Your message dated Mon, 26 Jan 2015 10:33:25 +0000 with message-id <e1yfgyz-0004st...@franck.debian.org> and subject line Bug#774645: fixed in libevent 1.4.13-stable-1+deb6u1 has caused the Debian Bug report #774645, regarding libevent: CVE-2014-6272: potential heap overflow in buffer/bufferevent APIs to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 774645: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774645 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libevent Version: 1.4.13-stable-1 Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for libevent. CVE-2014-6272[0]: potential heap overflow in buffer/bufferevent APIs If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. Upstream patches are found in [1], [2] and [3]. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2014-6272 [1] http://archives.seul.org/libevent/users/Jan-2015/msg00011.html https://github.com/libevent/libevent/commit/841ecbd96105c84ac2e7c9594aeadbcc6fb38bc4 (2.1) [2] http://archives.seul.org/libevent/users/Jan-2015/msg00012.html https://github.com/libevent/libevent/commit/20d6d4458bee5d88bda1511c225c25b2d3198d6c (2.0) [3] http://archives.seul.org/libevent/users/Jan-2015/msg00013.html https://github.com/libevent/libevent/commit/7b21c4eabf1f3946d3f63cce1319c490caab8ecf (1.4) (FYI, I have already prepared an update for wheezy-security with the upstream patch). Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libevent Source-Version: 1.4.13-stable-1+deb6u1 We believe that the bug you reported is fixed in the latest version of libevent, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 774...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nguyen Cong <cong.nguyen...@toshiba-tsdv.com> (supplier of updated libevent package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 13 Jan 2015 16:00:14 +0700 Source: libevent Binary: libevent-dev libevent-1.4-2 libevent-core-1.4-2 libevent-extra-1.4-2 Architecture: source amd64 Version: 1.4.13-stable-1+deb6u1 Distribution: squeeze-lts Urgency: low Maintainer: Anibal Monsalve Salazar <ani...@debian.org> Changed-By: Nguyen Cong <cong.nguyen...@toshiba-tsdv.com> Description: libevent-1.4-2 - An asynchronous event notification library libevent-core-1.4-2 - An asynchronous event notification library (core) libevent-dev - Development libraries, header files and docs for libevent libevent-extra-1.4-2 - An asynchronous event notification library (extra) Closes: 774645 Changes: libevent (1.4.13-stable-1+deb6u1) squeeze-lts; urgency=low . * Non-maintainer upload by the Debian LTS team. * Fix potential heap overflow in buffer/bufferevent APIs reported in CVE-2014-6272 by applying the upstream-provided patch: https://github.com/libevent/libevent/commit/7b21c4eabf1f3946d3f63cce1319c490caab8ecf Closes: #774645 Checksums-Sha1: 3c0ec7668d42cf59c3023fa644603f39ad57afdc 1496 libevent_1.4.13-stable-1+deb6u1.dsc 2b69c4d652855e0ef4430ce30478bb7f97e687b0 10188 libevent_1.4.13-stable-1+deb6u1.diff.gz 2953cc465ac5a9913549f06830a03a706e7b6179 174142 libevent-dev_1.4.13-stable-1+deb6u1_amd64.deb 970b6780fbed71f62ac305cb0f09b7e1407c305f 62476 libevent-1.4-2_1.4.13-stable-1+deb6u1_amd64.deb 12a8f9f4bc3c2ff13d55828f77299992dba22aab 31462 libevent-core-1.4-2_1.4.13-stable-1+deb6u1_amd64.deb ef8c63ac5b2ebc6f46c3f919e240f14d929c420e 52040 libevent-extra-1.4-2_1.4.13-stable-1+deb6u1_amd64.deb Checksums-Sha256: a3a28b358fc2a39ae0397bdbbd780c7145f6ecaf9204afd513fb6d2c841ee7ea 1496 libevent_1.4.13-stable-1+deb6u1.dsc da324f71ee900c83d648ea22bc412d8bc684ba1f3a9f1e87654db69d9284e19d 10188 libevent_1.4.13-stable-1+deb6u1.diff.gz 17b6840bf0879f6e5f50f94fbeec7200f7f508494136223599c5735fd74ce9d3 174142 libevent-dev_1.4.13-stable-1+deb6u1_amd64.deb 3041cc610ef7f1f99d4a5d9dba8dde69da6d6a61723b76bfe779a3d6606f0b17 62476 libevent-1.4-2_1.4.13-stable-1+deb6u1_amd64.deb 3934728980aa9c35550ddfe836399b75176eb1609c3015cfb075f9b49f393bca 31462 libevent-core-1.4-2_1.4.13-stable-1+deb6u1_amd64.deb 4b61ea7bdcc2640274af528d97611e7486f241f117feee919d4982a1552547aa 52040 libevent-extra-1.4-2_1.4.13-stable-1+deb6u1_amd64.deb Files: bbcc4dfc15adeee84fea74f1b2768c84 1496 libs optional libevent_1.4.13-stable-1+deb6u1.dsc 381e0943ef7e1eba23512189cd7440f4 10188 libs optional libevent_1.4.13-stable-1+deb6u1.diff.gz c4595376a23b70b6e8df6d376dd41b91 174142 libdevel optional libevent-dev_1.4.13-stable-1+deb6u1_amd64.deb f7f424c2c5504b52aab8579c119a7cfc 62476 libs standard libevent-1.4-2_1.4.13-stable-1+deb6u1_amd64.deb b90d38829ad78dc29dc6bc37912fa4c3 31462 libs optional libevent-core-1.4-2_1.4.13-stable-1+deb6u1_amd64.deb ccc86362730c47a89f47072bf2368f39 52040 libs optional libevent-extra-1.4-2_1.4.13-stable-1+deb6u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Signed by Raphael Hertzog iQEcBAEBCAAGBQJUxhcvAAoJEAOIHavrwpq5E50H/R3t4UoRteVCG5Wvy9W2NKT6 24CJc0bSJjruE4P/hTE2qN2Ki6f+KHTxkargYMjDdFkpq8QqDUTLBuSQ1DFH2T3o 7FSLeht/SDXsDgEAflNxWUJb//0NuAvOlZgB3612GNhGoZMhEZzjSZ2J2xp9FnI0 nbsJk0pYdwLiqT7LdLBQOObK7oxcofKjnb0ZBYz4ZvW07mKc/wdBLXOSTBVSK2QW lGWGAgnh5TbRdFtB7zNj7ZenT40PBTIitmZzjQc+NEOrrFiX5r4O4WTW+sX/TplD QwcN/iNClQNhwkJLZk/5UAVlDvJRiyvP+HwtKDAQkaVpVWPjXM2G6K1whzgMHQE= =fEel -----END PGP SIGNATURE-----
--- End Message ---
