Your message dated Fri, 27 Oct 2006 23:17:11 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#395225: fixed in screen 4.0.3-0.1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: screen
Severity: grave
Tags: security
From http://secunia.com/advisories/22583/:
"Some vulnerabilities have been reported in GNU Screen, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a vulnerable system.
The vulnerabilities are caused due to errors within the handling of
certain UTF-8 characters. This can be exploited to crash GNU Screen
or potentially execute arbitrary code by printing a specially crafted
string to the window."
This is fixed in 4.0.3
Please mention the CVE id in the changelog.
--- End Message ---
--- Begin Message ---
Source: screen
Source-Version: 4.0.3-0.1
We believe that the bug you reported is fixed in the latest version of
screen, which is due to be installed in the Debian FTP archive:
screen_4.0.3-0.1.diff.gz
to pool/main/s/screen/screen_4.0.3-0.1.diff.gz
screen_4.0.3-0.1.dsc
to pool/main/s/screen/screen_4.0.3-0.1.dsc
screen_4.0.3-0.1_i386.deb
to pool/main/s/screen/screen_4.0.3-0.1_i386.deb
screen_4.0.3.orig.tar.gz
to pool/main/s/screen/screen_4.0.3.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Perrier <[EMAIL PROTECTED]> (supplier of updated screen package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 28 Oct 2006 07:35:57 +0200
Source: screen
Binary: screen
Architecture: source i386
Version: 4.0.3-0.1
Distribution: unstable
Urgency: high
Maintainer: Adam Lazur <[EMAIL PROTECTED]>
Changed-By: Christian Perrier <[EMAIL PROTECTED]>
Description:
screen - a terminal multiplexor with VT100/ANSI terminal emulation
Closes: 303818 331583 345059 358160 395225
Changes:
screen (4.0.3-0.1) unstable; urgency=high
.
* Non-maintainer upload to fix a security issue
* New upstream version fixing utf8 combining characters handling. The
bugs could be used to crash/hang screen by writing a special string
to a window (CVE-2006-4573). Closes: #395225
* Debconf translation updates:
- Finnish added. Closes: #303818
- Swedish added. Closes: #331583
- Portuguese added. Closes: #345059
- Italian updated. Closes: #358160
Files:
87a09e37b86313dc87c1b568932a090a 624 misc optional screen_4.0.3-0.1.dsc
8506fd205028a96c741e4037de6e3c42 840602 misc optional screen_4.0.3.orig.tar.gz
7cf078e23c8374d562998b5674a42ab6 34349 misc optional screen_4.0.3-0.1.diff.gz
0563abba97b99115f8f3a61767b16229 585370 misc optional screen_4.0.3-0.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFQvCQ1OXtrMAUPS0RAm8FAJ9bVicwZi9cxJKDNqlBN6MVdY+pYQCghgd7
LqMpGIBDD0CSkKcWLH8Ua28=
=6o6f
-----END PGP SIGNATURE-----
--- End Message ---
