Your message dated Sun, 10 Oct 2010 19:09:26 +0200
with message-id <[email protected]>
and subject line Re: Bug#599708: CVE-2010-2812 and CVE-2010-2934
has caused the Debian Bug report #599708,
regarding CVE-2010-2812 and CVE-2010-2934
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
599708: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599708
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: znc
Severity: grave
Tags: security
CVE-2010-2812 and CVE-2010-2934 are currently only
fixed in experimental, but not sid and Squeeze. The
Red Hat bug contains references to the patches:
https://bugzilla.redhat.com/show_bug.cgi?id=622600
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages znc depends on:
ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib
ii libgcc1 1:4.4.4-9 GCC support library
ii libperl5.10 5.10.1-14 shared Perl library
ii libssl0.9.8 0.9.8o-1 SSL shared libraries
ii libstdc++6 4.4.4-9 The GNU Standard C++ Library v3
znc recommends no packages.
znc suggests no packages.
--- End Message ---
--- Begin Message ---
Version: 0.092-2
On Sun, Oct 10, 2010 at 01:47:21PM +0200, Uli Schlachter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Am 10.10.2010 13:19, Moritz Muehlenhoff wrote:
> > Package: znc
> > Severity: grave
> > Tags: security
> >
> > CVE-2010-2812 and CVE-2010-2934 are currently only
> > fixed in experimental, but not sid and Squeeze. The
> > Red Hat bug contains references to the patches:
> > https://bugzilla.redhat.com/show_bug.cgi?id=622600
> >
> > Cheers,
> > Moritz
>
> - From a quick look at the source package, the included patch
> "01-out-of-range-error.diff" seems to fix exactly this.[1]
> According to the patch description this would be a dupe of bug #592064.
Ok, marking as fixed in the Security Tracker.
Cheers,
Moritz
--- End Message ---