Your message dated Thu, 26 Jan 2006 15:06:08 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Fixed in oops 1.5.23.cvs-3
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 2 May 2005 19:51:57 +0000
>From [EMAIL PROTECTED] Mon May 02 12:51:57 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inutil.org (vserver151.vserver151.serverflex.de)
[193.22.164.111]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DSgxQ-0006cd-00; Mon, 02 May 2005 12:51:56 -0700
Received: from p548956fd.dip.t-dialin.net ([84.137.86.253]
helo=localhost.localdomain)
by vserver151.vserver151.serverflex.de with esmtpsa
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1DSgxM-0001mB-GZ
for [EMAIL PROTECTED]; Mon, 02 May 2005 21:51:52 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.50)
id 1DSgxF-00021R-IU; Mon, 02 May 2005 21:51:45 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: oops: Format string vulnerability in database auth handling
(CAN-2005-1121)
X-Mailer: reportbug 3.11
Date: Mon, 02 May 2005 21:51:45 +0200
X-Debbugs-Cc: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 84.137.86.253
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: oops
Severity: grave
Tags: security patch sid woody
Justification: user security hole
[Cc:ing security@, should affect woody as well]
[Severity is under the assumption that code execution is possible]
A format string vulnerability in the auth() function for SQL database
user handling possibly permits execution of arbitrary code. For full
details please see: http://rst.void.ru/papers/advisory24.txt
The advisory contains an obviously correct patch. Package is not
part of Sarge due to long-standing portability problems.
Cheers,
Moritz
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
---------------------------------------
Received: (at 307360-done) by bugs.debian.org; 26 Jan 2006 14:06:10 +0000
>From [EMAIL PROTECTED] Thu Jan 26 06:06:10 2006
Return-path: <[EMAIL PROTECTED]>
Received: from tauware.de
([213.239.237.3] helo=freiburg.chummer.net ident=Debian-exim)
by spohr.debian.org with esmtp (Exim 4.50)
id 1F27lK-000728-9J
for [EMAIL PROTECTED]; Thu, 26 Jan 2006 06:06:10 -0800
Received: from siretart by freiburg.chummer.net with local (Exim 4.50)
id 1F27lI-00083H-Ly
for [EMAIL PROTECTED]; Thu, 26 Jan 2006 15:06:08 +0100
Date: Thu, 26 Jan 2006 15:06:08 +0100
To: [EMAIL PROTECTED]
Subject: Fixed in oops 1.5.23.cvs-3
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.9i
From: Reinhard Tartler <[EMAIL PROTECTED]>
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
I forgot to mention this bug in the changelog.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
