Your message dated Fri, 11 Nov 2005 11:17:22 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#294099: fixed in lesstif1-1 1:0.93.94-12
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 7 Feb 2005 20:47:02 +0000
>From [EMAIL PROTECTED] Mon Feb 07 12:47:02 2005
Return-path: <[EMAIL PROTECTED]>
Received: from kitenet.net [64.62.161.42] (postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CyFmf-00062H-00; Mon, 07 Feb 2005 12:47:01 -0800
Received: from dragon.kitenet.net (unknown [66.168.94.144])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
by kitenet.net (Postfix) with ESMTP id 1BA0517F1B
for <[EMAIL PROTECTED]>; Mon, 7 Feb 2005 20:45:40 +0000 (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
id 16F1B6E20E; Mon, 7 Feb 2005 15:48:02 -0500 (EST)
Date: Mon, 7 Feb 2005 15:48:01 -0500
From: Joey Hess <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: multiple security holes in XPM code (CAN-2004-0914)
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
X-Reportbug-Version: 3.7.1
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: lesstif1-1
Severity: grave
Tags: security
CAN-2004-0914 describes multiple security holes in libxpm:
Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFre=
e86
and other packages, include (1) multiple integer overflows, (2) out-of-bo=
unds
memory accesses, (3) directory traversal, (4) shell metacharacter, (5) en=
dless
loops, and (6) memory leaks, which could allow remote attackers to obtain
sensitive information, cause a denial of service (application crash), or
execute arbitary code via a certain XPM image file. NOTE: it is highly li=
kely
that this candidate will be SPLIT into other candidates in the future, per
CVE's content decisions.
lesstif includes code derived from this library that is apparently also
vulnerable. A new upstream release, 0.94.0, fixes these problems:
http://www.lesstif.org/ReleaseNotes.html
--=20
see shy jo
---------------------------------------
Received: (at 294099-close) by bugs.debian.org; 11 Nov 2005 19:26:06 +0000
>From [EMAIL PROTECTED] Fri Nov 11 11:26:06 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1EaeOo-0000vh-B3; Fri, 11 Nov 2005 11:17:22 -0800
From: Sam Hocevar (Debian packages) <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#294099: fixed in lesstif1-1 1:0.93.94-12
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Fri, 11 Nov 2005 11:17:22 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 5
Source: lesstif1-1
Source-Version: 1:0.93.94-12
We believe that the bug you reported is fixed in the latest version of
lesstif1-1, which is due to be installed in the Debian FTP archive:
lesstif-dev_0.93.94-12_i386.deb
to pool/main/l/lesstif1-1/lesstif-dev_0.93.94-12_i386.deb
lesstif1-1_0.93.94-12.diff.gz
to pool/main/l/lesstif1-1/lesstif1-1_0.93.94-12.diff.gz
lesstif1-1_0.93.94-12.dsc
to pool/main/l/lesstif1-1/lesstif1-1_0.93.94-12.dsc
lesstif1_0.93.94-12_i386.deb
to pool/main/l/lesstif1-1/lesstif1_0.93.94-12_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sam Hocevar (Debian packages) <[EMAIL PROTECTED]> (supplier of updated
lesstif1-1 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 11 Nov 2005 16:07:34 +0100
Source: lesstif1-1
Binary: lesstif-dev lesstif1
Architecture: source i386
Version: 1:0.93.94-12
Distribution: unstable
Urgency: low
Maintainer: Sam Hocevar (Debian packages) <[EMAIL PROTECTED]>
Changed-By: Sam Hocevar (Debian packages) <[EMAIL PROTECTED]>
Description:
lesstif-dev - development library and header files for LessTif 1.2
lesstif1 - OSF/Motif 1.2 implementation released under LGPL
Closes: 279402 287187 294099 298183 299236 335132
Changes:
lesstif1-1 (1:0.93.94-12) unstable; urgency=low
.
* Acknowledge previous NMUs. Thanks a million to Joey Hess and Matej Vela
for their work (Closes: #294099, #298183, #299236, #279402, #287187).
* Upstream dropped support for lesstif1. This package will generate lesstif1
binaries only. When all Debian packages have been migrated to lesstif2 it
will be discontinued.
* debian/control:
+ Set policy to 3.6.2.1.
+ Build-depend on debhelper >= 4.0.
+ No longer build-depend on autoconf, automake and libtool
(Closes: #335132).
* Rebootstrapped "." and "test".
Files:
948f4b89b5889b4a3f6c6eb0a39b847d 760 libs optional lesstif1-1_0.93.94-12.dsc
f3d89e0f89995ccbc64bf51ea8a827d4 361215 libs optional
lesstif1-1_0.93.94-12.diff.gz
f4e01a69dd32775258ff71d8b362183c 603924 libs optional
lesstif1_0.93.94-12_i386.deb
8ed2ce8f8352e0a8850cf5f55da4308c 812750 libdevel optional
lesstif-dev_0.93.94-12_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDdNsEfPP1rylJn2ERAjqgAJ9DKhih+eE764cXKcH6EdUZ1pz0ugCfRq3D
KWciC3nZj8HLUCq0JEcyLIk=
=7Czj
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
