Your message dated Tue, 25 Dec 2007 17:47:15 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#457781: fixed in tcpreen 1.4.3-0.2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: tcpreen
Severity: grave
Tags: security
Hi,
the following security issue was published for tcpreen[0]:
| TCPreen is prone to a remote buffer-overflow vulnerability because it fails to
| properly bounds-check user-supplied data before copying it to an
insufficiently
| sized memory buffer.
|
| An attacker may exploit this issue to execute arbitrary code in the context of
| the affected application. Successful attacks may compromise affected
computers.
| Failed exploit attempts will result in a denial of service.
|
| Versions of TCPreen prior to 1.4.4 are vulnerable.
For further information:
[0] http://www.securityfocus.com/bid/27018/info
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpr3Zjx5b1gL.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: tcpreen
Source-Version: 1.4.3-0.2
We believe that the bug you reported is fixed in the latest version of
tcpreen, which is due to be installed in the Debian FTP archive:
tcpreen_1.4.3-0.2.diff.gz
to pool/main/t/tcpreen/tcpreen_1.4.3-0.2.diff.gz
tcpreen_1.4.3-0.2.dsc
to pool/main/t/tcpreen/tcpreen_1.4.3-0.2.dsc
tcpreen_1.4.3-0.2_i386.deb
to pool/main/t/tcpreen/tcpreen_1.4.3-0.2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated tcpreen package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 25 Dec 2007 17:32:38 +0100
Source: tcpreen
Binary: tcpreen
Architecture: source i386
Version: 1.4.3-0.2
Distribution: unstable
Urgency: high
Maintainer: Oliver Kurth <[EMAIL PROTECTED]>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description:
tcpreen - Simple TCP re-engineering tool
Closes: 457781
Changes:
tcpreen (1.4.3-0.2) unstable; urgency=high
.
* Non-maintainer upload by security team.
* This update addresses the following security issue:
- remote buffer-overflow vulnerability in bridge.cpp because
tcpreen fails to check user supplied data passed to
the monitor_bridge function (Closes: #457781).
Files:
f727e336e731e4c90f91b8ef08bfad7b 569 net optional tcpreen_1.4.3-0.2.dsc
aa605f217d6753bc7957ef9383d9c97c 26272 net optional tcpreen_1.4.3-0.2.diff.gz
db1329b8909922f925dffa1a28e70b5e 40202 net optional tcpreen_1.4.3-0.2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHcT+THYflSXNkfP8RAuCwAKCbc+NUJD1cwPPUSIv50z1nwqRAsgCeJ0lL
XVlqkzRmCwfHYfLFjHHukXs=
=qBDa
-----END PGP SIGNATURE-----
--- End Message ---
