Bug#403219: marked as done (CVE-2006-6105: gdmchooser Format String Vulnerability)

Debian Bug Tracking System Sat, 16 Dec 2006 03:58:42 -0800

Your message dated Sat, 16 Dec 2006 11:47:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#403219: fixed in gdm 2.16.4-1
has caused the attached Bug report to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

Package: gdm
Version: 2.16.1-1
Severity: grave
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Today I found:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=453.
After a fast look into the code it seems, that this issue is present in
the Debian package.

Please take a look at it.

Regards, Daniel


- -- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (850, 'unstable'), (700, 'testing'), (550, 'stable'), (110, 
'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17.09060920
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1)

Versions of packages gdm depends on:
ii  adduser                    3.100         Add and remove users and groups
ii  debconf [debconf-2.0]      1.5.10        Debian configuration management sy
ii  gdm-themes                 0.5           Themes for the GNOME Display Manag
ii  gksu                       2.0.0-1       graphical frontend to su
ii  gnome-session              2.14.3-3      The GNOME 2 Session Manager
ii  gnome-terminal [x-terminal 2.14.2-1      The GNOME 2 terminal emulator appl
ii  libart-2.0-2               2.3.17-1      Library of functions for 2D graphi
ii  libatk1.0-0                1.12.3-1      The ATK accessibility toolkit
ii  libattr1                   2.4.32-1      Extended attribute shared library
ii  libc6                      2.3.6.ds1-9   GNU C Library: Shared libraries
ii  libcairo2                  1.2.4-4       The Cairo 2D vector graphics libra
ii  libdmx1                    1:1.0.2-2     X11 Distributed Multihead extensio
ii  libfontconfig1             2.4.2-1       generic font configuration library
ii  libglade2-0                1:2.6.0-2     library to load .glade files at ru
ii  libglib2.0-0               2.12.4-2      The GLib library of C routines
ii  libgnomecanvas2-0          2.14.0-2      A powerful object-oriented display
ii  libgtk2.0-0                2.8.20-3      The GTK+ graphical user interface 
ii  libpam-modules             0.79-4        Pluggable Authentication Modules f
ii  libpam-runtime             0.79-4        Runtime support for the PAM librar
ii  libpam0g                   0.79-4        Pluggable Authentication Modules l
ii  libpango1.0-0              1.14.8-2      Layout and rendering of internatio
ii  libpopt0                   1.10-3        lib for parsing cmdline parameters
ii  librsvg2-2                 2.14.4-2      SAX-based renderer library for SVG
ii  librsvg2-common            2.14.4-2      SAX-based renderer library for SVG
ii  libselinux1                1.32-3        SELinux shared libraries
ii  libwrap0                   7.6.dbs-11    Wietse Venema's TCP wrappers libra
ii  libx11-6                   2:1.0.3-4     X11 client-side library
ii  libxau6                    1:1.0.1-2     X11 authorisation library
ii  libxcursor1                1.1.7-4       X cursor management library
ii  libxdmcp6                  1:1.0.1-2     X11 Display Manager Control Protoc
ii  libxext6                   1:1.0.1-2     X11 miscellaneous extension librar
ii  libxfixes3                 1:4.0.1-5     X11 miscellaneous 'fixes' extensio
ii  libxi6                     1:1.0.1-4     X11 Input extension library
ii  libxinerama1               1:1.0.1-4.1   X11 Xinerama extension library
ii  libxml2                    2.6.27.dfsg-1 GNOME XML library
ii  libxrandr2                 2:1.1.0.2-5   X11 RandR extension library
ii  libxrender1                1:0.9.1-3     X Rendering Extension client libra
ii  lsb-base                   3.1-22        Linux Standard Base 3.1 init scrip
ii  metacity [x-window-manager 1:2.14.5-2    A lightweight GTK2 based Window Ma
ii  twm [x-window-manager]     1:1.0.1-4     Tab window manager
ii  xbase-clients              1:7.1.ds-3    miscellaneous X clients
ii  xfce4-terminal [x-terminal 0.2.5.8rc2-1  Xfce terminal emulator
ii  xfwm4 [x-window-manager]   4.3.99.2-1    window manager of the Xfce project
ii  xterm [x-terminal-emulator 223-1         X terminal emulator

Versions of packages gdm recommends:
ii  dialog                    1.0-20060221-1 Displays user-friendly dialog boxe
ii  whiptail                  0.52.2-8       Displays user-friendly dialog boxe
ii  zenity                    2.14.3-1       Display graphical dialog boxes fro

- -- debconf information excluded

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFgpxWm0bx+wiPa4wRAjFtAKDW0OA8AkMaWndlyciqqOvN7WVErQCfUG+6
HOVV+KN+7mHM0YdUl5hZHLc=
=acsC
-----END PGP SIGNATURE-----

--- End Message ---

--- Begin Message ---

Source: gdm
Source-Version: 2.16.4-1

We believe that the bug you reported is fixed in the latest version of
gdm, which is due to be installed in the Debian FTP archive:

gdm_2.16.4-1.diff.gz
  to pool/main/g/gdm/gdm_2.16.4-1.diff.gz
gdm_2.16.4-1.dsc
  to pool/main/g/gdm/gdm_2.16.4-1.dsc
gdm_2.16.4-1_i386.deb
  to pool/main/g/gdm/gdm_2.16.4-1_i386.deb
gdm_2.16.4.orig.tar.gz
  to pool/main/g/gdm/gdm_2.16.4.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ryan Murray <[EMAIL PROTECTED]> (supplier of updated gdm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 15 Dec 2006 15:11:04 -0800
Source: gdm
Binary: gdm
Architecture: source i386
Version: 2.16.4-1
Distribution: unstable
Urgency: high
Maintainer: Ryan Murray <[EMAIL PROTECTED]>
Changed-By: Ryan Murray <[EMAIL PROTECTED]>
Description: 
 gdm        - GNOME Display Manager
Closes: 396259 396696 403219
Changes: 
 gdm (2.16.4-1) unstable; urgency=high
 .
   * New upstream release
     + Fix for CVE-2006-6105, gdmchooser format string vulnerability (closes: 
#403219)
     + Fix for 64-bit portability problems (closes: #396259)
   * Fix typo in pam files (closes: #396696)
   * Update debian-moreblue theme to 0.5, and make it the default
   * Relax gdm-themes depends to Recommends because of the default theme change
Files: 
 46bd2ed7726d2c155482912554fde4e5 783 gnome optional gdm_2.16.4-1.dsc
 b5a4e0867f9ba2dad2ab273bb8b82e0c 4893879 gnome optional gdm_2.16.4.orig.tar.gz
 019f8ee981109c2a3b449aa9af1a5270 313727 gnome optional gdm_2.16.4-1.diff.gz
 26bc4bc322f3dde46e5f44df09a2859a 4011538 gnome optional gdm_2.16.4-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFg9gZN2Dbz/1mRasRAqx/AKCZ7HtnrdTifPinNc1PuSNmrjINiACdHqcp
Ys4EMjiSd8YirjIk1NJOQ5c=
=cCHp
-----END PGP SIGNATURE-----

--- End Message ---

Bug#403219: marked as done (CVE-2006-6105: gdmchooser Format String Vulnerability)

Reply via email to