Bug#834502: marked as done (cracklib2: CVE-2016-6318: Stack-based buffer overflow when parsing large GECOS field)

[Debian Bug Tracking System]

Your message dated Tue, 23 Aug 2016 17:20:16 +0000
with message-id <e1bcfn2-000308...@franck.debian.org>
and subject line Bug#834502: fixed in cracklib2 2.9.2-2
has caused the Debian Bug report #834502,
regarding cracklib2: CVE-2016-6318: Stack-based buffer overflow when parsing 
large GECOS field
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
834502: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834502
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: cracklib2
Version: 2.9.2-1
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for cracklib2.

CVE-2016-6318[0]:
Stack-based buffer overflow when parsing large GECOS field

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-6318

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: cracklib2
Source-Version: 2.9.2-2

We believe that the bug you reported is fixed in the latest version of
cracklib2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 834...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jan Dittberner <ja...@debian.org> (supplier of updated cracklib2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 23 Aug 2016 18:50:44 +0200
Source: cracklib2
Binary: libcrack2 libcrack2-udeb libcrack2-dev cracklib-runtime python-cracklib 
python3-cracklib
Architecture: source amd64
Version: 2.9.2-2
Distribution: unstable
Urgency: medium
Maintainer: Jan Dittberner <ja...@debian.org>
Changed-By: Jan Dittberner <ja...@debian.org>
Description:
 cracklib-runtime - runtime support for password checker library cracklib2
 libcrack2  - pro-active password checker library
 libcrack2-dev - pro-active password checker library - development files
 libcrack2-udeb - pro-active password checker library (udeb)
 python-cracklib - Python bindings for password checker library cracklib2
 python3-cracklib - Python3 bindings for password checker library cracklib2
Closes: 834502
Changes:
 cracklib2 (2.9.2-2) unstable; urgency=medium
 .
   * Fix "CVE-2016-6318: Stack-based buffer overflow when parsing large
     GECOS field" by applying patch by Salvatore Bonaccorso (Closes: #834502)
Checksums-Sha1:
 e3a03630da91ce41719c17cc736d4745158aef2d 2095 cracklib2_2.9.2-2.dsc
 311f5e948e90e35c5fb799dbed6ae7fb9ae93123 25532 cracklib2_2.9.2-2.debian.tar.xz
 b71f1a2076df355afeb66ffea5fbc52ea048b404 10462 
cracklib-runtime-dbgsym_2.9.2-2_amd64.deb
 4758d4d563b400d268251995964b357cfa8e3f59 148068 
cracklib-runtime_2.9.2-2_amd64.deb
 6bbd91ef57dbbb5d643b144a3917ad5c4b61fea2 21458 
libcrack2-dbgsym_2.9.2-2_amd64.deb
 99a77c8f1663dd37045dc1a0362b0fca2ba00756 31280 libcrack2-dev_2.9.2-2_amd64.deb
 be1d1c2ddecd71927fe3fbd8ed302bf4420a8d3e 120268 
libcrack2-udeb_2.9.2-2_amd64.udeb
 6d9ba28966b4fd062a97890dc7000452aad3841a 54490 libcrack2_2.9.2-2_amd64.deb
 de65313c30da52ca86816237db111d467d722a67 13110 
python-cracklib-dbgsym_2.9.2-2_amd64.deb
 bda08b43cdd8e4a930d6c21694bb3a3dfddf6d31 22858 
python-cracklib_2.9.2-2_amd64.deb
 ee305365a0ded2e991c89264dfd9f6e3aa250a2c 14082 
python3-cracklib-dbgsym_2.9.2-2_amd64.deb
 507a0497d5111cbc65d4fcd1d458b73db5c2645f 22906 
python3-cracklib_2.9.2-2_amd64.deb
Checksums-Sha256:
 02206403c53973e4f04e692876db7e2cf83b55b59eaba82690702197be758ba8 2095 
cracklib2_2.9.2-2.dsc
 d85b0bb75ab7ebfae1b87c79458ac1bc35587a2b758376b09e7c59ad852de3b0 25532 
cracklib2_2.9.2-2.debian.tar.xz
 197845e8e416a31e77f4f8f6d88f6a9b4cefaec3bd1048f4db32e36123eb135d 10462 
cracklib-runtime-dbgsym_2.9.2-2_amd64.deb
 9973229da6586a8c0776a77440486a4db4ed0eab1b7a3a970967501b3662750b 148068 
cracklib-runtime_2.9.2-2_amd64.deb
 f11d54bdf583143f7c6811a71a658ec24b9f9d17462ed557fc3fef714cdd227e 21458 
libcrack2-dbgsym_2.9.2-2_amd64.deb
 c462ff58ca36a132416ef594094c4d7acd3eb5f36ca74644baa85912aafb8eda 31280 
libcrack2-dev_2.9.2-2_amd64.deb
 6a0f0af34e1d631a08aa43d4e28d62c2ccfb1a6a0ba61e9d6f9e85607fb99211 120268 
libcrack2-udeb_2.9.2-2_amd64.udeb
 3084aa185131350b87cba95ecaba16e100cf6215e6c56b04e3ba632dfd6cba81 54490 
libcrack2_2.9.2-2_amd64.deb
 9bfab1cca1f6dbdf3f2e9a6afabaecf9a95561928df23747e19d8c0356542ef4 13110 
python-cracklib-dbgsym_2.9.2-2_amd64.deb
 ef353577feed10e6857d9c75f076d370621387976738120bcd3060adc10f451e 22858 
python-cracklib_2.9.2-2_amd64.deb
 4b9712f91ea2bab905c672b312f8618c9b398994c469e6de00cfee81e0292ef7 14082 
python3-cracklib-dbgsym_2.9.2-2_amd64.deb
 92738f003b23609ef856366f38e4ec8031b6c5c82fa157d26a80bdcf32ef69a4 22906 
python3-cracklib_2.9.2-2_amd64.deb
Files:
 13cd33e658295a327296c37f2fa858a8 2095 libs optional cracklib2_2.9.2-2.dsc
 5937e64da498cf33a6b5966b05b40b56 25532 libs optional 
cracklib2_2.9.2-2.debian.tar.xz
 65eb8ef91b29db83c41a18138b6dd6d2 10462 debug extra 
cracklib-runtime-dbgsym_2.9.2-2_amd64.deb
 635ba03b322a9570adc64e96e9e3112a 148068 admin optional 
cracklib-runtime_2.9.2-2_amd64.deb
 5e4b3cea98b5068b49b994c1ff280ce2 21458 debug extra 
libcrack2-dbgsym_2.9.2-2_amd64.deb
 94cec0c21432bccff603deb54fe48e02 31280 libdevel extra 
libcrack2-dev_2.9.2-2_amd64.deb
 6e90c9ef3b75ec21786b99429861f2ef 120268 debian-installer optional 
libcrack2-udeb_2.9.2-2_amd64.udeb
 fd1c40fa4917348864bbcc5582f2d4f4 54490 libs optional 
libcrack2_2.9.2-2_amd64.deb
 ce60b0003b803f43561097dad42ee326 13110 debug extra 
python-cracklib-dbgsym_2.9.2-2_amd64.deb
 e3acea1ef83e967ee82995e64204d8fd 22858 python optional 
python-cracklib_2.9.2-2_amd64.deb
 91ca66dfdaeb044b2ea47446f8a58e39 14082 debug extra 
python3-cracklib-dbgsym_2.9.2-2_amd64.deb
 468e7719d99b9ced1ce1724079c7d67d 22906 python optional 
python3-cracklib_2.9.2-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCgAGBQJXvIBiAAoJEA15HcjXN8HZ5A8IAJaAY902mA/LTjZv3u4tfJkI
MdRbiafi3NrIw0A9UKO8SwdnbauvUCJ6h8ngAA4rF+7cilJy/6gGsP2LDa95rNpK
3umaQfi5VAj3KjcNlS1X3mA2l2fiqz2ml85WOX0aTyFFFyqNofbwHwL0gqiev+il
uHu2nyjzO3HiSAJwRaKKSpUG/1D7cdS3c0/kuYcLDiVsJmyeH4bAGgNh3g2VesGf
K7ukihrT0XwMRBUi+K8CL6W6G2wMWmV5Jp2vmOM9bygCD9BPsGOlodklytSpzANw
naG/wEPiXZOrADVQScopdiJesO4IROCdiPZIwDNvSL8tGbtUvN1QsaXcRp8/nhs=
=7nnb
-----END PGP SIGNATURE-----

--- End Message ---