Your message dated Tue, 27 Oct 2015 17:33:59 +0000 with message-id <e1zr88f-0001os...@franck.debian.org> and subject line Bug#802650: fixed in miniupnpc 1.9.20140610-2.1 has caused the Debian Bug report #802650, regarding miniupnpc: CVE-2015-6031: Buffer overflow vulnerability in XML parser functionality to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 802650: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802650 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: miniupnpc Version: 1.5-2 Severity: grave Tags: security patch upstream fixed-upstream Justification: user security hole Hi, the following vulnerability was published for miniupnpc. CVE-2015-6031[0]: Buffer overflow vulnerability in XML parser functionality If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-6031 [1] https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: miniupnpc Source-Version: 1.9.20140610-2.1 We believe that the bug you reported is fixed in the latest version of miniupnpc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 802...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated miniupnpc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 25 Oct 2015 13:41:21 +0100 Source: miniupnpc Binary: miniupnpc libminiupnpc10 libminiupnpc-dev python-miniupnpc Architecture: source Version: 1.9.20140610-2.1 Distribution: unstable Urgency: high Maintainer: Thomas Goirand <z...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 802650 Description: libminiupnpc-dev - UPnP IGD client lightweight library development files libminiupnpc10 - UPnP IGD client lightweight library miniupnpc - UPnP IGD client lightweight library client python-miniupnpc - UPnP IGD client lightweight library Python bindings Changes: miniupnpc (1.9.20140610-2.1) unstable; urgency=high . * Non-maintainer upload. * Add CVE-2015-6031.patch patch. CVE-2015-6031: Buffer overflow vulnerability in XML parser functionality. (Closes: #802650) Checksums-Sha1: a7bc5553eb59635f2a2423cc289025f7dd17c267 2101 miniupnpc_1.9.20140610-2.1.dsc 5751dce0e0e57bba6ce6610ad68c0efad5c9796e 6536 miniupnpc_1.9.20140610-2.1.debian.tar.xz Checksums-Sha256: c7a3b1bda0d6952d1701cc1887a8bf1e2812528b7116d54bbcce9ed32021b40e 2101 miniupnpc_1.9.20140610-2.1.dsc 8cfb387b2211b60a972a397047f8d5906de340efd74bfd5841fe072d2d4752b6 6536 miniupnpc_1.9.20140610-2.1.debian.tar.xz Files: 80d534e474897c3b600b14d9ad4aaec2 2101 net optional miniupnpc_1.9.20140610-2.1.dsc 4282ef8e85f73252d4ea6f5d0b874baf 6536 net optional miniupnpc_1.9.20140610-2.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWLlX6AAoJEAVMuPMTQ89EzjgP/RUcfO/rrNRL1YM7yFIfO/yE QMhjQbDRg2tTvsE01wuMzFKAaUstJVkg8Rn0JpZzqV0NfjA0VVRDSTGKbRhqcVS7 0ettIzXomAMtiyA9A3zgtenN/HFbVLpszCB531b87GwKVjJIFETkLm7W2OMOctq0 Pbet+h1RD31F56TYTUkzUasA0/jfaEZ9v/sj3bpysLbrTAxmmHm6j2rd3lTXvyzk TMdPpG4kh6vRrg1e24Dv56RuoN8jULJCw4Tp0EPwnqAygCOkNqLTwkZ6FElheDrB h/MnizrSNiY5UK9OBVCMtzFb1U6dZ/dqstRE5iW/FLXQT1cr4eKV6CTYxCvp3RJl B6aPyHSutGUwk8Ii+hOyCq6cRYqnp/jbcrAHI8LOXI0w3CPT2tUJIWZypDxMsdjQ jNVUW8oeojpLlUOi9Y1QHV9tFiNHNHyWF+QwRsbk3TDYLUb6VVzZEOTjSTha1aYy QID7w3qOhIQre+n4chWgwQ71i58XQ2tnC7segUWPXvDnPGWxlTv2EPqyHRV8TY19 0q1jfRlHqPzuEIl/KtZVCVuUxTXVqXKcwsgG1R6BdIOaIyX6VDlkkixrOPt4IkPn PPn2t7tKW4y3rVv6rZJ2uj6j8mWtNpIWVjI3qycPGmavxeLdtURt52Pp7s6WmSb6 XD1mBso8dUn9JlTWw5rI =un+6 -----END PGP SIGNATURE-----
--- End Message ---
