Your message dated Mon, 23 Jan 2012 10:49:26 +0000
with message-id <e1rphso-0002v4...@franck.debian.org>
and subject line Bug#656581: fixed in usbmuxd 1.0.7-2
has caused the Debian Bug report #656581,
regarding usbmuxd: buffer overflow introduced in 1.0.7 (CVE-2012-0065)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
656581: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656581
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: usbmuxd
Version: 1.0.7-1
Severity: grave
Tags: security patch upstream
Justification: user security hole

Hi,

a buffer overflow was introduced in usbmuxd 1.0.7. More information can
be found on various sources:

http://openwall.com/lists/oss-security/2012/01/19/25
https://secunia.com/advisories/47545/
https://bugs.gentoo.org/show_bug.cgi?id=399409

and a patch is available at
http://git.marcansoft.com/?p=usbmuxd.git;a=commit;
h=f794991993af56a74795891b4ff9da506bc893e6

Regards,
-- 
Yves-Alexis                                           

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 
'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.1.0-1-grsec-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages usbmuxd depends on:
ii  adduser       3.113
ii  libc6         2.13-24
ii  libplist1     1.8-1
ii  libusb-1.0-0  2:1.0.9~rc3-3
ii  libusbmuxd1   1.0.7-1

usbmuxd recommends no packages.

usbmuxd suggests no packages.

-- no debconf information



--- End Message ---
--- Begin Message ---
Source: usbmuxd
Source-Version: 1.0.7-2

We believe that the bug you reported is fixed in the latest version of
usbmuxd, which is due to be installed in the Debian FTP archive:

libusbmuxd-dev_1.0.7-2_amd64.deb
  to main/u/usbmuxd/libusbmuxd-dev_1.0.7-2_amd64.deb
libusbmuxd1-dbg_1.0.7-2_amd64.deb
  to main/u/usbmuxd/libusbmuxd1-dbg_1.0.7-2_amd64.deb
libusbmuxd1_1.0.7-2_amd64.deb
  to main/u/usbmuxd/libusbmuxd1_1.0.7-2_amd64.deb
usbmuxd_1.0.7-2.debian.tar.gz
  to main/u/usbmuxd/usbmuxd_1.0.7-2.debian.tar.gz
usbmuxd_1.0.7-2.dsc
  to main/u/usbmuxd/usbmuxd_1.0.7-2.dsc
usbmuxd_1.0.7-2_amd64.deb
  to main/u/usbmuxd/usbmuxd_1.0.7-2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 656...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julien Lavergne <julien.laver...@gmail.com> (supplier of updated usbmuxd 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 20 Jan 2012 22:49:38 +0100
Source: usbmuxd
Binary: usbmuxd libusbmuxd1 libusbmuxd-dev libusbmuxd1-dbg
Architecture: source amd64
Version: 1.0.7-2
Distribution: unstable
Urgency: high
Maintainer: gtkpod Maintainers <pkg-gtkpod-de...@lists.alioth.debian.org>
Changed-By: Julien Lavergne <julien.laver...@gmail.com>
Description: 
 libusbmuxd-dev - USB multiplexor daemon for iPhone and iPod Touch devices - 
devel
 libusbmuxd1 - USB multiplexor daemon for iPhone and iPod Touch devices - librar
 libusbmuxd1-dbg - USB multiplexor daemon for iPhone and iPod Touch devices - 
debug
 usbmuxd    - USB multiplexor daemon for iPhone and iPod Touch devices
Closes: 656581
Changes: 
 usbmuxd (1.0.7-2) unstable; urgency=high
 .
   * debian/control:
    - Update Maintainer field, and add me to Uploaders.
    - Update Vcs-*.
   * debian/patches/90-cve-2012-0065.patch:
    - From upstream, fix possible buffer overflow (CVE-2012-0065).
      Closes: #656581
Checksums-Sha1: 
 886e596de9d4f012313da6d8809e234aeec1683c 2192 usbmuxd_1.0.7-2.dsc
 09f8d4773cb2af9777dd2bc7b9a4fe1d95258771 6241 usbmuxd_1.0.7-2.debian.tar.gz
 4d4e9d5ef6dda4771041e1f30ddc1b659a68f67b 38856 usbmuxd_1.0.7-2_amd64.deb
 6bac1fb5e704904f468b4bd60adb2d00e267a4bb 14240 libusbmuxd1_1.0.7-2_amd64.deb
 e36c43e6a92220c5a11e226f352bb75732cc3456 6028 libusbmuxd-dev_1.0.7-2_amd64.deb
 c8a0af311aa6d614d408f13e1b1b413ca3a8e0fe 10368 
libusbmuxd1-dbg_1.0.7-2_amd64.deb
Checksums-Sha256: 
 bab7e35118c984f60d11952fb1c226e4c7d58dea0fc4f2ae544ff3520874deab 2192 
usbmuxd_1.0.7-2.dsc
 aef9aab647e6e283435807000d5f521b9266ee40685562b9f052f45c72034098 6241 
usbmuxd_1.0.7-2.debian.tar.gz
 034625b023dafbec5b4695b685b10b38bd5724630fbe15b3f4f6721d9144cf3d 38856 
usbmuxd_1.0.7-2_amd64.deb
 e1c3906f9a0667ae382486d5b2fe341c977eeff45f4119c5addff0638f824feb 14240 
libusbmuxd1_1.0.7-2_amd64.deb
 0642c7f0ff16e66b156fbe9c152d827cd41b4981e82a1156b21fce5db5b672f2 6028 
libusbmuxd-dev_1.0.7-2_amd64.deb
 a539a638b1000ffb3e7a3f49ab73c73dd9e930a27ad4e4dccd1e120c38212e9a 10368 
libusbmuxd1-dbg_1.0.7-2_amd64.deb
Files: 
 bea012d09511e07cbf6689d4b5e62d17 2192 utils optional usbmuxd_1.0.7-2.dsc
 8db81c1e56ac8e7798ca1905a698ab59 6241 utils optional 
usbmuxd_1.0.7-2.debian.tar.gz
 0aca46b67eb367e5fd8a65c0e9404bbb 38856 utils optional usbmuxd_1.0.7-2_amd64.deb
 bd60898d9c268ab3b846429fea6c6a42 14240 libs optional 
libusbmuxd1_1.0.7-2_amd64.deb
 6de168f8efc89312a130d872ab85f440 6028 libdevel optional 
libusbmuxd-dev_1.0.7-2_amd64.deb
 1bdfd975b5e81f4a1f9c2141cdd1060a 10368 debug extra 
libusbmuxd1-dbg_1.0.7-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCgAGBQJPHTanAAoJEDBVD3hx7wuo7GgP/2tM9d5VHxZbFJ54j6tMezRp
H9KwpPwfLo0GQ8s6DlPnNU7O5PP0k0HRoys/QoNhmqnLoe3bwbpWh58xz8zcEy2p
t1KFOh7aly6muudep6j/McuAVIMo0oij6jkczhJVV+29BjxHVyR06byjp4tYAXLA
K6TAekA5I3y2TbhZbTzKlchUWhRM8gETN2qbq8WEQMDNkQOkUBnScQlzSLqr1Atz
PnZOIG3iFvNKpJD+TZieC2W95O8yQX7JqU8uMjzM+Gc1UNxJKtMLsr1Laubq4k5t
avRlqFShrQGro4NI5wzaNC6fotMKe5DhSqRhEi0y1ET1Kak9/8uG4ncbX4dqpNEF
wX3Q7VHKxpH9NVTKxYliH3zhofzTbc7nyJCLK8P2FIXrIoDsJ7Vl4fIFbQrtMEBV
MuCeSeENRsTma/u2yENwOsBNZwfLlpbRHJChfqA0Epv1WAsCQV2l1Rd4pIaGX6Xn
rzG0hOgacuqdgLrnLkxYmcIhY5DCNA5PIFcKrvSBSCoO9UAwL3s0aS3OQ2hvONOh
6lhn1akd2LsR0TTzIGGdQIC0YYzUnK0QpTedAj+4XHrvlg00BBdphbWbIqXvy2rO
zWh23ty0aWHvD6zZLi9HkCx57pXivVaqOU6VA7Vc9kE0RkVbu7vLrcDkR82vEI/T
CWjaN7yZ4zXI1vKvtvaP
=KI/f
-----END PGP SIGNATURE-----



--- End Message ---

Reply via email to