Debian Bug report logs -
#546730
CVE-2007-6731, CVE-2007-6732: Multiple buffer overflows
Reported by: Giuseppe Iuculano <giuseppe@iuculano.it>
Date: Tue, 15 Sep 2009 11:24:06 UTC
Severity: serious
Tags: lenny, security
Found in version xmp/2.0.4d-11
Fixed in version 2.6.1-1
Done: Gürkan Sengün <gurkan@phys.ethz.ch>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Gürkan Sengün <gurkan@phys.ethz.ch>:
Bug#546730; Package xmp.
(Tue, 15 Sep 2009 11:24:17 GMT) (full text, mbox, link).
Acknowledgement sent
to Giuseppe Iuculano <giuseppe@iuculano.it>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Gürkan Sengün <gurkan@phys.ethz.ch>.
(Tue, 15 Sep 2009 11:24:17 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: xmp
Version: 2.0.4d-11
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for xmp.
CVE-2007-6731[0]:
| Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers
| to execute arbitrary code via an OXM file with a negative value, which
| bypasses a check in (1) test_oxm and (2) decrunch_oxm functions in
| misc/oxm.c, leading to a buffer overflow.
This is already fixed in debian unstable.
Please coordinate with the security team (team@security.debian.org) to
prepare packages for the stable and oldstable releases.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6731
http://security-tracker.debian.net/tracker/CVE-2007-6731
Cheers,
Giuseppe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqvdDoACgkQNxpp46476aot0gCeKr7w18XoPG1yyirwc2sfsnNC
88kAn3fVbLhhpWt8EgFAI/dvxWdrllp0
=WBlF
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Gürkan Sengün <gurkan@phys.ethz.ch>:
Bug#546730; Package xmp.
(Tue, 15 Sep 2009 11:42:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Giuseppe Iuculano <giuseppe@iuculano.it>:
Extra info received and forwarded to list. Copy sent to Gürkan Sengün <gurkan@phys.ethz.ch>.
(Tue, 15 Sep 2009 11:42:05 GMT) (full text, mbox, link).
Message #10 received at 546730@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
retitle 546730 CVE-2007-6731, CVE-2007-6732: Multiple buffer overflows
tag 546730 lenny etch
fixed 546730 2.6.1-1
thanks
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for xmp.
CVE-2007-6731[0]:
| Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers
| to execute arbitrary code via an OXM file with a negative value, which
| bypasses a check in (1) test_oxm and (2) decrunch_oxm functions in
| misc/oxm.c, leading to a buffer overflow.
CVE-2007-6732[1]:
| Multiple buffer overflows in the dtt_load function in
| loaders/dtt_load.c Extended Module Player (XMP) 2.5.1 and earlier
| allow remote attackers to execute arbitrary code via unspecified
| vectors related to an untrusted length value and the (1) pofs and (2)
| plen arrays.
These are already fixed in Debian unstable.
Please coordinate with the security team (team@security.debian.org) to
prepare packages for the stable and oldstable releases.
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6731
http://security-tracker.debian.net/tracker/CVE-2007-6731
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6732
http://security-tracker.debian.net/tracker/CVE-2007-6732
[signature.asc (application/pgp-signature, attachment)]
Changed Bug title to 'CVE-2007-6731, CVE-2007-6732: Multiple buffer overflows' from 'CVE-2007-6732: Buffer overflow in DTT file loader'
Request was from Giuseppe Iuculano <giuseppe@iuculano.it>
to control@bugs.debian.org.
(Tue, 15 Sep 2009 11:42:07 GMT) (full text, mbox, link).
Added tag(s) etch and lenny.
Request was from Giuseppe Iuculano <giuseppe@iuculano.it>
to control@bugs.debian.org.
(Tue, 15 Sep 2009 11:42:08 GMT) (full text, mbox, link).
Bug Marked as fixed in versions 2.6.1-1.
Request was from Giuseppe Iuculano <giuseppe@iuculano.it>
to control@bugs.debian.org.
(Tue, 15 Sep 2009 11:42:09 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Gürkan Sengün <gurkan@phys.ethz.ch>:
Bug#546730; Package xmp.
(Wed, 23 Sep 2009 11:39:03 GMT) (full text, mbox, link).
Acknowledgement sent
to gurkan <gurkan@phys.ethz.ch>:
Extra info received and forwarded to list. Copy sent to Gürkan Sengün <gurkan@phys.ethz.ch>.
(Wed, 23 Sep 2009 11:39:04 GMT) (full text, mbox, link).
Message #21 received at 546730@bugs.debian.org (full text, mbox, reply):
Hello Claudio
Thank you very much. I will try it out and report my results.
I'm really bad with patching stuff and the like, would it be possible for
you
to provide a tarball of this version of xmp (2.0.4d and 2.5.1)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546730
to address the problems? That would be fantastic.
Yours,
Guerkan
> You can retrieve it from the sourceforge git, but I'm attaching a
> snapshot version just in case. I've just received some bug reports
> regarding builds in OSX and Solaris, but it seems that in Linux it is
> working well.
>
> Best regards,
> Claudio
>
>
> On Tue, Sep 22, 2009 at 10:51 AM, Gürkan Sengün <gurkan@phys.ethz.ch>
> wrote:
>> Hello Claudio
>>
>> Where can I get a xmp 3.x version to try? How's the 3.x going?
>>
>> Yours,
>> Guerkan
>>
Information forwarded
to debian-bugs-dist@lists.debian.org:
Bug#546730; Package xmp.
(Thu, 28 Jan 2010 13:06:15 GMT) (full text, mbox, link).
Acknowledgement sent
to Gürkan Sengün <gurkan@phys.ethz.ch>:
Extra info received and forwarded to list.
(Thu, 28 Jan 2010 13:06:15 GMT) (full text, mbox, link).
Message #26 received at 546730@bugs.debian.org (full text, mbox, reply):
http://gnu.ethz.ch/debian/xmp/310/xmp_3.1.0-1.dsc
Removed tag(s) lenny.
Request was from Kurt Roeckx <kurt@roeckx.be>
to control@bugs.debian.org.
(Wed, 16 Feb 2011 20:12:15 GMT) (full text, mbox, link).
Removed tag(s) etch.
Request was from Axel Beckert <abe@debian.org>
to control@bugs.debian.org.
(Sun, 20 Feb 2011 10:40:07 GMT) (full text, mbox, link).
Added tag(s) lenny.
Request was from Axel Beckert <abe@debian.org>
to control@bugs.debian.org.
(Sun, 20 Feb 2011 10:40:08 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org:
Bug#546730; Package xmp.
(Mon, 13 Feb 2012 09:09:09 GMT) (full text, mbox, link).
Acknowledgement sent
to Gürkan Sengün <gurkan@phys.ethz.ch>:
Extra info received and forwarded to list.
(Mon, 13 Feb 2012 09:09:14 GMT) (full text, mbox, link).
Message #37 received at 546730@bugs.debian.org (full text, mbox, reply):
didn't security support for oldstable end by the last monday? can this bug be
closed because of that?
yours,
gurkan
Reply sent
to Gürkan Sengün <gurkan@phys.ethz.ch>:
You have taken responsibility.
(Thu, 16 Feb 2012 11:27:04 GMT) (full text, mbox, link).
Notification sent
to Giuseppe Iuculano <giuseppe@iuculano.it>:
Bug acknowledged by developer.
(Thu, 16 Feb 2012 11:27:07 GMT) (full text, mbox, link).
Message #42 received at 546730-done@bugs.debian.org (full text, mbox, reply):
this is not relevant anymore.
gurkan
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 26 Mar 2012 07:34:51 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:29:26 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon