Bug#697987: marked as done (ettercap: CVE-2013-0722: stack-based buffer overflow when parsing hosts list)

[Debian Bug Tracking System]

Your message dated Mon, 14 Jan 2013 10:47:31 +0000
with message-id <e1tuhzj-0003ke...@franck.debian.org>
and subject line Bug#697987: fixed in ettercap 1:0.7.5.1-2
has caused the Debian Bug report #697987,
regarding ettercap: CVE-2013-0722: stack-based buffer overflow when parsing 
hosts list
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
697987: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697987
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: ettercap
Severity: important
Tags: security

Hi,

the following vulnerability was published for ettercap.

CVE-2013-0722[0]:
stack-based buffer overflow when parsing hosts list

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://security-tracker.debian.org/tracker/CVE-2013-0722
[1] http://marc.info/?s=CVE-2013-0722&l=oss-security
[2] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0722

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: ettercap
Source-Version: 1:0.7.5.1-2

We believe that the bug you reported is fixed in the latest version of
ettercap, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 697...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Barak A. Pearlmutter <b...@debian.org> (supplier of updated ettercap package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 14 Jan 2013 10:19:40 +0000
Source: ettercap
Binary: ettercap-common ettercap-text-only ettercap-graphical ettercap-dbg
Architecture: source amd64
Version: 1:0.7.5.1-2
Distribution: unstable
Urgency: low
Maintainer: Barak A. Pearlmutter <b...@debian.org>
Changed-By: Barak A. Pearlmutter <b...@debian.org>
Description: 
 ettercap-common - Multipurpose sniffer/interceptor/logger for switched LAN
 ettercap-dbg - Debug symbols for Ettercap.
 ettercap-graphical - Ettercap GUI-enabled executable
 ettercap-text-only - Ettercap console-mode executable
Closes: 697987
Changes: 
 ettercap (1:0.7.5.1-2) unstable; urgency=low
 .
   * merge upstream patch for CVE-2013-0722 a stack-based buffer overflow
     when parsing hosts list (closes: #697987)
   * merge upstream patch for clang compilation issue
Checksums-Sha1: 
 df1ae488ba668f8162733c307cd48335e6bcdba1 1670 ettercap_0.7.5.1-2.dsc
 736685725e0615f0011112a88ba5833ffd13f8cd 11356 ettercap_0.7.5.1-2.debian.tar.gz
 bcaa7ed571446ccec5cea32e963e376e4f0dc8c6 394394 
ettercap-common_0.7.5.1-2_amd64.deb
 8aa9e8fae8adfd45ebbffb89fb18b919d09dd9f0 185542 
ettercap-text-only_0.7.5.1-2_amd64.deb
 314881e6f807912cea84fbe0cc5f489b8644c7c0 238460 
ettercap-graphical_0.7.5.1-2_amd64.deb
 f80894e4babd94e5fe2ad9f91276dd788b8356e3 2036884 
ettercap-dbg_0.7.5.1-2_amd64.deb
Checksums-Sha256: 
 1377e2c8bc88c515c23f218b499185f1275d757b61689c4daefdb3972a23bd8d 1670 
ettercap_0.7.5.1-2.dsc
 f1c3bf8116258da6f08e77624cd0797ca8b543f6639147a2cd27af4cda1a8cb6 11356 
ettercap_0.7.5.1-2.debian.tar.gz
 4e9681fee4943d4e5bd6bfbb160a3ec31d0a4b475f1fb845eb8e6affeabb3f80 394394 
ettercap-common_0.7.5.1-2_amd64.deb
 2b1a654080f65038caa1a3b3c4bdb2b6190aea52f935c1f894b4b06a7d16af4b 185542 
ettercap-text-only_0.7.5.1-2_amd64.deb
 98d90b1d0b0b4f1df4f3544d2cc19b74e4af8cbd76084e48f55468a78fe3ea51 238460 
ettercap-graphical_0.7.5.1-2_amd64.deb
 b39bf3c84981986b8ca196d0e84181a91037e97d7093565a6c4aef1e7422f944 2036884 
ettercap-dbg_0.7.5.1-2_amd64.deb
Files: 
 67b3d4eed1aae6fef3c1a856805589ce 1670 net optional ettercap_0.7.5.1-2.dsc
 6c2ebe48d13383cd93c4bacab2cf57d9 11356 net optional 
ettercap_0.7.5.1-2.debian.tar.gz
 1a4c239fe1991e952bf76367e7a0d7a9 394394 net optional 
ettercap-common_0.7.5.1-2_amd64.deb
 df8ee77abf4bf945ff1f68e645a6a86b 185542 net optional 
ettercap-text-only_0.7.5.1-2_amd64.deb
 ca0befaa85fdddbb878da7d7bef19cbf 238460 net optional 
ettercap-graphical_0.7.5.1-2_amd64.deb
 d978ef8ab535d1c5d1ddc807b2361417 2036884 debug extra 
ettercap-dbg_0.7.5.1-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlDz3pkACgkQLz4Gnv7CP7KYXgCgz9UzTXtfjLLpuCgD2c5MvH0Z
aVgAoJayl0dOzB1RIpk2tLnFLcTW+uYG
=Fu0p
-----END PGP SIGNATURE-----

--- End Message ---