[Pkg-kde-extras] Bug#768191: marked as done (CVE-2014-8483: konversation: out-of-bounds read issue)
Your message dated Fri, 07 Nov 2014 23:17:06 + with message-id and subject line Bug#768191: fixed in konversation 1.4-1+deb7u1 has caused the Debian Bug report #768191, regarding CVE-2014-8483: konversation: out-of-bounds read issue to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 768191: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768191 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: konversation Version: 1.5-1 Severity: important Check for invalid input in encrypted buffers The ECB Blowfish decryption function assumed that encrypted input would always come in blocks of 12 characters, as specified. However, buggy clients or annoying people may not adhere to that assumption, causing the core to crash while trying to process the invalid base64 input. (Description copied from http://bugs.quassel-irc.org/issues/1314) -- System Information: Debian Release: jessie/sid APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'testing'), (500, 'stable'), (110, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages konversation depends on: ii kde-runtime4:4.14.2-1 ii kdepim-runtime 4:4.14.2-1 ii konversation-data 1.5-1 ii libc6 2.19-12 ii libgcc11:4.9.1-19 ii libkabc4 4:4.14.2-1 ii libkde3support44:4.14.2-3 ii libkdecore54:4.14.2-3 ii libkdeui5 4:4.14.2-3 ii libkemoticons4 4:4.14.2-3 ii libkidletime4 4:4.14.2-3 ii libkio54:4.14.2-3 ii libknotifyconfig4 4:4.14.2-3 ii libkparts4 4:4.14.2-3 ii libkresources4 4:4.14.2-1 ii libnepomuk44:4.14.2-3 ii libnepomukutils4 4:4.14.2-3 ii libphonon4 4:4.8.0-3 ii libqca22.0.3-6 ii libqt4-dbus4:4.8.6+git64-g5dc8b2b+dfsg-2+b1 ii libqt4-network 4:4.8.6+git64-g5dc8b2b+dfsg-2+b1 ii libqt4-qt3support 4:4.8.6+git64-g5dc8b2b+dfsg-2+b1 ii libqt4-svg 4:4.8.6+git64-g5dc8b2b+dfsg-2+b1 ii libqt4-xml 4:4.8.6+git64-g5dc8b2b+dfsg-2+b1 ii libqtcore4 4:4.8.6+git64-g5dc8b2b+dfsg-2+b1 ii libqtgui4 4:4.8.6+git64-g5dc8b2b+dfsg-2+b1 ii libsolid4 4:4.14.2-3 ii libsoprano42.9.4+dfsg-1.1 ii libstdc++6 4.9.1-19 ii phonon 4:4.8.0-3 konversation recommends no packages. konversation suggests no packages. -- no debconf information --- End Message --- --- Begin Message --- Source: konversation Source-Version: 1.4-1+deb7u1 We believe that the bug you reported is fixed in the latest version of konversation, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 768...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso (supplier of updated konversation package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 05 Nov 2014 11:03:31 -0800 Source: konversation Binary: konversation konversation-data konversation-dbg Architecture: source amd64 all Version: 1.4-1+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Debian KDE Extras Team Changed-By: Salvatore Bonaccorso Description: konversation - user friendly Internet Relay Chat (IRC) client for KDE konversation-data - data files for Konversation konversation-dbg - debugging symbols for Konversation Closes: 768191 Changes: konversation (1.4-1+deb7u1) wheezy-security; urgency=high . * Backport fix for CVE-2014-8483 in cve-2014-8483.patch See https://security-tracker.debian.org/tracker/CVE-2014-8483 (Closes: #768191) Checksums-Sha1: 10a4b285550334c2130a8af7e99eef5158a71713 2235 konversation_1.4-1+deb7u1.dsc 90741721f68a02d4345b9006a8ae53bc49ef3777 2902368 konversation_1.4.orig.tar.xz 8b0250a0c0341804f2921430a143cee8c31b673a 29702 konversation_1.4-1+deb7u1.debian.tar.gz 454ba7e206b6268e425017950c30b1dd159f2dc4 1020982 konversation_1.4-1+deb7u1_amd64.deb 16bb34c97e0904e21ab697944c079cf2e045de6b 4082470 konversation-data_1.4-
[Pkg-kde-extras] Bug#768191: marked as done (CVE-2014-8483: konversation: out-of-bounds read issue)
Your message dated Wed, 05 Nov 2014 22:04:17 + with message-id and subject line Bug#768191: fixed in konversation 1.5-2 has caused the Debian Bug report #768191, regarding CVE-2014-8483: konversation: out-of-bounds read issue to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 768191: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768191 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: konversation Version: 1.5-1 Severity: important Check for invalid input in encrypted buffers The ECB Blowfish decryption function assumed that encrypted input would always come in blocks of 12 characters, as specified. However, buggy clients or annoying people may not adhere to that assumption, causing the core to crash while trying to process the invalid base64 input. (Description copied from http://bugs.quassel-irc.org/issues/1314) -- System Information: Debian Release: jessie/sid APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'testing'), (500, 'stable'), (110, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages konversation depends on: ii kde-runtime4:4.14.2-1 ii kdepim-runtime 4:4.14.2-1 ii konversation-data 1.5-1 ii libc6 2.19-12 ii libgcc11:4.9.1-19 ii libkabc4 4:4.14.2-1 ii libkde3support44:4.14.2-3 ii libkdecore54:4.14.2-3 ii libkdeui5 4:4.14.2-3 ii libkemoticons4 4:4.14.2-3 ii libkidletime4 4:4.14.2-3 ii libkio54:4.14.2-3 ii libknotifyconfig4 4:4.14.2-3 ii libkparts4 4:4.14.2-3 ii libkresources4 4:4.14.2-1 ii libnepomuk44:4.14.2-3 ii libnepomukutils4 4:4.14.2-3 ii libphonon4 4:4.8.0-3 ii libqca22.0.3-6 ii libqt4-dbus4:4.8.6+git64-g5dc8b2b+dfsg-2+b1 ii libqt4-network 4:4.8.6+git64-g5dc8b2b+dfsg-2+b1 ii libqt4-qt3support 4:4.8.6+git64-g5dc8b2b+dfsg-2+b1 ii libqt4-svg 4:4.8.6+git64-g5dc8b2b+dfsg-2+b1 ii libqt4-xml 4:4.8.6+git64-g5dc8b2b+dfsg-2+b1 ii libqtcore4 4:4.8.6+git64-g5dc8b2b+dfsg-2+b1 ii libqtgui4 4:4.8.6+git64-g5dc8b2b+dfsg-2+b1 ii libsolid4 4:4.14.2-3 ii libsoprano42.9.4+dfsg-1.1 ii libstdc++6 4.9.1-19 ii phonon 4:4.8.0-3 konversation recommends no packages. konversation suggests no packages. -- no debconf information --- End Message --- --- Begin Message --- Source: konversation Source-Version: 1.5-2 We believe that the bug you reported is fixed in the latest version of konversation, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 768...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Diane Trout (supplier of updated konversation package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 05 Nov 2014 22:47:53 +0100 Source: konversation Binary: konversation konversation-data konversation-dbg Architecture: source all Version: 1.5-2 Distribution: unstable Urgency: medium Maintainer: Debian KDE Extras Team Changed-By: Diane Trout Description: konversation - user friendly Internet Relay Chat (IRC) client for KDE konversation-data - data files for Konversation konversation-dbg - debugging symbols for Konversation Closes: 768191 Changes: konversation (1.5-2) unstable; urgency=medium . * Backport fix for CVE-2014-8483 in cve-2014-8483.patch See https://security-tracker.debian.org/tracker/CVE-2014-8483 (Closes: #768191) Checksums-Sha1: 7078a68fd4cff676cc1647aa1889b019532ba880 2239 konversation_1.5-2.dsc 3464adc2a071d1c291e1670018e65134e7cf30e6 26604 konversation_1.5-2.debian.tar.xz 0f5eb1a083204f3b2d9a34c283abc5e9c6717197 3029346 konversation-data_1.5-2_all.deb Checksums-Sha256: d39b8b4dd21c748ba13301c455fb4f6cc52bd8eeca6e030bd69e9ee873ccdae8 2239 konversation_1.5-2.dsc 6d7007a522cc183ae1526edefed96ff2890310586dcb8284cf0d002258373444 26604 konversation_1.5-2.debian.tar.xz dc039b81bba3c64c8