Bug#305574: marked as done (heimdal: Telnet vulnerabilities (CAN-2005-0469))

Debian Bug Tracking System Sun, 24 Apr 2005 22:53:29 -0700

Your message dated Mon, 25 Apr 2005 01:32:09 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#305574: fixed in heimdal 0.6.3-10
has caused the attached Bug report to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 20 Apr 2005 21:21:31 +0000
>From [EMAIL PROTECTED] Wed Apr 20 14:21:31 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inutil.org (vserver151.vserver151.serverflex.de) 
[193.22.164.111] 
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1DOMdX-0001WS-00; Wed, 20 Apr 2005 14:21:31 -0700
Received: from p548972e8.dip.t-dialin.net ([84.137.114.232] 
helo=localhost.localdomain)
        by vserver151.vserver151.serverflex.de with esmtpsa 
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
        (Exim 4.50)
        id 1DOMdV-0000jw-5u
        for [EMAIL PROTECTED]; Wed, 20 Apr 2005 23:21:29 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.50)
        id 1DOMdQ-0001xE-DB; Wed, 20 Apr 2005 23:21:24 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: heimdal: Telnet vulnerabilities (CAN-2005-0469)
X-Mailer: reportbug 3.9
Date: Wed, 20 Apr 2005 23:21:23 +0200
X-Debbugs-Cc: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 84.137.114.232
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond 
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
        X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: heimdal
Severity: grave
Tags: security
Justification: user security hole

Heimdal is vulnerable to CAN-2005-0469, the slc_add_reply buffer overflow
reported for multiple telnet clients.

Heimdal 0.6.4 fixes this issue.

Cheers,
        Moritz

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)

---------------------------------------
Received: (at 305574-close) by bugs.debian.org; 25 Apr 2005 05:41:21 +0000
>From [EMAIL PROTECTED] Sun Apr 24 22:41:21 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1DPwLR-0004WH-00; Sun, 24 Apr 2005 22:41:21 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
        id 1DPwCX-0005Ak-00; Mon, 25 Apr 2005 01:32:09 -0400
From: Brian May <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#305574: fixed in heimdal 0.6.3-10
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Mon, 25 Apr 2005 01:32:09 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Source: heimdal
Source-Version: 0.6.3-10

We believe that the bug you reported is fixed in the latest version of
heimdal, which is due to be installed in the Debian FTP archive:

heimdal-clients-x_0.6.3-10_i386.deb
  to pool/main/h/heimdal/heimdal-clients-x_0.6.3-10_i386.deb
heimdal-clients_0.6.3-10_i386.deb
  to pool/main/h/heimdal/heimdal-clients_0.6.3-10_i386.deb
heimdal-dev_0.6.3-10_i386.deb
  to pool/main/h/heimdal/heimdal-dev_0.6.3-10_i386.deb
heimdal-docs_0.6.3-10_all.deb
  to pool/main/h/heimdal/heimdal-docs_0.6.3-10_all.deb
heimdal-kdc_0.6.3-10_i386.deb
  to pool/main/h/heimdal/heimdal-kdc_0.6.3-10_i386.deb
heimdal-servers-x_0.6.3-10_i386.deb
  to pool/main/h/heimdal/heimdal-servers-x_0.6.3-10_i386.deb
heimdal-servers_0.6.3-10_i386.deb
  to pool/main/h/heimdal/heimdal-servers_0.6.3-10_i386.deb
heimdal_0.6.3-10.diff.gz
  to pool/main/h/heimdal/heimdal_0.6.3-10.diff.gz
heimdal_0.6.3-10.dsc
  to pool/main/h/heimdal/heimdal_0.6.3-10.dsc
libasn1-6-heimdal_0.6.3-10_i386.deb
  to pool/main/h/heimdal/libasn1-6-heimdal_0.6.3-10_i386.deb
libgssapi1-heimdal_0.6.3-10_i386.deb
  to pool/main/h/heimdal/libgssapi1-heimdal_0.6.3-10_i386.deb
libhdb7-heimdal_0.6.3-10_i386.deb
  to pool/main/h/heimdal/libhdb7-heimdal_0.6.3-10_i386.deb
libkadm5clnt4-heimdal_0.6.3-10_i386.deb
  to pool/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10_i386.deb
libkadm5srv7-heimdal_0.6.3-10_i386.deb
  to pool/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10_i386.deb
libkafs0-heimdal_0.6.3-10_i386.deb
  to pool/main/h/heimdal/libkafs0-heimdal_0.6.3-10_i386.deb
libkrb5-17-heimdal_0.6.3-10_i386.deb
  to pool/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Brian May <[EMAIL PROTECTED]> (supplier of updated heimdal package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 25 Apr 2005 14:48:03 +1000
Source: heimdal
Binary: heimdal-servers-x heimdal-clients libkafs0-heimdal libkadm5srv7-heimdal 
heimdal-kdc heimdal-servers libasn1-6-heimdal libkrb5-17-heimdal heimdal-dev 
libkadm5clnt4-heimdal heimdal-docs heimdal-clients-x libgssapi1-heimdal 
libhdb7-heimdal
Architecture: source i386 all
Version: 0.6.3-10
Distribution: unstable
Urgency: low
Maintainer: Brian May <[EMAIL PROTECTED]>
Changed-By: Brian May <[EMAIL PROTECTED]>
Description: 
 heimdal-clients - Clients for Heimdal Kerberos
 heimdal-clients-x - X11 files for Heimdal Kerberos
 heimdal-dev - Development files for Heimdal Kerberos
 heimdal-docs - Documentation for Heimdal Kerberos
 heimdal-kdc - KDC for Heimdal Kerberos
 heimdal-servers - Servers for Heimdal Kerberos
 heimdal-servers-x - X11 files for Heimdal Kerberos
 libasn1-6-heimdal - Libraries for Heimdal Kerberos
 libgssapi1-heimdal - Libraries for Heimdal Kerberos
 libhdb7-heimdal - Libraries for Heimdal Kerberos
 libkadm5clnt4-heimdal - Libraries for Heimdal Kerberos
 libkadm5srv7-heimdal - Libraries for Heimdal Kerberos
 libkafs0-heimdal - Libraries for Heimdal Kerberos
 libkrb5-17-heimdal - Libraries for Heimdal Kerberos
Closes: 95246 305574
Changes: 
 heimdal (0.6.3-10) unstable; urgency=low
 .
   * LDAP support (closes: #95246).
   * Fix buffer overflow security bug in telnet client, CAN-2005-0469,
     closes: #305574.
Files: 
 697981d710dfb229a2f28b6dfdc2208e 1010 net optional heimdal_0.6.3-10.dsc
 bff951cac5747de94f0e9c0b3c47b14e 3217979 net optional heimdal_0.6.3-10.diff.gz
 d076894a215a0821a61296b9bb72efc9 1166748 net extra 
heimdal-docs_0.6.3-10_all.deb
 a55f6a22ebbc1766e486ca2a6ebfb290 126794 net extra heimdal-kdc_0.6.3-10_i386.deb
 41a7ab45fa0de672023090c457ee2d06 420324 devel extra 
heimdal-dev_0.6.3-10_i386.deb
 710eefc8a48a11a30f2819a3f74d0ef1 62036 net extra 
heimdal-clients-x_0.6.3-10_i386.deb
 ed9c7d230971a203f980e571ba3e1725 252866 net extra 
heimdal-clients_0.6.3-10_i386.deb
 d9e41b14ed4c526c201e44291b76e4ed 41232 net extra 
heimdal-servers-x_0.6.3-10_i386.deb
 837596ec258f193c92cafa062f20f576 162248 net extra 
heimdal-servers_0.6.3-10_i386.deb
 8ca1a3f92ffd6541a879a52a573919a8 75590 libs optional 
libasn1-6-heimdal_0.6.3-10_i386.deb
 850b74f59c77802fb33f4b07a82fdf19 132658 libs optional 
libkrb5-17-heimdal_0.6.3-10_i386.deb
 6f70e7ef0d2e86e472bbb9178a420e2e 51054 libs optional 
libhdb7-heimdal_0.6.3-10_i386.deb
 c6550218270ef2efda021b8f7eecfd96 46382 libs optional 
libkadm5srv7-heimdal_0.6.3-10_i386.deb
 5d387954595cc49cf806fa74fd703315 36982 libs optional 
libkadm5clnt4-heimdal_0.6.3-10_i386.deb
 169dc8ac7b7092d9b72b030945a49917 51810 libs optional 
libgssapi1-heimdal_0.6.3-10_i386.deb
 c47a2451f200f36b5c61a692c2ec6631 35910 libs extra 
libkafs0-heimdal_0.6.3-10_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCbHutuCinHABTDCQRAqS7AKCCWLhxvRXxPUQtngLSjdLDRSk5PgCdEYee
yVrSh5rVWwBw+zFSpo2Cpeo=
=P0p/
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#305574: marked as done (heimdal: Telnet vulnerabilities (CAN-2005-0469))

Reply via email to