Debian Bug report logs -
#840347
CVE-2016-4429
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Mon, 10 Oct 2016 19:39:02 UTC
Severity: grave
Tags: security, upstream
Found in version libtirpc/0.2.5-1
Fixed in version libtirpc/0.2.5-1.1
Done: Christian Hofstaedtler <zeha@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#840347; Package src:libtirpc.
(Mon, 10 Oct 2016 19:39:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Anibal Monsalve Salazar <anibal@debian.org>.
(Mon, 10 Oct 2016 19:39:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: libtirpc
Severity: grave
Tags: security
libtirpc is affected by this vulnerability recently fixed in glibc:
https://security-tracker.debian.org/tracker/CVE-2016-4429
Cheers,
Moritz
Marked as found in versions libtirpc/0.2.5-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 11 Oct 2016 04:36:04 GMT) (full text, mbox, link).
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 11 Oct 2016 04:36:06 GMT) (full text, mbox, link).
Reply sent
to Christian Hofstaedtler <zeha@debian.org>:
You have taken responsibility.
(Wed, 21 Dec 2016 22:54:03 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Wed, 21 Dec 2016 22:54:03 GMT) (full text, mbox, link).
Message #14 received at 840347-close@bugs.debian.org (full text, mbox, reply):
Source: libtirpc
Source-Version: 0.2.5-1.1
We believe that the bug you reported is fixed in the latest version of
libtirpc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 840347@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Hofstaedtler <zeha@debian.org> (supplier of updated libtirpc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 21 Dec 2016 22:12:21 +0000
Source: libtirpc
Binary: libtirpc-dev libtirpc1
Architecture: source
Version: 0.2.5-1.1
Distribution: unstable
Urgency: medium
Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
Changed-By: Christian Hofstaedtler <zeha@debian.org>
Description:
libtirpc-dev - transport-independent RPC library - development files
libtirpc1 - transport-independent RPC library
Closes: 840347
Changes:
libtirpc (0.2.5-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Fix CVE-2016-4429 (Closes: #840347)
* Standards-Version is now 3.9.8
* Update patch 05-hurd-port.diff as config.h is already deleted by
debhelper.
* Stop installing empty /usr/lib directory.
* Stop installing now empty postinst/postrm, as debhelper installs
an ldconfig trigger instead.
Checksums-Sha1:
49007f361418dc1771408b1bdf1d02ff5c49a761 1855 libtirpc_0.2.5-1.1.dsc
0f9b548a19e90391b7b96a5d6145fae24eee934e 13964 libtirpc_0.2.5-1.1.debian.tar.xz
Checksums-Sha256:
6663d49f48fb7040939ad4cb19941f05e4d27610d570f381de333e16c49b0547 1855 libtirpc_0.2.5-1.1.dsc
0eb5dfaedaf20f4bf7e69d501f4b3a102f967ad76308c6b8740e7d40d271063e 13964 libtirpc_0.2.5-1.1.debian.tar.xz
Files:
5a90da4e8941012c59122af7ec1fc5bd 1855 libs standard libtirpc_0.2.5-1.1.dsc
e00e7dc88e26869cfb470fefc1f3733d 13964 libs standard libtirpc_0.2.5-1.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfRrP+tnggGycTNOSXBPW25MFLgMFAlhbAmwACgkQXBPW25MF
LgM9/xAAhrUXDJxQs5AoZ9dGQeFcJkSYafizkdGgQwKQvNi49l3K9m8+ZcB7IKKk
w1g/0OVzM10xht/ekWBKyBsXHncJqXLYEdEN+w1nbil0QmryaAITlZoA2XJ+tf/r
PxrFSvao8nD2+NwnLzGqTSSwGliIwzEJnWWXxfEnkAJSwZxYGCsJIIGtZqPSarW8
ChdyoDQ0JWZXL/Hq4AN5l72fQnfsGhuIgSll3JIsK2cRwGxY2XSvF83JKEq1ajI1
p+KsA1jZ49laXwnpF3cC5drFe9Y3u5oHhu2tXpbgHTypa5avvXvDI2AoGXKW8QX4
NUTREqDt9tTosplGppUnoMNSHzx7XTrbKfgfZHqn5aKqYjB9TF663PdwnoczjQa2
gfvukVXOCBNqcKsa2BsRVhsPn1RztI9IyOH1icbQSbO2mhxa+dDKvs/fj5XQZDQn
bEkLMHZTcSY1IpOn/q/LBss8oelwdIeFyCyUUo0WTq00HCZBWdX9es2zERs/dY2S
NzSaK/yI/I9dLf9wzk/B83CQWyeUl2R0POBD5O/B8jdvAm8ucGlh5zMCBmgtTnp1
JWSJt+BJSbv5mEcNSrI6bLJwpCGPpd59DA17AJczzurIg4+WRrdLLPGVnz/qMO5a
QRi4JLQrO6sP0PXFt7ioijfJfxA9Iw0SQuQr7zQhCeDcc+jJw5U=
=WcQh
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 16 Jul 2017 07:41:52 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:22:00 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon