Your message dated Wed, 02 Apr 2008 06:02:30 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#454139: fixed in pwlib-titan 1.11.2-2
has caused the Debian Bug report #454139,
regarding pwlib-titan: CVE-2007-4897 remote denial of service
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
454139: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454139
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: pwlib
Version: 1.10.2-1
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for pwlib.
CVE-2007-4897[0]:
| pwlib, as used by Ekiga 2.0.5 and possibly other products, allows
| remote attackers to cause a denial of service (application crash) via
| a long argument to the PString::vsprintf function, related to a
| "memory management flaw". NOTE: this issue was originally reported as
| being in the SIPURL::GetHostAddress function in Ekiga (formerly
| GnomeMeeting).
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4897
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpaZCFsUl8Qf.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: pwlib-titan
Source-Version: 1.11.2-2
We believe that the bug you reported is fixed in the latest version of
pwlib-titan, which is due to be installed in the Debian FTP archive:
libpt-1.11.2-dbg_1.11.2-2_i386.deb
to pool/main/p/pwlib-titan/libpt-1.11.2-dbg_1.11.2-2_i386.deb
libpt-1.11.2-dev_1.11.2-2_i386.deb
to pool/main/p/pwlib-titan/libpt-1.11.2-dev_1.11.2-2_i386.deb
libpt-1.11.2-doc_1.11.2-2_all.deb
to pool/main/p/pwlib-titan/libpt-1.11.2-doc_1.11.2-2_all.deb
libpt-1.11.2-plugins-alsa_1.11.2-2_i386.deb
to pool/main/p/pwlib-titan/libpt-1.11.2-plugins-alsa_1.11.2-2_i386.deb
libpt-1.11.2-plugins-avc_1.11.2-2_i386.deb
to pool/main/p/pwlib-titan/libpt-1.11.2-plugins-avc_1.11.2-2_i386.deb
libpt-1.11.2-plugins-dc_1.11.2-2_i386.deb
to pool/main/p/pwlib-titan/libpt-1.11.2-plugins-dc_1.11.2-2_i386.deb
libpt-1.11.2-plugins-oss_1.11.2-2_i386.deb
to pool/main/p/pwlib-titan/libpt-1.11.2-plugins-oss_1.11.2-2_i386.deb
libpt-1.11.2-plugins-v4l2_1.11.2-2_i386.deb
to pool/main/p/pwlib-titan/libpt-1.11.2-plugins-v4l2_1.11.2-2_i386.deb
libpt-1.11.2-plugins-v4l_1.11.2-2_i386.deb
to pool/main/p/pwlib-titan/libpt-1.11.2-plugins-v4l_1.11.2-2_i386.deb
libpt-1.11.2_1.11.2-2_i386.deb
to pool/main/p/pwlib-titan/libpt-1.11.2_1.11.2-2_i386.deb
pwlib-titan_1.11.2-2.diff.gz
to pool/main/p/pwlib-titan/pwlib-titan_1.11.2-2.diff.gz
pwlib-titan_1.11.2-2.dsc
to pool/main/p/pwlib-titan/pwlib-titan_1.11.2-2.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Faidon Liambotis <[EMAIL PROTECTED]> (supplier of updated pwlib-titan package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 02 Apr 2008 07:14:27 +0300
Source: pwlib-titan
Binary: libpt-1.11.2 libpt-1.11.2-dev libpt-1.11.2-dbg libpt-1.11.2-doc
libpt-1.11.2-plugins-v4l libpt-1.11.2-plugins-v4l2 libpt-1.11.2-plugins-avc
libpt-1.11.2-plugins-dc libpt-1.11.2-plugins-oss libpt-1.11.2-plugins-alsa
Architecture: source i386 all
Version: 1.11.2-2
Distribution: unstable
Urgency: low
Maintainer: Debian VoIP Team <[EMAIL PROTECTED]>
Changed-By: Faidon Liambotis <[EMAIL PROTECTED]>
Description:
libpt-1.11.2 - Portable Windows Library
libpt-1.11.2-dbg - Portable Windows Library development debug files
libpt-1.11.2-dev - Portable Windows Library development files
libpt-1.11.2-doc - Portable Windows Library documentation & sample files
libpt-1.11.2-plugins-alsa - Portable Windows Library Audio Plugin for the ALSA
Interface
libpt-1.11.2-plugins-avc - PWLib Video Plugin for IEEE1394 (FireWire) AVC
devices
libpt-1.11.2-plugins-dc - PWLib Video Plugin for IEEE1394 (Firewire) DC Devices
libpt-1.11.2-plugins-oss - Portable Windows Library Audio Plugins for the OSS
Interface
libpt-1.11.2-plugins-v4l - Portable Windows Library Video Plugin for
Video4Linux
libpt-1.11.2-plugins-v4l2 - Portable Windows Library Video Plugin for
Video4Linux v2
Closes: 453595 454139
Changes:
pwlib-titan (1.11.2-2) unstable; urgency=low
.
[ Kilian Krause ]
* Fix debian/watch to use sf.net instead of voxgratia.org (Closes: #453595)
* Remove symlinks of unused compatibility versions.
* Remove entire -ptrace and -debug build and leave only opt build with
PTRACE code as new binary library. Discussion with Robert Jongbloed
proved that there's no point shipping any other configuration.
* Revert part of 04_names patch to not include OBJDIR_SUFFIX to
plugins dir anymore.
.
[ Faidon Liambotis ]
* Incorporate NMU by Nico Golde, thanks! (Closes: #454139)
* Fix bug where shlibs were very strict on binNMUed versions.
* Bump Standards-Version to 3.7.3, no changes needed.
* Remove doxygen from Build-Depends-Indep since it's present in
Build-Depends.
* Remove debian/backports/{sarge,dapper} since they are obsolete
distributions.
* Remove Jose Carlos Garcia Sogo and Santiago Garcia Mantinan from
Uploaders and add myself.
* Add all copyright holders to debian/copyright.
* Fix syntax error in the ptlib-config.1 manpage.
Files:
3e432bf6d642a0206d1b66636a44fb11 1665 libs optional pwlib-titan_1.11.2-2.dsc
95519bc6858a494ad2d492b81a605aba 26869 libs optional
pwlib-titan_1.11.2-2.diff.gz
f06058c5a39773de07a8aae7609eeb61 1503694 libs optional
libpt-1.11.2_1.11.2-2_i386.deb
31b0142041b435695360629e09082a9a 3496520 libdevel optional
libpt-1.11.2-dev_1.11.2-2_i386.deb
f4d09b641a4fb92daeecd60a93b97b51 4134392 libdevel extra
libpt-1.11.2-dbg_1.11.2-2_i386.deb
8d0c8f777034d36e22babb8e6cace9af 277224 libs optional
libpt-1.11.2-plugins-v4l_1.11.2-2_i386.deb
b7656edee2bcccf621bbad13566796e7 279820 libs optional
libpt-1.11.2-plugins-v4l2_1.11.2-2_i386.deb
4a9249bd889ae5a66d20e321385293a9 278694 libs optional
libpt-1.11.2-plugins-avc_1.11.2-2_i386.deb
c3020f93e9151f6b47251c6ce10f06a6 266648 libs optional
libpt-1.11.2-plugins-dc_1.11.2-2_i386.deb
9b4a91b0f4583458d177583a87532aa2 280252 libs optional
libpt-1.11.2-plugins-oss_1.11.2-2_i386.deb
64823e28e4c136e767749441a751be7b 274180 libs optional
libpt-1.11.2-plugins-alsa_1.11.2-2_i386.deb
69805fc5d7ac958e0eba5c58ffd983ca 3552342 doc extra
libpt-1.11.2-doc_1.11.2-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFH8xwfVty5d8XpUzMRAlYOAJ95JYk43lA4VXp+YXO0D1wTGO6EgwCeIZjK
yzaRca6EqKp3w+MJu2k+fq4=
=ffgz
-----END PGP SIGNATURE-----
--- End Message ---
