Your message dated Mon, 26 Mar 2007 00:32:02 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#416038: fixed in nas 1.8-4
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: nas
Tags: security
Severity: grave
Several bugs in the Network Audio System have been disclosed:
<http://aluigi.altervista.org/adv/nasbugs-adv.txt>
The CVE project has assigned the names CVE-2007-1543, CVE-2007-1544,
CVE-2007-1545, CVE-2007-1546 and CVE-2007-1547 to these
vulnerabilities. Please mention them in the changelog when fixing the
bugs.
--- End Message ---
--- Begin Message ---
Source: nas
Source-Version: 1.8-4
We believe that the bug you reported is fixed in the latest version of
nas, which is due to be installed in the Debian FTP archive:
libaudio-dev_1.8-4_i386.deb
to pool/main/n/nas/libaudio-dev_1.8-4_i386.deb
libaudio2_1.8-4_i386.deb
to pool/main/n/nas/libaudio2_1.8-4_i386.deb
nas-bin_1.8-4_i386.deb
to pool/main/n/nas/nas-bin_1.8-4_i386.deb
nas-doc_1.8-4_all.deb
to pool/main/n/nas/nas-doc_1.8-4_all.deb
nas_1.8-4.diff.gz
to pool/main/n/nas/nas_1.8-4.diff.gz
nas_1.8-4.dsc
to pool/main/n/nas/nas_1.8-4.dsc
nas_1.8-4_i386.deb
to pool/main/n/nas/nas_1.8-4_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steve McIntyre <[EMAIL PROTECTED]> (supplier of updated nas package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 26 Mar 2007 00:29:10 +0100
Source: nas
Binary: nas-doc libaudio-dev nas libaudio2 nas-bin
Architecture: source i386 all
Version: 1.8-4
Distribution: unstable
Urgency: high
Maintainer: Steve McIntyre <[EMAIL PROTECTED]>
Changed-By: Steve McIntyre <[EMAIL PROTECTED]>
Description:
libaudio-dev - The Network Audio System (NAS). (development files)
libaudio2 - The Network Audio System (NAS). (shared libraries)
nas - The Network Audio System (NAS). (local server)
nas-bin - The Network Audio System (NAS). (client binaries)
nas-doc - The Network Audio System (NAS). (extra documentation)
Closes: 416038
Changes:
nas (1.8-4) unstable; urgency=high
.
* High-urgency upload to fix multiple security holes (CVE-2007-1543,
CVE-2007-1544, CVE-2007-1545, CVE-2007-1546 and CVE-2007-1547):
+ accept_att_local buffer overflow through USL connection
+ server termination through unexistent ID in AddResource
+ bcopy crash caused by integer overflow in ProcAuWriteElement
+ invalid memory pointer caused by big num_actions in
ProcAuSetElements
+ another invalid memory pointer caused by big num_actions in
ProcAuSetElements
+ invalid memory pointer in compileInputs
+ exploits bug 3 in read mode (requires something playing on
the server)
+ NULL pointer caused by too much connections
+ Closes: #416038
Files:
9aa8fa5e47bd1b7281ffd77f30c0a7f2 715 sound optional nas_1.8-4.dsc
7f9a5cdfeb39b3ec36f2314ecea87214 488564 sound optional nas_1.8-4.diff.gz
5fb310aeef5d5c0ad65aa0887f6e9bb7 151780 doc extra nas-doc_1.8-4_all.deb
fe56bf4843b5396ab9044799d2ffa6e5 101526 sound optional nas_1.8-4_i386.deb
e1035ce0a66ed2022f169e8cbfb6057e 496384 sound extra nas-bin_1.8-4_i386.deb
43d0541380860eb26ad07bcd212680e5 73426 libs optional libaudio2_1.8-4_i386.deb
7776942340fedf8506f54e7b0d519e5b 1102850 libdevel optional
libaudio-dev_1.8-4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGBw4lfDt5cIjHwfcRAuAwAJ42f/Xy6bwZS8kuEQtCIBlKrR0m1gCfTxAY
DVm88GcYyYweSjlbNUDu8YQ=
=nmeb
-----END PGP SIGNATURE-----
--- End Message ---
