Your message dated Thu, 27 Jan 2005 09:17:13 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#292347: fixed in gpsd 2.7-4
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 26 Jan 2005 14:07:54 +0000
>From [EMAIL PROTECTED] Wed Jan 26 06:07:54 2005
Return-path: <[EMAIL PROTECTED]>
Received: from pernis.its.uu.se [130.238.4.153]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Ctnpp-0002Sr-00; Wed, 26 Jan 2005 06:07:54 -0800
Received: by pernis.its.uu.se (Postfix, from userid 205)
id 4CBD416D; Wed, 26 Jan 2005 15:07:52 +0100 (MEZ)
Received: from pernis.its.uu.se(127.0.0.1) by pernis.its.uu.se via virus-scan
id s311; Wed, 26 Jan 05 15:06:48 +0100
Received: from tyto.its.uu.se (tyto.its.uu.se [130.238.4.190])
by pernis.its.uu.se (Postfix) with ESMTP id 454CA1B1
for <[EMAIL PROTECTED]>; Wed, 26 Jan 2005 15:06:48 +0100 (MEZ)
Received: from localhost ([127.0.0.1])
by tyto.its.uu.se with esmtp (Exim 3.35 #1 (Debian))
id 1Ctnom-0002h7-00
for <[EMAIL PROTECTED]>; Wed, 26 Jan 2005 15:06:48 +0100
Received: from h173n2fls31o1123.telia.com (h173n2fls31o1123.telia.com
[81.224.172.173])
by webmail.uu.se (IMP) with HTTP
for <[EMAIL PROTECTED]>; Wed, 26 Jan 2005 15:06:48 +0100
Message-ID: <[EMAIL PROTECTED]>
Date: Wed, 26 Jan 2005 15:06:48 +0100
From: Ulf =?iso-8859-1?b?SORybmhhbW1hcg==?= <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: gpsd: remote security problem with format strings
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
User-Agent: Internet Messaging Program (IMP) 3.2.7
Content-Transfer-Encoding: quoted-printable
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.8 required=4.0 tests=BAYES_00,FROM_ENDS_IN_NUMS,
HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Subject: gpsd: remote security problem with format strings
Package: gpsd
Severity: grave
Justification: user security hole
Tags: security
Hello,
a remote security problem with format strings has been reported:
http://seclists.org/lists/fulldisclosure/2005/Jan/0843.html
The patch is changing all instances of:
syslog(BLAH, str);
to:
syslog(BLAH, "%s", str);
// Ulf Harnhammar
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686
Locale: LANG=3Den_US, LC_CTYPE=3Den_US (charmap=3DISO-8859-1)
---------------------------------------
Received: (at 292347-close) by bugs.debian.org; 27 Jan 2005 14:23:04 +0000
>From [EMAIL PROTECTED] Thu Jan 27 06:23:04 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CuAY4-0008VD-00; Thu, 27 Jan 2005 06:23:04 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1CuASP-0001Wj-00; Thu, 27 Jan 2005 09:17:13 -0500
From: Tilman Koschnick <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#292347: fixed in gpsd 2.7-4
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Thu, 27 Jan 2005 09:17:13 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: gpsd
Source-Version: 2.7-4
We believe that the bug you reported is fixed in the latest version of
gpsd, which is due to be installed in the Debian FTP archive:
gpsd-clients_2.7-4_i386.deb
to pool/main/g/gpsd/gpsd-clients_2.7-4_i386.deb
gpsd_2.7-4.diff.gz
to pool/main/g/gpsd/gpsd_2.7-4.diff.gz
gpsd_2.7-4.dsc
to pool/main/g/gpsd/gpsd_2.7-4.dsc
gpsd_2.7-4_i386.deb
to pool/main/g/gpsd/gpsd_2.7-4_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tilman Koschnick <[EMAIL PROTECTED]> (supplier of updated gpsd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 27 Jan 2005 13:31:03 +0100
Source: gpsd
Binary: gpsd gpsd-clients
Architecture: source i386
Version: 2.7-4
Distribution: unstable
Urgency: high
Maintainer: Tilman Koschnick <[EMAIL PROTECTED]>
Changed-By: Tilman Koschnick <[EMAIL PROTECTED]>
Description:
gpsd - GPS (Global Positioning System) service daemon
gpsd-clients - clients for the GPS service daemon
Closes: 292347 292370
Changes:
gpsd (2.7-4) unstable; urgency=high
.
* setting urgency=high because of RC bugfix
* bugfix: remote security problem with format strings
- add debian/patches/09_syslog_formatstring.dpatch
- thanks to Ulf Harnhammar, KF, Petter Reinholdtsen
(closes: #292347, #292370)
* fix lintian warnings
- change description of gpsd-clients
- add /usr/share/lintian/overrides/gpsd
(ignoring non-dev-pkg-with-shlib-symlink,
description-synopsis-starts-with-a-capital-letter)
Files:
0872be11bc3a8eadc831d71604f413f4 673 misc optional gpsd_2.7-4.dsc
a889c560a24cf6269834461c64e9c476 22493 misc optional gpsd_2.7-4.diff.gz
6c4ee7e643a8a71e61fec2ecb5037219 70142 misc optional gpsd_2.7-4_i386.deb
88a2eb535ae935f264342be66b61c4d6 24754 misc optional
gpsd-clients_2.7-4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFB+POu20zMSyow1ykRApmHAKDWVdyTOc7W9omqs+/CVhfy2370QwCdG/fs
syHtdq73b7aYaGmRtN09ki0=
=No/h
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
