Debian Bug report logs -
#702282
CVE-2012-5621
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Mon, 4 Mar 2013 18:36:01 UTC
Severity: grave
Tags: security
Found in version ekiga/3.2.7-2
Fixed in versions ekiga/4.0.0-1, ekiga/3.2.7-6
Done: Sébastien Villemot <sebastien@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Kilian Krause <kilian@debian.org>:
Bug#702282; Package ekiga.
(Mon, 04 Mar 2013 18:36:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Kilian Krause <kilian@debian.org>.
(Mon, 04 Mar 2013 18:36:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: ekiga
Severity: grave
Tags: security
Please see http://marc.info/?l=oss-security&m=135458614417560&w=2
This is fixed in experimental, but suid/wheezy is unfixed.
Upstream fix:
http://git.gnome.org/browse/ekiga/commit/?id=7d09807257
Cheers,
Moritz
Marked as found in versions ekiga/3.2.7-2.
Request was from Sébastien Villemot <sebastien@debian.org>
to control@bugs.debian.org.
(Mon, 04 Mar 2013 21:48:08 GMT) (full text, mbox, link).
Marked as fixed in versions ekiga/4.0.0-1.
Request was from Sébastien Villemot <sebastien@debian.org>
to control@bugs.debian.org.
(Mon, 04 Mar 2013 21:48:09 GMT) (full text, mbox, link).
Reply sent
to Sébastien Villemot <sebastien@debian.org>:
You have taken responsibility.
(Mon, 04 Mar 2013 22:36:04 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Mon, 04 Mar 2013 22:36:04 GMT) (full text, mbox, link).
Message #14 received at 702282-close@bugs.debian.org (full text, mbox, reply):
Source: ekiga
Source-Version: 3.2.7-6
We believe that the bug you reported is fixed in the latest version of
ekiga, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 702282@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sébastien Villemot <sebastien@debian.org> (supplier of updated ekiga package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 04 Mar 2013 22:38:45 +0100
Source: ekiga
Binary: ekiga ekiga-dbg
Architecture: source amd64
Version: 3.2.7-6
Distribution: unstable
Urgency: high
Maintainer: Kilian Krause <kilian@debian.org>
Changed-By: Sébastien Villemot <sebastien@debian.org>
Description:
ekiga - H.323 and SIP compatible VoIP client
ekiga-dbg - H.323 and SIP compatible VoIP client - debug symbols
Closes: 702282
Changes:
ekiga (3.2.7-6) unstable; urgency=high
.
* Team upload.
* debian/patches/validate-utf8-strings.patch: new patch, fixes crash
when the other party's names are not UTF-8 valid (CVE-2012-5621).
(Closes: #702282)
Checksums-Sha1:
06bc63e89973252ff3c36a685f3ea5900330a1b4 2473 ekiga_3.2.7-6.dsc
5310b33d92074140273b83e3e6d8528abf08fe7f 19546 ekiga_3.2.7-6.debian.tar.gz
c38bdab5b2f1ff5b90fb5823255cd67e701e9ffb 9220094 ekiga_3.2.7-6_amd64.deb
b335e0fabcd2089abfcd21ffd5bc1e86aa9f0817 9872200 ekiga-dbg_3.2.7-6_amd64.deb
Checksums-Sha256:
2ff01353913e5694e07ba5fbc726b923856844d8fba2fd9c0c8b599c620077bc 2473 ekiga_3.2.7-6.dsc
9dd82f3e92c8072c18339bb5cf2a910e86d56ea4da27a2cfc79199aa87c0d277 19546 ekiga_3.2.7-6.debian.tar.gz
2f075c4e9be4de751b60c8f67f883185ed67fa8b1e928ad5838464b36c7dfd2f 9220094 ekiga_3.2.7-6_amd64.deb
79026731fe732f8023031faa4d1436427f48d8bb27ae84dfde20201434cb7fde 9872200 ekiga-dbg_3.2.7-6_amd64.deb
Files:
be21e9e5291d2a13c23e98ef53285888 2473 gnome optional ekiga_3.2.7-6.dsc
300007163eeb44486a5065f200021f24 19546 gnome optional ekiga_3.2.7-6.debian.tar.gz
05ade3958a3d5f4fa1d11c13fca08afd 9220094 gnome optional ekiga_3.2.7-6_amd64.deb
4c41ff3f97f7b54932e6083fd18291b2 9872200 debug extra ekiga-dbg_3.2.7-6_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJRNRufAAoJECzs6TUOzr5KGPYP/11ZYBkl/nc3i+YTt8wpxpzF
hSCobzFJNcHzNo6b2qbVUqh4V9gC0LqlO4JikmG/L3ebfPILsNHc33KORuudTAqQ
pe9YkMvmZNrRW9vVKK4x+5iR4xok79gey8hOSWPpjQmeDyU/xmaBQwbIVztBwqJv
VNHPF18wsJS+bJN+nvVRvr4LcuCDh//8h8uJazEi4r/J8kYdixFB+gJgv59DmpFI
2AysIZpKMWIaPcWAuSbyCyzKOksVz7Drro9rjfAMFyYlBd1Ou7yymmwL93QHwRxm
IFmjcL+PciBAUN3sv64k81YEQ/oBc3inXfdP4slPdixtdwDlTrNklZvL1+qjaUbc
Gjx8CuL397InQy6RbuMBDgjTTtxiBImm0fuBVWAj5tmsTUEqasp3J7WQnH2gMBaS
ppMEngHK4g4qQBchzSPqhbmfbm+JQ8CgBgTE/tNEV7PhH8yKAF6nPNw4LNOGSRXQ
eivlr/7azESvSN5kMa0TX/L25SGSY7vt3atGZHVVIRXQe/fmJvThJTm1k7pkRB04
vbZkHyJUm481yU34j6n5u46uGczsMThuIfWw6RTrR8ZVqyVCK4qJb7sHYgQ8jejl
Ti2OxrqzM4/ebHmW4tjnWK33EsvZCsMq2MMx42bIzcNzPmeSd+93NeigCOrNeQ4d
HlwuLkikdYKseb8OfNav
=ihu1
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 02 Jun 2013 08:21:55 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:12:45 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon