Bug#510583: marked as done (CVE-2008-5744: overflow in tor2 driver in Zaptel)

Sat, 03 Jan 2009 15:48:02 -0800 

Your message dated Sun, 4 Jan 2009 10:43:13 +1100
with message-id <[email protected]>
and subject line Re: Bug#510583: CVE-2008-5744: overflow in tor2 driver in 
Zaptel
has caused the Debian Bug report #510583,
regarding CVE-2008-5744: overflow in tor2 driver in Zaptel
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
510583: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510583
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: zaptel
Version: 1:1.2.11.dfsg-1
Severity: important
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for zaptel.

CVE-2008-5744[0]:
| Array index error in the dahdi/tor2.c driver in Zaptel (aka DAHDI)
| 1.4.11 and earlier allows local users in the dialout group to
| overwrite an integer value in kernel memory by writing to
| /dev/zap/ctl, related to an incorrect tor2 patch for CVE-2008-5396
| that uses the wrong variable in a range check against the value of
| lc-&gt;sync.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5744
    http://security-tracker.debian.net/tracker/CVE-2008-5744

--- End Message ---
--- Begin Message --- 
Package: zaptel
Version: 1:1.4.11~dfsg-3

On Saturday 03 January 2009 23:20:27 Stefan Fritsch wrote:
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for zaptel.
> CVE-2008-5744[0]:

Stefan,

We addressed this though #507459 with the upload of 1:1.4.11~dfsg-3, although 
it didn't have an CVE id at that time.

merge 510583 507459

Thanks,
Mark

Attachment: signature.asc
Description: This is a digitally signed message part.


--- End Message ---

Reply via email to