Bug#401765: marked as done (gnupg: [CVE-2006-6169] buffer overflow in ask_outfile_name() also present in Sarge)

Mon, 11 Dec 2006 02:58:15 -0800 

Your message dated Mon, 11 Dec 2006 11:42:05 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Resolved with DSA 1231-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: gnupg
Version: 1.4.1-1.sarge5
Severity: grave
Justification: Introduces security hole
Tags: security, sarge

Hi,

in Sid, CVE-2006-6169 has been fixed with 1.4.5-3, but 1.4.1-1.sarge5
from Sarge is still missing the fix and therefore vulnerable.

Details:

http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html
https://bugs.g10code.com/gnupg/issue728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6169
http://packages.qa.debian.org/g/gnupg/news/20061127T220204Z.html

(Thanks to aba for pointing me to the right patch in the Sid
 version. :-)

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.33.2-1-dphys-k8-smp-64gb
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages gnupg depends on:
ii  devfsd               1.3.25-19           Daemon for the device file system
ii  libbz2-1.0           1.0.2-7             high-quality block-sorting file co
ii  libc6                2.3.2.ds1-22sarge4  GNU C Library: Shared libraries an
ii  libldap2             2.1.30-8            OpenLDAP libraries
ii  libreadline5         5.0-10              GNU readline and history libraries
ii  libusb-0.1-4         2:0.1.10a-9.sarge.1 userspace USB programming library
ii  makedev              2.3.1-77            creates device files in /dev
ii  zlib1g               1:1.2.2-4.sarge.2   compression library - runtime

-- no debconf information

--- End Message ---
--- Begin Message --- 
Version: 1.4.1-1.sarge6

CVE-2006-6169 has been resolved also in Sarge with DSA 1231-1. This
bug just seems to have been forgotten when closing the appropriate bug
reports.

                Kind regards, Axel Beckert
-- 
Axel Beckert <[EMAIL PROTECTED]>       support: +41 44 633 2668
IT Support Group, HPR E 86.1              voice:   +41 44 633 4189
Departement Physik, ETH Zurich            fax:     +41 44 633 1239
CH-8093 Zurich, Switzerland               http://nic.phys.ethz.ch/

--- End Message ---

Reply via email to