Your message dated Tue, 25 Dec 2007 22:32:04 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#457781: fixed in tcpreen 1.4.3-0.3
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: tcpreen
Severity: grave
Tags: security
Hi,
the following security issue was published for tcpreen[0]:
| TCPreen is prone to a remote buffer-overflow vulnerability because it fails to
| properly bounds-check user-supplied data before copying it to an
insufficiently
| sized memory buffer.
|
| An attacker may exploit this issue to execute arbitrary code in the context of
| the affected application. Successful attacks may compromise affected
computers.
| Failed exploit attempts will result in a denial of service.
|
| Versions of TCPreen prior to 1.4.4 are vulnerable.
For further information:
[0] http://www.securityfocus.com/bid/27018/info
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpOZd8PDp30M.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: tcpreen
Source-Version: 1.4.3-0.3
We believe that the bug you reported is fixed in the latest version of
tcpreen, which is due to be installed in the Debian FTP archive:
tcpreen_1.4.3-0.3.diff.gz
to pool/main/t/tcpreen/tcpreen_1.4.3-0.3.diff.gz
tcpreen_1.4.3-0.3.dsc
to pool/main/t/tcpreen/tcpreen_1.4.3-0.3.dsc
tcpreen_1.4.3-0.3_i386.deb
to pool/main/t/tcpreen/tcpreen_1.4.3-0.3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated tcpreen package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 25 Dec 2007 23:22:57 +0100
Source: tcpreen
Binary: tcpreen
Architecture: source i386
Version: 1.4.3-0.3
Distribution: unstable
Urgency: high
Maintainer: Oliver Kurth <[EMAIL PROTECTED]>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description:
tcpreen - Simple TCP re-engineering tool
Closes: 457781
Changes:
tcpreen (1.4.3-0.3) unstable; urgency=high
.
* Non-maintainer upload by security team.
* Add missing part of the previous security fix in
sockprot.cpp (Closes: #457781).
Files:
9b46014fa6c8fc01c7af563ef1ceb1a4 569 net optional tcpreen_1.4.3-0.3.dsc
103450732048d9457e61500ff6867194 26629 net optional tcpreen_1.4.3-0.3.diff.gz
77b6d13c77372b4d11cbb15dc1b42a59 40250 net optional tcpreen_1.4.3-0.3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHcYNbHYflSXNkfP8RAhuUAKCiMwu9xXFYNa9LIttvI1Np2U4gPQCfU2ON
fWRdud9TT+Gpy7nt0XLI9vs=
=cxyc
-----END PGP SIGNATURE-----
--- End Message ---
