Your message dated Sat, 26 Sep 2015 12:47:16 +0000 with message-id <e1zfosm-0004l8...@franck.debian.org> and subject line Bug#799307: fixed in rpcbind 0.2.1-6+deb8u1 has caused the Debian Bug report #799307, regarding rpcbind: CVE-2015-7236: remote triggerable use-after-free in rpcbind to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 799307: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799307 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: rpcbind Version: 0.2.0-4.1 Severity: grave Tags: security upstream patch Justification: user security hole Hi, the following vulnerability was published for rpcbind. CVE-2015-7236[0]: remote triggerable use-after-free in rpcbind If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-7236 [1] http://www.spinics.net/lists/linux-nfs/msg53045.html [2] https://bugzilla.suse.com/show_bug.cgi?id=946204 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: rpcbind Source-Version: 0.2.1-6+deb8u1 We believe that the bug you reported is fixed in the latest version of rpcbind, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 799...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated rpcbind package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 18 Sep 2015 18:45:15 +0200 Source: rpcbind Binary: rpcbind Architecture: source Version: 0.2.1-6+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Anibal Monsalve Salazar <ani...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 799307 Description: rpcbind - converts RPC program numbers into universal addresses Changes: rpcbind (0.2.1-6+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Add CVE-2015-7236.patch patch. CVE-2015-7236: Memory corruption in PMAP_CALLIT code leading to denial of service. (Closes: #799307) Checksums-Sha1: 2993e65dd3de5bd172bcff1c539f1d68a31f79d7 1821 rpcbind_0.2.1-6+deb8u1.dsc d1ca8ce155d98d4f1c1dd40fa747a2144a42cb61 110681 rpcbind_0.2.1.orig.tar.bz2 ecde06a99c76bcbbed4421442f8d2c2d0c153402 9656 rpcbind_0.2.1-6+deb8u1.debian.tar.xz Checksums-Sha256: 3d723cbc9fb8347dfa05bdecd80e21265d7f3c9248ce984e65c0efe8308a6f64 1821 rpcbind_0.2.1-6+deb8u1.dsc da169ff877a5a07581fad50a9a808ac6e96f0c277a3df49a7ef005778428496e 110681 rpcbind_0.2.1.orig.tar.bz2 4fe76122be711377924fc2267d0b1e93d7d6eafb6503796a615fad77c9cac9a6 9656 rpcbind_0.2.1-6+deb8u1.debian.tar.xz Files: c36d24556ae05475170c3a4ffb819efb 1821 net standard rpcbind_0.2.1-6+deb8u1.dsc 0a5f9c2142af814c55d957aaab3bcc68 110681 net standard rpcbind_0.2.1.orig.tar.bz2 680b1e43d633ed8772c7494bc5c9619c 9656 net standard rpcbind_0.2.1-6+deb8u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJV/vL+AAoJEAVMuPMTQ89EjkoQAKFiOt0VRZy+ToeNCjQwPwbo xI3ejwUOVdKXqEH++kbIZYJVCNoxOwmgNlGwgVNyTuBzVfNfZ4eyd3dZh/Ef9C3L KkBShjyckxudBB/m5t/o1BBStCyXEI/uiEvjRw8oAqsmYIM6sxGC3noYm0fnud7n 64XrDlxC79cR4Fta3CtrCga68ZaDpd21tXtE0FOR9UlEeSinm/7N68KECk6/lc8q NIW14ImZv513pPOaLYPPaE77CWEpecDXlDLICoNrpqTLMl1UOGBIxW5av8G3MGGC NmL1VezgKOky8tGvnEpx50a6IYbGZSHyiHzvRRYhizHMe+DiK1T7ZPzJllG62CPj feI576IKThJtXyVNUbUAjYPLfJ1pS6bWZ5LGmyc3/caf+Vof04zihYtpqbBpYHrB zgRr+3agZMMVp3qBdOZVXBnfRNZuIQo4+se5WkY+XFIYRKB6yHYYF8mO6N1oAta4 wIMqEhsgodP+eivqmmIdmbOjkDf9M+R/djCXcxMgg6jSicjHjRQ6aqbxmIoVxJPL sO6PxpdD4+UAPrAyhbi1OmqaORzS0p1ioSVWdc4E0NBVGAOhd5b/tJw4nwRxbO81 0boUMedNDjNjza6OaUlVXd2GoXvzNDFTVq5jGR5w7sY5cJpevedy5XH5LIYT9KTU LV3igy1C14NqP8B0NjzQ =WBlV -----END PGP SIGNATURE-----
--- End Message ---
