Your message dated Sat, 10 Dec 2005 23:26:21 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Bug#334880: still open?
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 20 Oct 2005 13:35:16 +0000
>From [EMAIL PROTECTED] Thu Oct 20 06:35:16 2005
Return-path: <[EMAIL PROTECTED]>
Received: from m1.informatik.uni-bremen.de (informatik.uni-bremen.de)
[134.102.201.18] (root)
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1ESaZg-0004wp-00; Thu, 20 Oct 2005 06:35:16 -0700
Received: from x07.informatik.uni-bremen.de (x07.informatik.uni-bremen.de
[IPv6:2001:638:708:30c9:20e:a6ff:fe79:f8d])
by informatik.uni-bremen.de (8.13.4/8.13.2) with ESMTP id j9KDZDgb028988
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
for <[EMAIL PROTECTED]>; Thu, 20 Oct 2005 15:35:13 +0200 (CEST)
Received: (from [EMAIL PROTECTED])
by x07.informatik.uni-bremen.de (8.13.1/8.12.8/Submit) id j9KDZDZr005406
for [EMAIL PROTECTED]; Thu, 20 Oct 2005 15:35:13 +0200
Date: Thu, 20 Oct 2005 15:35:13 +0200
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: ethereal 0.10.13 fixes lots of vulnerabilities
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.1i
X-Virus-Scanned: by amavisd-new
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: ethereal
Version: 0.10.12-6
Severity: grave
Tags: security
Justification: user security hole
As usual ethereal 0.10.13 fixes lots of vulnerabilities, most of them are only
denial-of-
service, but some can lead to execution of arbitrary code.
Affecting only sid:
o The ISAKMP dissector could exhaust system memory. Versions affected:
0.10.11 to 0.10.12.
o The SigComp UDVM could go into an infinite loop or crash. Versions
affected: 0.10.12.
o The ACSE dissector was susceptible to infinite recursion. Versions
affected: 0.10.12.
Affecting Sarge and sid:
o The IrDA dissector could crash. Versions affected: 0.10.0 to 0.10.12.
o The BER dissector was susceptible to an infinite loop. Versions
affected: 0.10.3 to 0.10.12.
o The SCSI dissector could dereference a null pointer and crash. Versions
affected: 0.10.3 to 0.10.12.
o The sFlow dissector could dereference a null pointer and crash. Versions
affected: 0.9.14 to 0.10.12.
o The RTnet dissector could dereference a null pointer and crash. Versions
affected: 0.10.8 to 0.10.12.
o If SMB transaction payload reassembly is enabled the SMB dissector could
crash. This preference is disabled by
default. Versions affected: 0.9.7 to 0.10.12.
o The X11 dissector could attempt to divide by zero. Versions affected:
0.10.1 to 0.10.12.
o The AgentX dissector could overflow a buffer. Versions affected: 0.10.10
to 0.10.12.
o The WSP dissector could free an invalid pointer. Versions affected:
0.10.1 to 0.10.12.
o The NCP dissector was susceptible to an infinite loop. Versions
affected: 0.9.7 to 0.10.12.
o iDEFENSE found a buffer overflow in the SRVLOC dissector. Versions
affected: 0.10.0 to 0.10.12.
Affecting Woody, Sarge and sid:
o The FC-FCS dissector could exhaust system memory. Versions affected:
0.9.0 to 0.10.12.
o The RSVP dissector could exhaust system memory. Versions affected: 0.9.4
to 0.10.12.
o The ISIS LSP dissector could exhaust system memory. Versions affected:
0.8.18 to 0.10.12.
o The SLIMP3 dissector could overflow a buffer. Versions affected: 0.9.1
to 0.10.12.
o If the "Dissect unknown RPC program numbers" option was enabled, the ONC
RPC dissector might be able to exhaust system
memory. This option is disabled by default. Versions affected: 0.7.7 to
0.10.12.
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-rc1
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
---------------------------------------
Received: (at 334880-done) by bugs.debian.org; 10 Dec 2005 22:26:23 +0000
>From [EMAIL PROTECTED] Sat Dec 10 14:26:23 2005
Return-path: <[EMAIL PROTECTED]>
Received: from cytise.entrouvert.com ([84.207.4.3] helo=mail.entrouvert.be)
by spohr.debian.org with esmtp (Exim 4.50)
id 1ElDAd-0003fU-Oe
for [EMAIL PROTECTED]; Sat, 10 Dec 2005 14:26:23 -0800
Received: from 217-117-57-59.teledisnet.be ([217.117.57.59] helo=trap)
by mail.entrouvert.be with asmtp (Exim)
(TLSv1:DES-CBC3-SHA:168)
id 1ElDAX-0007Yj-00; Sat, 10 Dec 2005 23:26:17 +0100
Received: from fred by trap with local (Exim 4.60)
(envelope-from <[EMAIL PROTECTED]>)
id 1ElDAb-0005Tl-Ud; Sat, 10 Dec 2005 23:26:21 +0100
Date: Sat, 10 Dec 2005 23:26:21 +0100
From: Frederic Peters <[EMAIL PROTECTED]>
To: Joey Hess <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Cc: Moritz Muehlenhoff <[EMAIL PROTECTED]>
Subject: Re: Bug#334880: still open?
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[EMAIL PROTECTED]>
X-Operating-System: Debian GNU/Linux (testing/unstable with kernel Linux 2.6.14)
X-Uptime: 23:20:04 up 6:13, 9 users, load average: 0.20, 0.45, 0.47
User-Agent: mutt-ng/devel-r622 (Debian)
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-10.5 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER,
HAS_PACKAGE,RCVD_IN_SORBS autolearn=ham
version=2.60-bugs.debian.org_2005_01_02
Package: ethereal
Version: 0.10.13-1
> What's the status of this set of holes now that 0.10.13-1 is uploaded?
Oops, thanks for the reminder, and sorry since I forgot to notify the
security team about this. Holes are fixed in 0.10.13-1; fixes should
be backported to sarge (and woody).
Unfortunately tomorrow I'm going back to the country where I don't
have enough internet connectivity to do serious work for Debian;
zero-day NMU are still welcomed for all of my packages.
Regards,
Frederic
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
