Bug#645325: marked as done (CVE-2011-3378: Malformed Header parsing)

Debian Bug Tracking System Mon, 07 Nov 2011 02:21:52 -0800

Your message dated Mon, 07 Nov 2011 10:17:32 +0000
with message-id <[email protected]>
and subject line Bug#645325: fixed in rpm 4.9.1.2-1
has caused the Debian Bug report #645325,
regarding CVE-2011-3378: Malformed Header parsing
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
645325: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645325
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: rpm
Severity: important
Tags: security

Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3378 and links 
to patches.

Thanks to dpkg the attack vectors to a Debian system are rather limited, so I 
don't think
this warrants a DSA. It could be fixed through a point update, though (see
http://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable )

Please contact [email protected] if you disgree with the severity.

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: rpm
Source-Version: 4.9.1.2-1

We believe that the bug you reported is fixed in the latest version of
rpm, which is due to be installed in the Debian FTP archive:

librpm-dbg_4.9.1.2-1_amd64.deb
  to main/r/rpm/librpm-dbg_4.9.1.2-1_amd64.deb
librpm-dev_4.9.1.2-1_amd64.deb
  to main/r/rpm/librpm-dev_4.9.1.2-1_amd64.deb
librpm2_4.9.1.2-1_amd64.deb
  to main/r/rpm/librpm2_4.9.1.2-1_amd64.deb
librpmbuild2_4.9.1.2-1_amd64.deb
  to main/r/rpm/librpmbuild2_4.9.1.2-1_amd64.deb
librpmio2_4.9.1.2-1_amd64.deb
  to main/r/rpm/librpmio2_4.9.1.2-1_amd64.deb
librpmsign0_4.9.1.2-1_amd64.deb
  to main/r/rpm/librpmsign0_4.9.1.2-1_amd64.deb
python-rpm_4.9.1.2-1_amd64.deb
  to main/r/rpm/python-rpm_4.9.1.2-1_amd64.deb
rpm-common_4.9.1.2-1_amd64.deb
  to main/r/rpm/rpm-common_4.9.1.2-1_amd64.deb
rpm-i18n_4.9.1.2-1_all.deb
  to main/r/rpm/rpm-i18n_4.9.1.2-1_all.deb
rpm2cpio_4.9.1.2-1_amd64.deb
  to main/r/rpm/rpm2cpio_4.9.1.2-1_amd64.deb
rpm_4.9.1.2-1.debian.tar.gz
  to main/r/rpm/rpm_4.9.1.2-1.debian.tar.gz
rpm_4.9.1.2-1.dsc
  to main/r/rpm/rpm_4.9.1.2-1.dsc
rpm_4.9.1.2-1_amd64.deb
  to main/r/rpm/rpm_4.9.1.2-1_amd64.deb
rpm_4.9.1.2.orig.tar.bz2
  to main/r/rpm/rpm_4.9.1.2.orig.tar.bz2



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michal Čihař <[email protected]> (supplier of updated rpm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 14 Oct 2011 17:53:46 +0200
Source: rpm
Binary: rpm rpm2cpio rpm-common rpm-i18n librpm-dbg librpm2 librpmio2 
librpmbuild2 librpmsign0 librpm-dev python-rpm
Architecture: source all amd64
Version: 4.9.1.2-1
Distribution: unstable
Urgency: high
Maintainer: Michal Čihař <[email protected]>
Changed-By: Michal Čihař <[email protected]>
Description: 
 librpm-dbg - debugging symbols for RPM
 librpm-dev - RPM shared library, development kit
 librpm2    - RPM shared library
 librpmbuild2 - RPM build shared library
 librpmio2  - RPM IO shared library
 librpmsign0 - RPM signing shared library
 python-rpm - Python bindings for RPM
 rpm        - package manager for RPM
 rpm-common - common files for RPM
 rpm-i18n   - localization and localized man pages for rpm
 rpm2cpio   - tool to convert RPM package to CPIO archive
Closes: 645325
Changes: 
 rpm (4.9.1.2-1) unstable; urgency=high
 .
   * New upstream release.
     - Fixes CVE-2011-3378 (Closes: #645325).
Checksums-Sha1: 
 a47392ab004564d449ba1039f597abf7d24ad054 2674 rpm_4.9.1.2-1.dsc
 5ec557424d90461f76d4ad30bfb6653b79920d58 3500371 rpm_4.9.1.2.orig.tar.bz2
 e5151f0a268a8ff3ecc36759101f347e6e3680eb 34297 rpm_4.9.1.2-1.debian.tar.gz
 81ca65f2b24a98c3174e4b527c9f01d247534a5b 1287150 rpm-i18n_4.9.1.2-1_all.deb
 5ebb10d48bcb656c2716c957015517d901f3267a 991670 rpm_4.9.1.2-1_amd64.deb
 ae459a590514c0a7c6ce44a5af0506c1784fe0d8 838718 rpm2cpio_4.9.1.2-1_amd64.deb
 c27a9074a433b7efb933bd2b045158e6e45ede6c 852146 rpm-common_4.9.1.2-1_amd64.deb
 7e80772ce66827c9813f6d2ed84f6fdd821709e9 1891076 librpm-dbg_4.9.1.2-1_amd64.deb
 4bdfdd9ca2c949989ba36cda6f120cdd5ad57e5d 1020320 librpm2_4.9.1.2-1_amd64.deb
 f01ef434fd0bd539e237215cd71cf9321e02c333 914776 librpmio2_4.9.1.2-1_amd64.deb
 178ba4650cae8cba49ddd08a479730ff64e466ae 903934 
librpmbuild2_4.9.1.2-1_amd64.deb
 951c1ae9cbe840089adaa659bb9a94d9eceb7d02 842666 librpmsign0_4.9.1.2-1_amd64.deb
 3942cb7a4563493a8fae84b446ec4f289926a882 895214 librpm-dev_4.9.1.2-1_amd64.deb
 74acf4484696b7b0a5e4736300fd73236fbece10 914452 python-rpm_4.9.1.2-1_amd64.deb
Checksums-Sha256: 
 f8fba6549fbe76ecf4e1177363f8337a8a76f20a8fff2d3b2d1c33f96bb6b045 2674 
rpm_4.9.1.2-1.dsc
 ea55e5c5b70703a3fea33e5debec27a694816ae86d1bf5ce99bc9e27db84b60a 3500371 
rpm_4.9.1.2.orig.tar.bz2
 2e9e07fae151ce31469d0f9bb753429387384f32af81737cc92faaa810e05f05 34297 
rpm_4.9.1.2-1.debian.tar.gz
 0010791ca24980cd4bf7ce7c20e0f7fdf5840675913daec41f00451b7f4737be 1287150 
rpm-i18n_4.9.1.2-1_all.deb
 eee2ecb44a02cd646ed7bc99dd837c700c97c13f674720192cbeab070255ec7b 991670 
rpm_4.9.1.2-1_amd64.deb
 15041d8efd68e8a1bb7e912dff2441132c8a8d4929765ac2c65312905b5e3602 838718 
rpm2cpio_4.9.1.2-1_amd64.deb
 b33482ceec2f093c1e87de000789b4bbec08176fa5a048db412a6e6cf48fc2be 852146 
rpm-common_4.9.1.2-1_amd64.deb
 77e3a2f0ace27b000537567a1a59ba6705d64653a98c0e84dd252553f040f9c9 1891076 
librpm-dbg_4.9.1.2-1_amd64.deb
 553e0ff32618c7026f3bec1b5b9b91189390ee8fa0fba37f071b21da3426b607 1020320 
librpm2_4.9.1.2-1_amd64.deb
 cb07a44c60de5e0b3e3ce0df1f542d4d44a90bea289e7787c16436b80e6bbfee 914776 
librpmio2_4.9.1.2-1_amd64.deb
 e6ad88aa21a8134446fe88c35fa5a10402e2f0ed44ffef610ae172069b845294 903934 
librpmbuild2_4.9.1.2-1_amd64.deb
 21cccc27c2f3b6aaf336f94936e6b05b522ec61efa4c57a6e4debeacd16a90b2 842666 
librpmsign0_4.9.1.2-1_amd64.deb
 f227a85435c070b870ef2be459e5df6bdd5779544eb37f6b5aca8f84cafd86c7 895214 
librpm-dev_4.9.1.2-1_amd64.deb
 d6d9be7463febe21f130f30a86c01cd270c1923e91a3a4e0ba5db1a6140100ac 914452 
python-rpm_4.9.1.2-1_amd64.deb
Files: 
 ad5f54184097b2b1a24996c655d7ce87 2674 admin optional rpm_4.9.1.2-1.dsc
 85cc5b7adb5806b5abf5b538b088dbdc 3500371 admin optional 
rpm_4.9.1.2.orig.tar.bz2
 889ac41bfc680cf469003f0646e037b2 34297 admin optional 
rpm_4.9.1.2-1.debian.tar.gz
 be83270eb521a9dfecbdde62b4a30c21 1287150 localization optional 
rpm-i18n_4.9.1.2-1_all.deb
 28090bc3431892e4dafefa8a08126ba7 991670 admin optional rpm_4.9.1.2-1_amd64.deb
 68e64e6a79871f91f36e07135c80ba58 838718 admin optional 
rpm2cpio_4.9.1.2-1_amd64.deb
 204fb45820a3de19f3500f33537da2e7 852146 admin optional 
rpm-common_4.9.1.2-1_amd64.deb
 3b97929f29da8d5b188e1633082c6acd 1891076 debug extra 
librpm-dbg_4.9.1.2-1_amd64.deb
 d58e69da82a1130aff3bd875cf3be593 1020320 libs optional 
librpm2_4.9.1.2-1_amd64.deb
 c006186a9f60d812c1b3d3a2f9ab5df1 914776 libs optional 
librpmio2_4.9.1.2-1_amd64.deb
 88a5ae956f9e69a51b9eb117d8afa4ec 903934 libs optional 
librpmbuild2_4.9.1.2-1_amd64.deb
 08d096f8effc9923b8c4fb34bd46c75f 842666 libs optional 
librpmsign0_4.9.1.2-1_amd64.deb
 85315afed2570e06aae2b8eb9320f041 895214 libdevel extra 
librpm-dev_4.9.1.2-1_amd64.deb
 5dbb0bc70fac14b875f70b759f0a6635 914452 python extra 
python-rpm_4.9.1.2-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJOmF21AAoJEGo39bHX+xdNngUQAJNhvTRH+JY1IyFLR1tGIdlh
rudoGpGsGiiinshON1I2kA2v1SpLfHvBHDynBIav+JRN5WZCBR6QkJnBf1/kjXwy
KJ5JCtzvLrbYi1y63k0YJgTUbR4bOTlen8X/FPH69Wle09lCmI7AR3MLlBGqj8OY
hcCKbRkH+OVtIW6kx53VxKq0xxjaeGMIKPBGYGDB4WA0yHtPTCpGkZyqTjQcZn+H
Xwxxki8TbyW+efFfvWxqo+OCkmOTlG88D8jMS3QNJzjOLa4yHa/3Yi0tWjhWyd0m
Xl968f9R78CZ19OdFbd7oKJ928Iu8S3DnpnDtQX10rHe3Zauow3T+KsXMVkHlL1C
GuOWmQwupxEhwaMc9CbsLwl8HSoLeO484SlM4YRNtA2atNaAQBFBec7jFZ3p4xxX
/Ssj6E0nhGrYPbCWkllx/KwQ47MQ6T5HLlqOMLEzwWdO/7STHX9l6gaM5LTK+tEt
BdMbDGddmIRJGVCRPvozJwbuVZ7Z1rKAnv7KO+E0NI6UC6BAWYZVGsJ0cD6est+V
vd55YvsMK4JLuvSK+dRGCHHbx5oQzKukGZYqKM9FbJrcBJjHmNHKFkQpryT5j4dM
2BAkDooiCTo+hlrSPefLwLd81BtQPUg75D4fCDpb32y7U3Z0NjMCskraAxyBKH0c
3u+YvR3m0VLWgjxpys14
=7E1b
-----END PGP SIGNATURE-----

--- End Message ---

Bug#645325: marked as done (CVE-2011-3378: Malformed Header parsing)

Reply via email to