Debian Bug report logs -
#657217
bip: buffer overflow (CVE-2012-0806)
Reported by: Luciano Bello <luciano@debian.org>
Date: Tue, 24 Jan 2012 21:54:02 UTC
Severity: grave
Tags: patch, security
Fixed in versions 0.8.8-2, 0.8.2-1squeeze4
Done: Simon McVittie <smcv@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Pierre-Louis Bonicoli <pierre-louis.bonicoli@gmx.fr>:
Bug#657217; Package bip.
(Tue, 24 Jan 2012 21:54:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Luciano Bello <luciano@debian.org>:
New Bug report received and forwarded. Copy sent to Pierre-Louis Bonicoli <pierre-louis.bonicoli@gmx.fr>.
(Tue, 24 Jan 2012 21:54:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: bip
Severity: grave
Tags: security patch
The following vulnerability had been reported against bip:
https://projects.duckcorp.org/issues/269
The patch can be found here:
https://projects.duckcorp.org/projects/bip/repository/revisions/222a33cb84a2e52ad55a88900b7895bf9dd0262c
This bug is present in 0.8.8 and previous versions and, according to reporter,
remote execution of code should be possible.
Please use CVE-2012-0806 for this issue.
/luciano
Reply sent
to Simon McVittie <smcv@debian.org>:
You have taken responsibility.
(Sat, 03 Mar 2012 13:45:09 GMT) (full text, mbox, link).
Notification sent
to Luciano Bello <luciano@debian.org>:
Bug acknowledged by developer.
(Sat, 03 Mar 2012 13:45:09 GMT) (full text, mbox, link).
Message #10 received at 657217-done@bugs.debian.org (full text, mbox, reply):
Version: 0.8.8-2
On Tue, 24 Jan 2012 at 22:45:42 +0100, Luciano Bello wrote:
> Please use CVE-2012-0806 for this issue.
The maintainer appears to have fixed this in 0.8.8-2 before this bug
was opened, so I'm closing the bug with version-tracking.
Thanks,
S
Reply sent
to Simon McVittie <smcv@debian.org>:
You have taken responsibility.
(Sat, 03 Mar 2012 13:45:13 GMT) (full text, mbox, link).
Notification sent
to Luciano Bello <luciano@debian.org>:
Bug acknowledged by developer.
(Sat, 03 Mar 2012 13:45:13 GMT) (full text, mbox, link).
Message #15 received at 657217-done@bugs.debian.org (full text, mbox, reply):
Version: 0.8.2-1squeeze4
I wrote:
> On Tue, 24 Jan 2012 at 22:45:42 +0100, Luciano Bello wrote:
> > Please use CVE-2012-0806 for this issue.
>
> The maintainer appears to have fixed this in 0.8.8-2 before this bug
> was opened, so I'm closing the bug with version-tracking.
Likewise, but for stable-security.
Thanks,
S
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 01 Apr 2012 07:37:03 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:10:34 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon