Your message dated Thu, 22 Sep 2005 13:31:43 -0500 with message-id <[EMAIL PROTECTED]> and subject line Patch for Gopher bug CAN-2005-2772 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 11 Sep 2005 18:09:33 +0000 >From [EMAIL PROTECTED] Sun Sep 11 11:09:33 2005 Return-path: <[EMAIL PROTECTED]> Received: from kitenet.net [64.62.161.42] (postfix) by spohr.debian.org with esmtp (Exim 3.36 1 (Debian)) id 1EEWGj-0001Eq-00; Sun, 11 Sep 2005 11:09:33 -0700 Received: from dragon.kitenet.net (cpe-66-207-84-23.wb.hsw.ntelos.net [66.207.84.23]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "Joey Hess", Issuer "Joey Hess" (verified OK)) by kitenet.net (Postfix) with ESMTP id 3BA031821E for <[EMAIL PROTECTED]>; Sun, 11 Sep 2005 18:09:32 +0000 (GMT) Received: by dragon.kitenet.net (Postfix, from userid 1000) id E9CEEBF6C5; Sun, 11 Sep 2005 14:09:35 -0400 (EDT) Date: Sun, 11 Sep 2005 14:09:35 -0400 From: Joey Hess <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Subject: MN gopher[v3.0.9+] multiple(2) client buffer overflows. [CAN-2005-2772] Message-ID: <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="YZ5djTAD1cGYuMQK" Content-Disposition: inline X-Reportbug-Version: 3.17 X-Debbugs-Cc: Debian Security Team <[EMAIL PROTECTED]> User-Agent: Mutt/1.5.10i Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE, X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02 --YZ5djTAD1cGYuMQK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Package: gopher Severity: grave Version: 3.0.10 Tags: security Buffer overflows have been found in the gopher client that can lead to remote code execution when connecting to malicious gopher servers. This bugtraq post is about version 3.0.9, but it doesn't seem to be fixed in 3.0.10: http://marc.theaimsgroup.com/?l=3Dbugtraq&m=3D112559902931614&w=3D2 This is CAN-2005-2772. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.4.27 Locale: LANG=3Den_US.UTF-8, LC_CTYPE=3Den_US.UTF-8 (charmap=3DUTF-8) --=20 see shy jo --YZ5djTAD1cGYuMQK Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDJHLed8HHehbQuO8RAvJZAKCvVKXF8tV0ZsZIjS4USnA+Y/dLkQCgoXZI CVPOCJA2ORz7dVyNX57UPCo= =L2XG -----END PGP SIGNATURE----- --YZ5djTAD1cGYuMQK-- --------------------------------------- Received: (at 327722-done) by bugs.debian.org; 22 Sep 2005 18:32:31 +0000 >From [EMAIL PROTECTED] Thu Sep 22 11:32:31 2005 Return-path: <[EMAIL PROTECTED]> Received: from gatekeeper.excelhustler.com (excelhustler.com) [68.99.114.105] by spohr.debian.org with esmtp (Exim 3.36 1 (Debian)) id 1EIVry-0003rl-00; Thu, 22 Sep 2005 11:32:30 -0700 Received: from wile.internal.excelhustler.com ([192.168.1.34] ident=postfix) by excelhustler.com with esmtp (Exim 4.50) id 1EIVrE-0006Vw-IR; Thu, 22 Sep 2005 13:31:55 -0500 Received: by wile.internal.excelhustler.com (Postfix, from userid 1000) id 84C72C69F9; Thu, 22 Sep 2005 13:31:43 -0500 (CDT) Date: Thu, 22 Sep 2005 13:31:43 -0500 From: John Goerzen <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Patch for Gopher bug CAN-2005-2772 Message-ID: <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.10i X-Virus-Scanned: by Exiscan on excelhustler.com at Thu, 22 Sep 2005 13:31:55 -0500 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no version=2.60-bugs.debian.org_2005_01_02 Hello, Joey Hess has reviewed this patch and gave it the thumbs-up. I have uploaded 3.0.11 to unstable, urgency high (it has been accepted by now). Please apply this patch to the version in stable. Thanks, -- John Goerzen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]