Your message dated Sat, 26 Sep 2015 12:48:21 +0000 with message-id <e1zfotp-0004vk...@franck.debian.org> and subject line Bug#799307: fixed in rpcbind 0.2.0-8+deb7u1 has caused the Debian Bug report #799307, regarding rpcbind: CVE-2015-7236: remote triggerable use-after-free in rpcbind to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 799307: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799307 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: rpcbind Version: 0.2.0-4.1 Severity: grave Tags: security upstream patch Justification: user security hole Hi, the following vulnerability was published for rpcbind. CVE-2015-7236[0]: remote triggerable use-after-free in rpcbind If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-7236 [1] http://www.spinics.net/lists/linux-nfs/msg53045.html [2] https://bugzilla.suse.com/show_bug.cgi?id=946204 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: rpcbind Source-Version: 0.2.0-8+deb7u1 We believe that the bug you reported is fixed in the latest version of rpcbind, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 799...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated rpcbind package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 18 Sep 2015 18:46:48 +0200 Source: rpcbind Binary: rpcbind Architecture: source amd64 Version: 0.2.0-8+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Anibal Monsalve Salazar <ani...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: rpcbind - converts RPC program numbers into universal addresses Closes: 799307 Changes: rpcbind (0.2.0-8+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * Add CVE-2015-7236.patch patch. CVE-2015-7236: Memory corruption in PMAP_CALLIT code leading to denial of service. (Closes: #799307) Checksums-Sha1: 5e51a52a1224d7945c2901bf40c888571b804bf1 1831 rpcbind_0.2.0-8+deb7u1.dsc 02f077372a76a8f9adfa696004aa437212c28617 271018 rpcbind_0.2.0.orig.tar.bz2 31e489aa3f26ab77ce569abd498670e26a08a395 8551 rpcbind_0.2.0-8+deb7u1.debian.tar.bz2 9f0120ac0ee8fac9bd37e8ab025390c22a86db7b 46870 rpcbind_0.2.0-8+deb7u1_amd64.deb Checksums-Sha256: e3d3c4222b361241df0a12100cc72df620b59a3e915cb606c616dce59b1d6cce 1831 rpcbind_0.2.0-8+deb7u1.dsc c92f263e0353887f16379d7708ef1fb4c7eedcf20448bc1e4838f59497a00de3 271018 rpcbind_0.2.0.orig.tar.bz2 305d6fc9ec4955620c3bbf0eed618b5c6c17cbda1ca274185cb44e6d210d77ce 8551 rpcbind_0.2.0-8+deb7u1.debian.tar.bz2 ab32d000f164de7df61e250d1d7298f8d6adb5404a3195afef0d6e7a07a76d63 46870 rpcbind_0.2.0-8+deb7u1_amd64.deb Files: fd252f29e5c233844732f57363e61095 1831 net standard rpcbind_0.2.0-8+deb7u1.dsc 1a77ddb1aaea8099ab19c351eeb26316 271018 net standard rpcbind_0.2.0.orig.tar.bz2 6ead3392b61c27a9c33118aea36eec02 8551 net standard rpcbind_0.2.0-8+deb7u1.debian.tar.bz2 ef9011ef03cea5cf1212885ea9018d37 46870 net standard rpcbind_0.2.0-8+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJV/vNnAAoJEAVMuPMTQ89EbC0P/332enHL77jkheDoUukp+38/ XjtjsEVmm8zAoWWrbFM062LElZdhhjpiH0kb6YOsymfuYy9izmZWigRO2ThN/Obl /Qragy6L3scQG+s+IZ4VEE9OO8SM/hUbPvn6EXaSL1/buape1RO2BrHbTXYEZUh8 6ocFcF1QVrRb9R5gPyKa6geIdiGHHKgD+CXutD1qwpGkOLB+n01ztUOroMVE5h/9 EMW+60yVKmq3lAtgM0IFXYfXnZyOf+IAXlUIRijgfQPX6sghssinWCVIqC7xVrrF DGwNr9aycNZzlVNmRVx39n3tRSpjMu6xcHPSP6DvSqCXVi1wJAhiACKkNQhMQXF/ K9wGS2r58f40/xxVYKpDSwJ0idhzjWyOOg1HaP8fHtxxfq/OdByDCGjI9bJO49Ry Pq+vbQpXU6G7BKcVLgJfCqqmlSsrKjFmUPNGhZgvqEeReF22Gu8/t52PY03rfv1c QIqNihTw5Z4u1B+BPr4M85tapjZtEcNYJVQxfVIGp8WYi4J+IbzHlzgGyL+DpcGt kUogCmWb8an0C6gjRGpSzKK+kInlP2Ko8ZY2nDVwPfsdropCcc05CI4R1+t7JV+M FPZ5xX+3G/EqPhK9mvneoNn6UA0Fsd8Kdaiv0w11c/RQXk8pKLpPsqPgYUkisKPf e02xv/s7ReuJWt9KZ57b =NOfe -----END PGP SIGNATURE-----
--- End Message ---
