Bug#796495: marked as done (yubiserver: multiple vulnerabilities, affecting old/stable?)

[Debian Bug Tracking System]

Your message dated Sun, 3 Nov 2024 21:04:43 +0100
with message-id 
<icvk2n5an5cqjxdqrvu7aa4ra6xfvkbsud4unp5wa3ha6ju...@tarta.nabijaczleweli.xyz>
and subject line Closing: Bug#796495: yubiserver: multiple vulnerabilities, 
affecting old/stable?
has caused the Debian Bug report #796495,
regarding yubiserver: multiple vulnerabilities, affecting old/stable?
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
796495: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796495
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: yubiserver
Severity: grave
Version: 0.5-2
Tags: security

Hi,

the following vulnerabilities were published for yubiserver.

CVE-2015-0843[0]:
Buffer overflows due to misuse of sprintf

CVE-2015-0842[1]:
SQL injection issues (potential auth bypass)

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-0843
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0843
[1] https://security-tracker.debian.org/tracker/CVE-2015-0842
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0842

N.b. this bug is  meant to track the fixing of the vulnerabilities in
stable (and oldstable, if it applies). Please refer to the following
page to learn how to prepare a  stable security update:

https://www.debian.org/doc/manuals/developers-reference/pkgs.html#bug-security

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

--- End Message ---

--- Begin Message ---

On Sat, Aug 22, 2015 at 10:08:52AM +0200, Raphael Geissert wrote:
> the following vulnerabilities were published for yubiserver.
> CVE-2015-0843[0]:
> CVE-2015-0842[1]:
yubiserver (0.6-1) unstable; urgency=high

  * Fix CVE vulnerabilities:
    CVE-2015-0842 yubiserver: SQL injection issues (potential auth bypass)
    CVE-2015-0843 yubiserver: Buffer overflows due to misuse of sprintf
  * Code cleanup and refactoring.

 -- Chrysostomos Nanakos <cnana...@debian.org>  Mon, 29 Jun 2015 11:42:55 +0300

> N.b. this bug is  meant to track the fixing of the vulnerabilities in
> stable (and oldstable, if it applies).
Currently
  o-o-stable: 0.6-3.1  (buster)
  oldstable: 0.6-3.1   (bullseye)
  stable: 0.6-3.1      (bookworm)
  testing: 0.6-3.2     (trixie)
  unstable: 0.6-3.2
so the CVEs are fixed in stable and oldstable.

signature.asc
Description: PGP signature

--- End Message ---