Your message dated Tue, 26 Dec 2006 21:47:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#404591: fixed in openser 1.1.0-8
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: openser
Severity: grave
Tags: security
Justification: user security hole
OpenPKG fixed a buffer overflow in openser:
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.042.html
Patch attached, please upload.
Cheers,
Moritz
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-686
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
Security Fix (OpenPKG-SA-2006.042, OpenPKG-TT-E1#29)
Index: modules/permissions/parse_config.c
--- modules/permissions/parse_config.c.orig 2005-06-13 18:47:43 +0200
+++ modules/permissions/parse_config.c 2006-12-26 11:15:25 +0100
@@ -111,8 +111,11 @@
except = strstr(str, " EXCEPT ");
if (except) {
/* exception found */
- strncpy(str2, str, except-str);
- str2[except-str] = '\0';
+ int l = except - str;
+ if (l > sizeof(str2) - 1)
+ l = sizeof(str2) - 1;
+ strncpy(str2, str, l);
+ str2[l] = '\0';
/* except+8 points to the exception */
if (parse_expression_list(except+8, e_exceptions)) {
/* error */
@@ -121,7 +124,8 @@
}
} else {
/* no exception */
- strcpy(str2, str);
+ strncpy(str2, str, sizeof(str2)-1);
+ str2[sizeof(str2)-1] = '\0';
*e_exceptions = NULL;
}
--- End Message ---
--- Begin Message ---
Source: openser
Source-Version: 1.1.0-8
We believe that the bug you reported is fixed in the latest version of
openser, which is due to be installed in the Debian FTP archive:
openser-cpl-module_1.1.0-8_amd64.deb
to pool/main/o/openser/openser-cpl-module_1.1.0-8_amd64.deb
openser-dbg_1.1.0-8_amd64.deb
to pool/main/o/openser/openser-dbg_1.1.0-8_amd64.deb
openser-jabber-module_1.1.0-8_amd64.deb
to pool/main/o/openser/openser-jabber-module_1.1.0-8_amd64.deb
openser-mysql-module_1.1.0-8_amd64.deb
to pool/main/o/openser/openser-mysql-module_1.1.0-8_amd64.deb
openser-postgres-module_1.1.0-8_amd64.deb
to pool/main/o/openser/openser-postgres-module_1.1.0-8_amd64.deb
openser-radius-modules_1.1.0-8_amd64.deb
to pool/main/o/openser/openser-radius-modules_1.1.0-8_amd64.deb
openser-unixodbc-module_1.1.0-8_amd64.deb
to pool/main/o/openser/openser-unixodbc-module_1.1.0-8_amd64.deb
openser_1.1.0-8.diff.gz
to pool/main/o/openser/openser_1.1.0-8.diff.gz
openser_1.1.0-8.dsc
to pool/main/o/openser/openser_1.1.0-8.dsc
openser_1.1.0-8_amd64.deb
to pool/main/o/openser/openser_1.1.0-8_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Julien BLACHE <[EMAIL PROTECTED]> (supplier of updated openser package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 26 Dec 2006 22:13:26 +0100
Source: openser
Binary: openser-cpl-module openser-jabber-module openser-mysql-module
openser-dbg openser-postgres-module openser-unixodbc-module openser
openser-radius-modules
Architecture: source amd64
Version: 1.1.0-8
Distribution: unstable
Urgency: high
Maintainer: Debian VoIP Maintainers <[EMAIL PROTECTED]>
Changed-By: Julien BLACHE <[EMAIL PROTECTED]>
Description:
openser - very fast and configurable SIP proxy
openser-cpl-module - CPL module (CPL interpreter engine) for OpenSER
openser-dbg - very fast and configurable SIP proxy [debug symbols]
openser-jabber-module - Jabber module (SIP-Jabber message translation) for
OpenSER
openser-mysql-module - MySQL database connectivity module for OpenSER
openser-postgres-module - PostgreSQL database connectivity module for OpenSER
openser-radius-modules - radius modules for OpenSER
openser-unixodbc-module - unixODBC database connectivity module for OpenSER
Closes: 404591
Changes:
openser (1.1.0-8) unstable; urgency=high
.
* debian/patches/22_OpenPKG-SA-2006.042.dpatch:
+ Added; security fix for OpenPKG-SA-2006.042 (closes: #404591).
Files:
94190e57fa2125e105a584670fb3bcc2 926 net optional openser_1.1.0-8.dsc
8ffacb0df25a3fdf20c9a2f96fbd6619 11424 net optional openser_1.1.0-8.diff.gz
e18bdf2d38a50e60b28d1522540963e0 1083664 net optional openser_1.1.0-8_amd64.deb
dd23adcb2111e4b64b2be7d4ca12cd55 2042514 net extra
openser-dbg_1.1.0-8_amd64.deb
33a5189b74e918ac7ac7268486556d34 25784 net optional
openser-mysql-module_1.1.0-8_amd64.deb
25f44ca9a4483cb41ff26f5bd34178c6 29454 net optional
openser-postgres-module_1.1.0-8_amd64.deb
cf9c127951080152f3d0d1cf8599ed5e 67756 net optional
openser-jabber-module_1.1.0-8_amd64.deb
ec4126e711792f7a91887e214600063a 78818 net optional
openser-cpl-module_1.1.0-8_amd64.deb
851ad37af22ed44638ddc457d7498764 32078 net optional
openser-radius-modules_1.1.0-8_amd64.deb
9a4a16590870cf02820fb39b6524b719 21914 net optional
openser-unixodbc-module_1.1.0-8_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFkZMNzWFP1/XWUWkRAubGAJ9k/qJjb+iWLXHk5WlYJ5He8O1d8QCgwPX0
xvOc+3+7Ap+P8gd3J2j7PPY=
=LcvN
-----END PGP SIGNATURE-----
--- End Message ---
