Your message dated Tue, 25 May 2010 01:52:57 +0000
with message-id <e1ogjkd-0006yx...@ries.debian.org>
and subject line Bug#574418: fixed in barnowl 1.0.1-4+lenny1
has caused the Debian Bug report #574418,
regarding barnowl: CVE-2010-0793 buffer overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
574418: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574418
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: barnowl
Version: 1.0.1-4
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for barnowl.
CVE-2010-0793[0]:
| Buffer overflow in BarnOwl before 1.5.1 allows remote attackers to
| cause a denial of service (crash) and possibly execute arbitrary code
| via a crafted CC: header.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0793
http://security-tracker.debian.org/tracker/CVE-2010-0793
--- End Message ---
--- Begin Message ---
Source: barnowl
Source-Version: 1.0.1-4+lenny1
We believe that the bug you reported is fixed in the latest version of
barnowl, which is due to be installed in the Debian FTP archive:
barnowl-irc_1.0.1-4+lenny1_all.deb
to main/b/barnowl/barnowl-irc_1.0.1-4+lenny1_all.deb
barnowl_1.0.1-4+lenny1.diff.gz
to main/b/barnowl/barnowl_1.0.1-4+lenny1.diff.gz
barnowl_1.0.1-4+lenny1.dsc
to main/b/barnowl/barnowl_1.0.1-4+lenny1.dsc
barnowl_1.0.1-4+lenny1_i386.deb
to main/b/barnowl/barnowl_1.0.1-4+lenny1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 574...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steffen Joeris <wh...@debian.org> (supplier of updated barnowl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 10 May 2010 20:04:06 +1000
Source: barnowl
Binary: barnowl barnowl-irc
Architecture: source all i386
Version: 1.0.1-4+lenny1
Distribution: stable-security
Urgency: high
Maintainer: Sam Hartman <hartm...@debian.org>
Changed-By: Steffen Joeris <wh...@debian.org>
Description:
barnowl - A curses-based tty Jabber and Zephyr client
barnowl-irc - Provide IRC support for the BarnOwl Zephyr client
Closes: 574418
Changes:
barnowl (1.0.1-4+lenny1) stable-security; urgency=high
.
* Non-maintainer upload by the security team
* Fix buffer overflow in message.c (Closes: #574418)
Fixes: CVE-2010-0793
Checksums-Sha1:
b9cf5fb0ad911b76e3c31dae6b2269c8e46ea0df 1128 barnowl_1.0.1-4+lenny1.dsc
8ed96374577a35d7524779aa2087459e864f4e79 6186 barnowl_1.0.1-4+lenny1.diff.gz
2e6669872da8032ec461f0249ebeb8e0a9499bec 38992
barnowl-irc_1.0.1-4+lenny1_all.deb
621ede9cd199d40f4b9ce494a574104c0fd443d0 468636 barnowl_1.0.1-4+lenny1_i386.deb
Checksums-Sha256:
2145f2818ec6d7923ea8d57f17a6fc478a33917453490a38a2af57430191c9a4 1128
barnowl_1.0.1-4+lenny1.dsc
42386cde2830bd5cd0c7980072724c7a634e4f823f30bd978d2375ccdfa1ee72 6186
barnowl_1.0.1-4+lenny1.diff.gz
49ee6417f0aa75c0b8829c09229d923ae49f79f0df61d6a946fd54f8a12b0ff7 38992
barnowl-irc_1.0.1-4+lenny1_all.deb
5f7d1a93f865fd9b55e8ced8adfd92d9e708e85835c23c766fdb03caca7fdf19 468636
barnowl_1.0.1-4+lenny1_i386.deb
Files:
c005716429cc93f9aa13ecc32e9a83a8 1128 net optional barnowl_1.0.1-4+lenny1.dsc
431a62342081785abeac1d6f27cca56e 6186 net optional
barnowl_1.0.1-4+lenny1.diff.gz
662b9a48a4daf355222980b4b77e1dfe 38992 net extra
barnowl-irc_1.0.1-4+lenny1_all.deb
b4d0478d392975c7c10bf1bc5a8db665 468636 net optional
barnowl_1.0.1-4+lenny1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkvn3TcACgkQ62zWxYk/rQeEdgCghIlk0CJD2ZxMvj7vxD9E1YWg
Sc4AnjtZK5y/t8ZYtVT2Gcq4ChyNkq5X
=O8uW
-----END PGP SIGNATURE-----
--- End Message ---
