Your message dated Wed, 07 Jan 2015 12:49:01 +0000 with message-id <e1y8q2n-000834...@franck.debian.org> and subject line Bug#774645: fixed in libevent 2.0.21-stable-2 has caused the Debian Bug report #774645, regarding libevent: CVE-2014-6272: potential heap overflow in buffer/bufferevent APIs to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 774645: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774645 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libevent Version: 1.4.13-stable-1 Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for libevent. CVE-2014-6272[0]: potential heap overflow in buffer/bufferevent APIs If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. Upstream patches are found in [1], [2] and [3]. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2014-6272 [1] http://archives.seul.org/libevent/users/Jan-2015/msg00011.html https://github.com/libevent/libevent/commit/841ecbd96105c84ac2e7c9594aeadbcc6fb38bc4 (2.1) [2] http://archives.seul.org/libevent/users/Jan-2015/msg00012.html https://github.com/libevent/libevent/commit/20d6d4458bee5d88bda1511c225c25b2d3198d6c (2.0) [3] http://archives.seul.org/libevent/users/Jan-2015/msg00013.html https://github.com/libevent/libevent/commit/7b21c4eabf1f3946d3f63cce1319c490caab8ecf (1.4) (FYI, I have already prepared an update for wheezy-security with the upstream patch). Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libevent Source-Version: 2.0.21-stable-2 We believe that the bug you reported is fixed in the latest version of libevent, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 774...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Anibal Monsalve Salazar <ani...@debian.org> (supplier of updated libevent package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 07 Jan 2015 11:33:15 +0000 Source: libevent Binary: libevent-dev libevent-dbg libevent-2.0-5 libevent-core-2.0-5 libevent-extra-2.0-5 libevent-pthreads-2.0-5 libevent-openssl-2.0-5 Architecture: source mips Version: 2.0.21-stable-2 Distribution: unstable Urgency: high Maintainer: Anibal Monsalve Salazar <ani...@debian.org> Changed-By: Anibal Monsalve Salazar <ani...@debian.org> Description: libevent-2.0-5 - Asynchronous event notification library libevent-core-2.0-5 - Asynchronous event notification library (core) libevent-dbg - Asynchronous event notification library (debug symbols) libevent-dev - Asynchronous event notification library (development files) libevent-extra-2.0-5 - Asynchronous event notification library (extra) libevent-openssl-2.0-5 - Asynchronous event notification library (openssl) libevent-pthreads-2.0-5 - Asynchronous event notification library (pthreads) Closes: 774645 Changes: libevent (2.0.21-stable-2) unstable; urgency=high . * Fix CVE-2014-6272: potential heap overflow in buffer/bufferevent APIs. Add upstream patch: 20d6d445.patch. Closes: #774645. * Don't use deprecated compression for data tarball. Use default compression for data tarball. Checksums-Sha1: ba082d63ca3f67dad9c3771dbd99939680a4fe36 2392 libevent_2.0.21-stable-2.dsc 4be8e5b3968240d240e592e577f59da7d59afca4 10736 libevent_2.0.21-stable-2.debian.tar.xz 239739e65a98b1b2c5e7320c1c3aefec0cb38804 245974 libevent-dev_2.0.21-stable-2_mips.deb b6b7ea79083cc97bdeae5ab225cb30f3c568ff58 665584 libevent-dbg_2.0.21-stable-2_mips.deb b1aa39fd1c061ec7694cf19182dceac872c5e2de 131632 libevent-2.0-5_2.0.21-stable-2_mips.deb 06bd09d71ba48ca84bef33ca9d6b549846c03ae9 96394 libevent-core-2.0-5_2.0.21-stable-2_mips.deb b3536ffc731b40cd70d2ec826663866c3a5e45c6 82146 libevent-extra-2.0-5_2.0.21-stable-2_mips.deb f11c718ffe07f1d29c71276836373417206c9441 43682 libevent-pthreads-2.0-5_2.0.21-stable-2_mips.deb e6fd71a77ba5648e7f077453231b4e581846d9dc 48718 libevent-openssl-2.0-5_2.0.21-stable-2_mips.deb Checksums-Sha256: 1d4bdc39ab31730ebc8c09d29cfd4247238d81294204722a9b038513a17d6992 2392 libevent_2.0.21-stable-2.dsc 34ae24e760a426fd1cf38d372b2b1c5887987bc5705507ef13158fbe61a7492e 10736 libevent_2.0.21-stable-2.debian.tar.xz 17b61066a88218bd4d6cf3825d7bcf1514c401962de5611abe4bf02f23ab008b 245974 libevent-dev_2.0.21-stable-2_mips.deb 8ee5c822d15ee1f7f2232c6dc5d1809d4bd2d394ce6944ab32a3385b93240517 665584 libevent-dbg_2.0.21-stable-2_mips.deb a3accce27e3a387ed690e8aa8d827c5cbb2f17e0366fe034a2a79679e6d6b1c1 131632 libevent-2.0-5_2.0.21-stable-2_mips.deb cf2e62cdc443e4c499d914f71c81851a12a5f84452f97465aea81aa331554ecf 96394 libevent-core-2.0-5_2.0.21-stable-2_mips.deb ef7d8e15b43c55998d8eac66db6f157d79381f2ff5745793da64bc5271c192a5 82146 libevent-extra-2.0-5_2.0.21-stable-2_mips.deb 1f9db16ae005daea52cb8229506948f195d67ea0e905080030d66d91376f5e88 43682 libevent-pthreads-2.0-5_2.0.21-stable-2_mips.deb 35aeb57a1d796c772b158435e22b649eba0b08b71f23b72d3460055d01420feb 48718 libevent-openssl-2.0-5_2.0.21-stable-2_mips.deb Files: 00e4cdf7df12eaede205e3ffb2ffdaf6 2392 libs optional libevent_2.0.21-stable-2.dsc fe653a9e5fb45d9d8cb9a5a4b3653262 10736 libs optional libevent_2.0.21-stable-2.debian.tar.xz fd981d2cb9d66a45815ea55fbb40f2bf 245974 libdevel optional libevent-dev_2.0.21-stable-2_mips.deb 0f02e8b31d658d35135f2e437d6d02fc 665584 debug extra libevent-dbg_2.0.21-stable-2_mips.deb 6743c3fea5e59d5f23cc4e86d2573cb2 131632 libs standard libevent-2.0-5_2.0.21-stable-2_mips.deb fad4ae8bf9b9e52442b0739d19a99b3a 96394 libs optional libevent-core-2.0-5_2.0.21-stable-2_mips.deb 35ee470174a509792babe661158039e7 82146 libs optional libevent-extra-2.0-5_2.0.21-stable-2_mips.deb 4f55711a92ef511521a24a40234dcfdd 43682 libs optional libevent-pthreads-2.0-5_2.0.21-stable-2_mips.deb a64fba89ed036301f71b9827059b0d53 48718 libs optional libevent-openssl-2.0-5_2.0.21-stable-2_mips.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJUrScLAAoJEHxWrP6UeJfYZvEP/1Tl5zKS8gQ/YTcumb2xw94j +1hamIKoUY6sVYWJahVeebekC4zDbXYGl1Fv5z09DgXbSkokylLmTEHic/WuTvAE zGCntIDeJUPqHZ1g6L/pOaPbnCb1oD9mDMGdL4ff/cDOw9RcUeJ3t3kKCXLoldFE e19Iyu9gjoWLO2waf+6rvPhN3Cn0Pv7hAsjpjXwOzFf3nkcod7EBFfwTWCIW+sQD OOqVaEAy4DueD0U96SPOLcSnl1wWISQaU3h1PnKcexngIYFO6rHCjmJgjO1rOU9q dpI0iB5zo6A7xTIIKQGxnpjF8xclcAnqTSfExSq7L2fEbPTrCAXaIax/ss+Zbbfm A9ZUVgK1Krtp7dXdsOjY3bOwk+sE7iowbOFJoSWMChzys66GAxArS01NkwQYITX3 BN2USc9GuMcxPaTcGUg/Den1LaqA+9y0EuOge8b2ZnUZ6k9sknx4gUPG22Mrth+x z6tM08QQR7kjKSVhn0QknDebpeJh+BCcLv19UzKzwUkbE1MZXAZ3c/qVQ7i/XkXO uGOaOBnHJTHgi6g24W1l4Ev2gSdUIvjWmLxo+YPBkN9V+dHjh7qnoEbyUTnlX3Kj kLe4zaTQZ7ipTQIEo1lPwpbMHvR/Ik7rbckINwn7X3ldhIOZe6692LvfJoNjMbkt hP33UDDcGiqcsHGFxIMY =Lcf5 -----END PGP SIGNATURE-----
--- End Message ---
