Bug#327722: marked as done (MN gopher[v3.0.9+] multiple(2) client buffer overflows. [CAN-2005-2772])

[Debian Bug Tracking System]

Your message dated Thu, 22 Sep 2005 13:31:43 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Patch for Gopher bug  CAN-2005-2772
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 11 Sep 2005 18:09:33 +0000
>From [EMAIL PROTECTED] Sun Sep 11 11:09:33 2005
Return-path: <[EMAIL PROTECTED]>
Received: from kitenet.net [64.62.161.42] (postfix)
        by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
        id 1EEWGj-0001Eq-00; Sun, 11 Sep 2005 11:09:33 -0700
Received: from dragon.kitenet.net (cpe-66-207-84-23.wb.hsw.ntelos.net 
[66.207.84.23])
        (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
        (Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
        by kitenet.net (Postfix) with ESMTP id 3BA031821E
        for <[EMAIL PROTECTED]>; Sun, 11 Sep 2005 18:09:32 +0000 (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
        id E9CEEBF6C5; Sun, 11 Sep 2005 14:09:35 -0400 (EDT)
Date: Sun, 11 Sep 2005 14:09:35 -0400
From: Joey Hess <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: MN gopher[v3.0.9+] multiple(2) client buffer overflows. [CAN-2005-2772]
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="YZ5djTAD1cGYuMQK"
Content-Disposition: inline
X-Reportbug-Version: 3.17
X-Debbugs-Cc: Debian Security Team <[EMAIL PROTECTED]>
User-Agent: Mutt/1.5.10i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
        X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02


--YZ5djTAD1cGYuMQK
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: gopher
Severity: grave
Version: 3.0.10
Tags: security

Buffer overflows have been found in the gopher client that can lead to
remote code execution when connecting to malicious gopher servers. This
bugtraq post is about version 3.0.9, but it doesn't seem to be fixed in
3.0.10:

http://marc.theaimsgroup.com/?l=3Dbugtraq&m=3D112559902931614&w=3D2

This is CAN-2005-2772.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.4.27
Locale: LANG=3Den_US.UTF-8, LC_CTYPE=3Den_US.UTF-8 (charmap=3DUTF-8)

--=20
see shy jo

--YZ5djTAD1cGYuMQK
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDJHLed8HHehbQuO8RAvJZAKCvVKXF8tV0ZsZIjS4USnA+Y/dLkQCgoXZI
CVPOCJA2ORz7dVyNX57UPCo=
=L2XG
-----END PGP SIGNATURE-----

--YZ5djTAD1cGYuMQK--

---------------------------------------
Received: (at 327722-done) by bugs.debian.org; 22 Sep 2005 18:32:31 +0000
>From [EMAIL PROTECTED] Thu Sep 22 11:32:31 2005
Return-path: <[EMAIL PROTECTED]>
Received: from gatekeeper.excelhustler.com (excelhustler.com) [68.99.114.105] 
        by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
        id 1EIVry-0003rl-00; Thu, 22 Sep 2005 11:32:30 -0700
Received: from wile.internal.excelhustler.com ([192.168.1.34] ident=postfix)
        by excelhustler.com with esmtp
        (Exim 4.50)
        id 1EIVrE-0006Vw-IR; Thu, 22 Sep 2005 13:31:55 -0500
Received: by wile.internal.excelhustler.com (Postfix, from userid 1000)
        id 84C72C69F9; Thu, 22 Sep 2005 13:31:43 -0500 (CDT)
Date: Thu, 22 Sep 2005 13:31:43 -0500
From: John Goerzen <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Patch for Gopher bug  CAN-2005-2772
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.10i
X-Virus-Scanned: by Exiscan on excelhustler.com at Thu, 22 Sep 2005 13:31:55 
-0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
        version=2.60-bugs.debian.org_2005_01_02

Hello,

Joey Hess has reviewed this patch and gave it the thumbs-up.  I have
uploaded 3.0.11 to unstable, urgency high (it has been accepted by now).

Please apply this patch to the version in stable.

Thanks,

-- John Goerzen


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]