Your message dated Fri, 02 Mar 2007 12:32:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#412904: fixed in openser 1.1.0-9etch1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: openser
Version: 1.1.0-9
Severity: grave
Tags: security
Justification: user security hole
While these two vulnerabilities have been fixed in sid in 1.1.1, they
still affect Etch:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6875:
Buffer overflow in the validateospheader function in the Open Settlement
Protocol (OSP) module in
OpenSER 1.1.0 and earlier allows remote attackers to execute arbitrary code via
a crafted OSP header.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6876:
The fetchsms function in the SMS handling module (libsms_getsms.c) in OpenSER
1.1.0 and earlier might
allow remote attackers to execute arbitrary code via a crafted SMS message,
triggering memory
corruption when the "beginning" buffer is copied to the third (pdu) argument.
Cheers,
Moritz
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-4-686
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
--- End Message ---
--- Begin Message ---
Source: openser
Source-Version: 1.1.0-9etch1
We believe that the bug you reported is fixed in the latest version of
openser, which is due to be installed in the Debian FTP archive:
openser-cpl-module_1.1.0-9etch1_amd64.deb
to pool/main/o/openser/openser-cpl-module_1.1.0-9etch1_amd64.deb
openser-dbg_1.1.0-9etch1_amd64.deb
to pool/main/o/openser/openser-dbg_1.1.0-9etch1_amd64.deb
openser-jabber-module_1.1.0-9etch1_amd64.deb
to pool/main/o/openser/openser-jabber-module_1.1.0-9etch1_amd64.deb
openser-mysql-module_1.1.0-9etch1_amd64.deb
to pool/main/o/openser/openser-mysql-module_1.1.0-9etch1_amd64.deb
openser-postgres-module_1.1.0-9etch1_amd64.deb
to pool/main/o/openser/openser-postgres-module_1.1.0-9etch1_amd64.deb
openser-radius-modules_1.1.0-9etch1_amd64.deb
to pool/main/o/openser/openser-radius-modules_1.1.0-9etch1_amd64.deb
openser-unixodbc-module_1.1.0-9etch1_amd64.deb
to pool/main/o/openser/openser-unixodbc-module_1.1.0-9etch1_amd64.deb
openser_1.1.0-9etch1.diff.gz
to pool/main/o/openser/openser_1.1.0-9etch1.diff.gz
openser_1.1.0-9etch1.dsc
to pool/main/o/openser/openser_1.1.0-9etch1.dsc
openser_1.1.0-9etch1_amd64.deb
to pool/main/o/openser/openser_1.1.0-9etch1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Julien BLACHE <[EMAIL PROTECTED]> (supplier of updated openser package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 2 Mar 2007 13:03:19 +0100
Source: openser
Binary: openser-cpl-module openser-jabber-module openser-mysql-module
openser-dbg openser-postgres-module openser-unixodbc-module openser
openser-radius-modules
Architecture: source amd64
Version: 1.1.0-9etch1
Distribution: testing-proposed-updates
Urgency: low
Maintainer: Debian VoIP Maintainers <[EMAIL PROTECTED]>
Changed-By: Julien BLACHE <[EMAIL PROTECTED]>
Description:
openser - very fast and configurable SIP proxy
openser-cpl-module - CPL module (CPL interpreter engine) for OpenSER
openser-dbg - very fast and configurable SIP proxy [debug symbols]
openser-jabber-module - Jabber module (SIP-Jabber message translation) for
OpenSER
openser-mysql-module - MySQL database connectivity module for OpenSER
openser-postgres-module - PostgreSQL database connectivity module for OpenSER
openser-radius-modules - radius modules for OpenSER
openser-unixodbc-module - unixODBC database connectivity module for OpenSER
Closes: 412904
Changes:
openser (1.1.0-9etch1) testing-proposed-updates; urgency=low
.
* Security fixes for Etch (closes: #412904).
* debian/patches/23_CVE-2006-6875.dpatch:
+ Added; fix buffer overflow in the OSP module.
* debian/patches/24_CVE-2006-6876.dpatch:
+ Added; fix buffer overflow in the SMS module.
Files:
09f73b946c890f746aba1eb0743ad746 936 net optional openser_1.1.0-9etch1.dsc
e2130a45bc574c90165d4881ae1f4d75 12133 net optional
openser_1.1.0-9etch1.diff.gz
c6473934e20c23ea73b6b8db776c4fdf 1083852 net optional
openser_1.1.0-9etch1_amd64.deb
7da75fd0504a2b00e794c9da62867741 2042482 net extra
openser-dbg_1.1.0-9etch1_amd64.deb
1cdc776972fa90ed8c9638952415a1f7 25972 net optional
openser-mysql-module_1.1.0-9etch1_amd64.deb
d682583be38a2f115c113e78017a2e33 29652 net optional
openser-postgres-module_1.1.0-9etch1_amd64.deb
a04ddf21f7bc21480cda59e8142b2b70 67966 net optional
openser-jabber-module_1.1.0-9etch1_amd64.deb
a14fa93ee1a31fce4710f69465de7a99 79008 net optional
openser-cpl-module_1.1.0-9etch1_amd64.deb
e2ef8e8201f930316b9c6a628586bfa9 32256 net optional
openser-radius-modules_1.1.0-9etch1_amd64.deb
ccce9754f423f21cf1aba36d07443181 22124 net optional
openser-unixodbc-module_1.1.0-9etch1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFF6BeEzWFP1/XWUWkRApoAAKDkMahk+DwooiFXBN9TJvqjMdX5OwCgzrhQ
51nE7PBPnqkFDMq5sNmBNZc=
=PkDj
-----END PGP SIGNATURE-----
--- End Message ---
