Bug#340959: marked as done (centericq: Buffer overflow in embedded ktools library)

Wed, 30 Nov 2005 01:18:32 -0800 

Your message dated Wed, 30 Nov 2005 01:02:11 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#340959: fixed in centericq 4.21.0-6
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 27 Nov 2005 12:08:51 +0000
>From [EMAIL PROTECTED] Sun Nov 27 04:08:51 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inutil.org ([193.22.164.111] 
helo=vserver151.vserver151.serverflex.de)
        by spohr.debian.org with esmtp (Exim 4.50)
        id 1EgLKt-00005d-3f
        for [EMAIL PROTECTED]; Sun, 27 Nov 2005 04:08:51 -0800
Received: from dslc-082-082-075-028.pools.arcor-ip.net ([82.82.75.28] 
helo=localhost.localdomain)
        by vserver151.vserver151.serverflex.de with esmtpsa 
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
        (Exim 4.50)
        id 1EgLKs-0002OF-71
        for [EMAIL PROTECTED]; Sun, 27 Nov 2005 13:08:50 +0100
Received: from jmm by localhost.localdomain with local (Exim 4.54)
        id 1EgLKj-0001av-Gc; Sun, 27 Nov 2005 13:08:41 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: centericq: Buffer overflow in embedded ktools library
X-Mailer: reportbug 3.17
Date: Sun, 27 Nov 2005 13:08:41 +0100
X-Debbugs-Cc: Debian Security Team <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 82.82.75.28
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond 
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-10.5 required=4.0 tests=BAYES_00,HAS_PACKAGE,
        RCVD_IN_SORBS,X_DEBBUGS_CC autolearn=ham 
        version=2.60-bugs.debian.org_2005_01_02

Package: centericq
Severity: grave
Tags: security

A buffer overflow has been found in the VGETSTRING function of
the ktools library included in centericq, which judging from the
description, sounds remotely exploitable. Please see
http://www.zone-h.org/en/advisories/read/id=8480/ for details.

As the mentioned library is used in two other Debian source packages
(motor and orpheus) as well, you should check whether it's feasible
to package it as a separate package and link dynamically.

Cheers,
        Moritz

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-686
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)

---------------------------------------
Received: (at 340959-close) by bugs.debian.org; 30 Nov 2005 09:11:21 +0000
>From [EMAIL PROTECTED] Wed Nov 30 01:11:21 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
        id 1EhNqt-0007N6-9l; Wed, 30 Nov 2005 01:02:11 -0800
From: Julien Lemoine <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.60 $
Subject: Bug#340959: fixed in centericq 4.21.0-6
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Wed, 30 Nov 2005 01:02:11 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02

Source: centericq
Source-Version: 4.21.0-6

We believe that the bug you reported is fixed in the latest version of
centericq, which is due to be installed in the Debian FTP archive:

centericq-common_4.21.0-6_i386.deb
  to pool/main/c/centericq/centericq-common_4.21.0-6_i386.deb
centericq-fribidi_4.21.0-6_i386.deb
  to pool/main/c/centericq/centericq-fribidi_4.21.0-6_i386.deb
centericq-utf8_4.21.0-6_i386.deb
  to pool/main/c/centericq/centericq-utf8_4.21.0-6_i386.deb
centericq_4.21.0-6.diff.gz
  to pool/main/c/centericq/centericq_4.21.0-6.diff.gz
centericq_4.21.0-6.dsc
  to pool/main/c/centericq/centericq_4.21.0-6.dsc
centericq_4.21.0-6_i386.deb
  to pool/main/c/centericq/centericq_4.21.0-6_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julien Lemoine <[EMAIL PROTECTED]> (supplier of updated centericq package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 30 Nov 2005 08:43:49 +0100
Source: centericq
Binary: centericq-common centericq-utf8 centericq-fribidi centericq
Architecture: source i386
Version: 4.21.0-6
Distribution: unstable
Urgency: high
Maintainer: Julien LEMOINE <[EMAIL PROTECTED]>
Changed-By: Julien Lemoine <[EMAIL PROTECTED]>
Description: 
 centericq  - A text-mode multi-protocol instant messenger client
 centericq-common - A text-mode multi-protocol instant messenger client (data 
files)
 centericq-fribidi - A text-mode multi-protocol instant messenger client 
(Hebrew)
 centericq-utf8 - A text-mode multi-protocol instant messenger client
Closes: 340790 340959
Changes: 
 centericq (4.21.0-6) unstable; urgency=high
 .
   * Fixed compilation error (assume that libc is used to avoid static
     redefinition of stpcpy, memcpy, ...)
     (Closes: 340790)
   * SECURITY: Fixed buffer overflow in embedded ktools library by replacing
     vsprintf by vsnprintf (Waiting for a better patch from upstream)
     (Closes: #340959)
Files: 
 3a9b76a137233fb1dcc722942bd9f05e 861 net optional centericq_4.21.0-6.dsc
 2679691d59de9fbfe45140c2572c4406 118220 net optional centericq_4.21.0-6.diff.gz
 127da049aed30193546b3b0b6cb18c7c 345602 net optional 
centericq-common_4.21.0-6_i386.deb
 fbf6186bf52b5c909f8982be9fa1824e 1233390 net optional 
centericq_4.21.0-6_i386.deb
 e9dbd087d42181cf88e16f2d58ba4002 1233452 net optional 
centericq-utf8_4.21.0-6_i386.deb
 2a926652b80b37a9a529a28d791d131d 1233834 net optional 
centericq-fribidi_4.21.0-6_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDjWXNc29c8N2YKnURAvsBAKC7RH6afHtGP02RiINyS4kg41CWGQCgiqhK
gUO1sNlyAYfetECurIwosL4=
=XRoh
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to