b8a5b6011f606b8168038374e97 30506 python-miniupnpc_1.9.20140401-1_amd64.deb Files: 8a837fa96c8804e455522ca360a4616f 19712 net optional miniupnpc_1.9.20140401-1_amd64.deb ae9ae62dca94444e4e47c46d024ec993 28138 net optional libminiupnpc10_1.9.20140401-1_amd64.deb 3563cc1dcf6220f4944b7bbbd8f3bf00 34208 libdevel optional libminiupnpc-dev_1.9.20140401-1_amd64.deb 9aa47d38c04d8f764125505ecd951922 30506 python optional python-miniupnpc_1.9.20140401-1_amd64.deb 2b9c85fa712811ca3e766e7d4c82b922 2097 net optional miniupnpc_1.9.20140401-1.dsc b11658f7f842fd188681643646cf59f6 59432 net optional miniupnpc_1.9.20140401.orig.tar.xz 2130d6fe63d19eda067835ad65511145 5088 net optional miniupnpc_1.9.20140401-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJThg6QAAoJENQWrRWsa0P+wgUQAJxaVvQV+eD2tgCIlORmeV+d WhrmIveI40yNLKT1BICr68OmqO7MwALo+mH2kwlmv9oYyXawyTfgpekhZsiAt6dS dzwqzoxCpFeUr03s1f4atZZlIsVqrLFEu7TWE//V54xzyujC9UcSNsAjx8/3Q5s5 AZisjCP1Fi4Cf7r73MnoHOVKGLP+IKjFy+00eHHnzX3qBG7VX2ajPXUsB/WtX/3j AiiGwJ/rWq8Y5dhmxJwCwojAifeffLfTWP++Hi+Thyy6mj6bupAtf96iGAzg63xd 7QhtttC5i/SxQ1VOACChX1Pqa2fsgJyWZVyVgQHusFof14YgWdaMpu/xgB+i7Lyy QEvyPEZ8WQrLvdBaL345h4+C58NbSsKuc+Dzpcm93p2B5hq5YocppiZZ7qIfIrO7 jO+tLXlJsjC/0px2kifCeMRq/33N0ATWijoZpESDbyTYuIAw2wpKEia2vnJh0axT DKOA7F/kXR044hOYXSK2hFz63J2JNcq72DxKsI5Pg098xH241NB6SD3gA0FdUUV5 mp66cBB1hcNdcB1E3W80YOrbQbXC1C5u4CUz+r3Wch+rJksSQXKCnOVVNN1o2SFh KF4l/Kavhf7xEDOBtgNsSEKedbmfHHQU1mj1lyiuCa1Wk2cSUjxys75Lxs0cTBS7 fAgt78NjPa1LKh/T0aqH =cLn1 -----END PGP SIGNATURE-----
--- End Message ---
