Your message dated Thu, 02 Apr 2015 11:33:44 +0000 with message-id <e1yddny-0004xv...@franck.debian.org> and subject line Bug#781346: fixed in slapi-nis 0.54.2-1 has caused the Debian Bug report #781346, regarding slapi-nis: CVE-2015-0283: infinite loop in getgrnam_r() and getgrgid_r() to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 781346: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781346 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: slapi-nis Version: 0.54-1 Severity: grave Tags: security upstream fixed-upstream Hi Timo, the following vulnerability was published for slapi-nis. I was not able to verify the issue itself but only checked patch-wise. CVE-2015-0283[0]: infinite loop in getgrnam_r() and getgrgid_r() If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-0283 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1195729 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: slapi-nis Source-Version: 0.54.2-1 We believe that the bug you reported is fixed in the latest version of slapi-nis, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 781...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Timo Aaltonen <tjaal...@debian.org> (supplier of updated slapi-nis package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 02 Apr 2015 09:24:07 +0300 Source: slapi-nis Binary: slapi-nis Architecture: source amd64 Version: 0.54.2-1 Distribution: unstable Urgency: medium Maintainer: Debian FreeIPA Team <pkg-freeipa-de...@lists.alioth.debian.org> Changed-By: Timo Aaltonen <tjaal...@debian.org> Description: slapi-nis - NIS Server and Schema Compatibility plugins for 389 Directory Ser Closes: 781346 Changes: slapi-nis (0.54.2-1) unstable; urgency=medium . * New upstream bugfix release - CVE-2015-0283: infinite loop in getgrnam_r() and getgrgid_r() (Closes: #781346) Checksums-Sha1: db2dd9340df412bb7d0eeb0c518dcb1aca25021c 2045 slapi-nis_0.54.2-1.dsc 8abaea152e80082afad7f722f9e07832edba2793 596236 slapi-nis_0.54.2.orig.tar.gz 895053a2498ecc0d56bd162530459621060fec50 3216 slapi-nis_0.54.2-1.debian.tar.xz 46428471cace104a6fdcfb2f3bdf67fa62f1bd01 91084 slapi-nis_0.54.2-1_amd64.deb Checksums-Sha256: 2f173bcf30b7d3c8264ca8a85ae97c44b1e8320b130ab8029e9c9f80daec1d38 2045 slapi-nis_0.54.2-1.dsc 6894bf0eef5d9d27b584fc64d74bcf0849cc6f7cdbc7c288558235fda7d4a83b 596236 slapi-nis_0.54.2.orig.tar.gz 025a4e237e20936cb59d29877c3c47ef8ff03590e1b930a16ce6a06df7223cc5 3216 slapi-nis_0.54.2-1.debian.tar.xz 949cbc6553fc48d58e299cfecb76f1f35c4fd2f5de920f5d5a883f82e1649b8b 91084 slapi-nis_0.54.2-1_amd64.deb Files: feb55786ec4f9d1d222f0dd03299de3f 2045 net optional slapi-nis_0.54.2-1.dsc 6b396b7a95c19eafb0dbaae5016a1603 596236 net optional slapi-nis_0.54.2.orig.tar.gz a239d02b931409f3668e5c36765cf82c 3216 net optional slapi-nis_0.54.2-1.debian.tar.xz de6e5c792d4342d91c9d9a61caeda315 91084 net optional slapi-nis_0.54.2-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVHScVAAoJEMtwMWWoiYTczKgQAINWcIV80HGuA5WYSyaN8hUt J6aBUi2B5j2aeVo1J63ErhBEjFq0MPru8AgI+mVN+RVMYGFD7wiJuCmnyao6Lvgv QlRyTtZE+N26xj3KXmMw+LyF8qoD7qjXKkd84w1EDfxz/7KP1iIizaOdCfpcISPo P1h/uzyr981HA90w9fHNlMw3ZypW8dReV9Zhue0ge0nNmcarv4IVn+12XO8JNPvU nMkjj/ZMksVqSNHhZmC5IWr46zEuW1h3RGP3TAUyQBBRvhgGE35QQXB5WhBa0lpP cuku6xABz9GJjcEst6wgvsytjWmOuaIoZIfPo0i5X3yfCV5U4x+j2QbKGORJ5lj0 H4J58dgsXp6vAXMVtItWU/6NjLXkwY9wNkp2nzlJk6zh+CsMf8B4y5UZyA61t1Gx 02NXmKrlzIrrNaUME7DNdMozb7XJKQnGfcE4fxF2hQbkQgCL2YKQf4rVGJf8xM8D 5Vg756ofX35cfdWF8la4vkWL+668SREWn2L123Tseipbar75sI6CTJ+ZaPoLZdFo H/rXGUEmu0bsDjN3WZTiGK5debDcgLZbPLzCHkKVyJYvFZLtHJBkMjVajG4aV9OF 0IJAB45lw2wWyRZjn9L7N3p27FSl/KjFSmAiOC2c5flsbEJglOwgGL6DOF3vOdLe Gwu0tfg5aCFHSRQXU4sA =9h9i -----END PGP SIGNATURE-----
--- End Message ---
