Your message dated Thu, 20 Apr 2006 14:32:36 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#360571: fixed in tcpick 0.2.1-3
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: tcpick
Version: 0.2.1-2
Severity: grave
Tags: security
Hi,
Andrea Barisan recently found a remote crash in tcpick. I'm not sure
whether it can be exploited to execute arbitrary code, I didn't
investigate it closely. Details are here:
http://sourceforge.net/mailarchive/forum.php?thread_id=9989610&forum_id=37151
This has been assigned CVE-2006-0048. Please mention this number in
the changelog to ease tracking.
Thank you,
Martin
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
In a world without walls and fences, who needs Windows and Gates?
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: tcpick
Source-Version: 0.2.1-3
We believe that the bug you reported is fixed in the latest version of
tcpick, which is due to be installed in the Debian FTP archive:
tcpick_0.2.1-3.diff.gz
to pool/main/t/tcpick/tcpick_0.2.1-3.diff.gz
tcpick_0.2.1-3.dsc
to pool/main/t/tcpick/tcpick_0.2.1-3.dsc
tcpick_0.2.1-3_i386.deb
to pool/main/t/tcpick/tcpick_0.2.1-3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Cédric Delfosse <[EMAIL PROTECTED]> (supplier of updated tcpick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 14 Apr 2006 20:59:07 +0200
Source: tcpick
Binary: tcpick
Architecture: source i386
Version: 0.2.1-3
Distribution: unstable
Urgency: high
Maintainer: Cédric Delfosse <[EMAIL PROTECTED]>
Changed-By: Cédric Delfosse <[EMAIL PROTECTED]>
Description:
tcpick - TCP stream sniffer and connection tracker
Closes: 360571
Changes:
tcpick (0.2.1-3) unstable; urgency=high
.
* src/write.c: temporary patch to fix CVE-2006-0048 (Closes: Bug#360571)
As upstream is not responsive, I have written this one-line patch.
With the option -yP, tcpick shows data contained in the captured packets.
For some packets, tcpick computes a negative buffer length, which is used
in a while (buffer length) {} loop to display the packet content. When the
buffer length is negative, the loop never ends, and tcpick segfaults after
a while.
This patch tests if the computed buffer length is negative before using
it, and set it to 0 in this case.
Files:
0f68563f61fbc42b344a9bb2a4455c33 593 net optional tcpick_0.2.1-3.dsc
5008447b0492f666df27669f89d9b382 4895 net optional tcpick_0.2.1-3.diff.gz
6f1421ca851027121ec974e44b792219 36056 net optional tcpick_0.2.1-3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFER/pubmmXPPfovGMRArtmAJ4qSflcuXb+ba3UKyKulq0vyKWqogCdEVIm
CNUwskcJxpf/JRaIg4o1bAs=
=FTbK
-----END PGP SIGNATURE-----
--- End Message ---
