Your message dated Tue, 27 Oct 2015 21:20:02 +0000 with message-id <e1zrbf0-0006vy...@franck.debian.org> and subject line Bug#802650: fixed in miniupnpc 1.9.20140610-2+deb8u1 has caused the Debian Bug report #802650, regarding miniupnpc: CVE-2015-6031: Buffer overflow vulnerability in XML parser functionality to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 802650: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802650 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: miniupnpc Version: 1.5-2 Severity: grave Tags: security patch upstream fixed-upstream Justification: user security hole Hi, the following vulnerability was published for miniupnpc. CVE-2015-6031[0]: Buffer overflow vulnerability in XML parser functionality If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-6031 [1] https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: miniupnpc Source-Version: 1.9.20140610-2+deb8u1 We believe that the bug you reported is fixed in the latest version of miniupnpc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 802...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated miniupnpc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 25 Oct 2015 07:49:17 +0100 Source: miniupnpc Binary: miniupnpc libminiupnpc10 libminiupnpc-dev python-miniupnpc Architecture: source Version: 1.9.20140610-2+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Thomas Goirand <z...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 802650 Description: libminiupnpc-dev - UPnP IGD client lightweight library development files libminiupnpc10 - UPnP IGD client lightweight library miniupnpc - UPnP IGD client lightweight library client python-miniupnpc - UPnP IGD client lightweight library Python bindings Changes: miniupnpc (1.9.20140610-2+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Add CVE-2015-6031.patch patch. CVE-2015-6031: Buffer overflow vulnerability in XML parser functionality. (Closes: #802650) Checksums-Sha1: 3eebe316498e3045120e1e365d777efff05ea6af 2121 miniupnpc_1.9.20140610-2+deb8u1.dsc cd7f300d71019dfb915b79d1ea701d163d778c5b 76674 miniupnpc_1.9.20140610.orig.tar.gz e11483de62f464cada2ec8b249d11143cccd0be1 6568 miniupnpc_1.9.20140610-2+deb8u1.debian.tar.xz Checksums-Sha256: 896d1185780778644f62c261e0ab78cefbbaa8ca1924de5c40c12da84e0bc3a8 2121 miniupnpc_1.9.20140610-2+deb8u1.dsc 31beffe44a5d7b7bbad3729cdd6f9f85844b9e5771aebb56550f87cbedcf5d3b 76674 miniupnpc_1.9.20140610.orig.tar.gz f11579aafe66aacfeba7e3e3df386f49dbf14a29fe2b40fb165cf6d0325c5ed6 6568 miniupnpc_1.9.20140610-2+deb8u1.debian.tar.xz Files: bd6b059e690592b52f16223614d38e37 2121 net optional miniupnpc_1.9.20140610-2+deb8u1.dsc 6a812904b1a84766d03825341fc17365 76674 net optional miniupnpc_1.9.20140610.orig.tar.gz eced304501de6207082dff9df28253de 6568 net optional miniupnpc_1.9.20140610-2+deb8u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWLH1VAAoJEAVMuPMTQ89E5hQP+wVzCDMjUUY0LN+8x/u9b4AY qGDMXHDLbGDF5w/YkUsqerHtZvzQ4lO4gHnU9Upxw1OphJiK0kkO0VkcD5aAKK2q RddUqMaE9BFFYnvT+jbE+Rwus/m/PBpJ5fOKlrtRUT5y0QZ6dAn7p/zS6YVHIbG4 XoE4LTR/KBoSde9uktXVe0AZH3RiSMAwhybzZxrKNh83TMUSWx+hBszwCi1uJVLD LL0OSVX61U3Ce8Ey1qIthIvsRbtDLWY9qtxJROyb8orS5GC8pitF/s2Urjlqpgmp W8HsvVE0QxIspilxKhGh39KGA37GduYaaTO5WcyMgfmpn35JRrv+j+WqGj3xl0B4 ++1z/otkSJGmTpR7eAZFlC6OyXwe1cSl9LNUDmo+SNhW0LTae1mVIcNyfcPgbwYp awCfUcuQoA090n0J7yQY1eU8GlmGqRMqRYGKu3Ve6Qh1lvDJSEmWNHKmigk2U+qI KEeEDk1Hsf+U1cQ8gp/EBQzEJS/zXkU8dQLEd5fKlod3Vn/gVt2yRWmvflqF5KuE AJh8/aBafPQLLD53Br8+lj99lvJg3TCTlKm8zx18W/EOcNRTMBJEjI3iVPJP/Jce ljK1Zc57+ZjqLd3YBsatbcTpO0pTJHpvxOeh/GC71RbbfeW9uWE3HS2PwuHJW/af PJ+4JHGJIcDwZdjxq+Ml =oM+O -----END PGP SIGNATURE-----
--- End Message ---
