Debian Bug report logs -
#697987
ettercap: CVE-2013-0722: stack-based buffer overflow when parsing hosts list
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 12 Jan 2013 14:24:02 UTC
Severity: important
Tags: security
Fixed in versions ettercap/1:0.7.5.1-2, ettercap/1:0.7.3-2.1+squeeze1
Done: bap@debian.org (Barak A. Pearlmutter)
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Barak A. Pearlmutter <bap@debian.org>:
Bug#697987; Package ettercap.
(Sat, 12 Jan 2013 14:24:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to Barak A. Pearlmutter <bap@debian.org>.
(Sat, 12 Jan 2013 14:24:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: ettercap
Severity: important
Tags: security
Hi,
the following vulnerability was published for ettercap.
CVE-2013-0722[0]:
stack-based buffer overflow when parsing hosts list
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://security-tracker.debian.org/tracker/CVE-2013-0722
[1] http://marc.info/?s=CVE-2013-0722&l=oss-security
[2] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0722
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Reply sent
to bap@debian.org (Barak A. Pearlmutter):
You have taken responsibility.
(Mon, 14 Jan 2013 10:51:09 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Mon, 14 Jan 2013 10:51:09 GMT) (full text, mbox, link).
Message #10 received at 697987-close@bugs.debian.org (full text, mbox, reply):
Source: ettercap
Source-Version: 1:0.7.5.1-2
We believe that the bug you reported is fixed in the latest version of
ettercap, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 697987@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Barak A. Pearlmutter <bap@debian.org> (supplier of updated ettercap package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 14 Jan 2013 10:19:40 +0000
Source: ettercap
Binary: ettercap-common ettercap-text-only ettercap-graphical ettercap-dbg
Architecture: source amd64
Version: 1:0.7.5.1-2
Distribution: unstable
Urgency: low
Maintainer: Barak A. Pearlmutter <bap@debian.org>
Changed-By: Barak A. Pearlmutter <bap@debian.org>
Description:
ettercap-common - Multipurpose sniffer/interceptor/logger for switched LAN
ettercap-dbg - Debug symbols for Ettercap.
ettercap-graphical - Ettercap GUI-enabled executable
ettercap-text-only - Ettercap console-mode executable
Closes: 697987
Changes:
ettercap (1:0.7.5.1-2) unstable; urgency=low
.
* merge upstream patch for CVE-2013-0722 a stack-based buffer overflow
when parsing hosts list (closes: #697987)
* merge upstream patch for clang compilation issue
Checksums-Sha1:
df1ae488ba668f8162733c307cd48335e6bcdba1 1670 ettercap_0.7.5.1-2.dsc
736685725e0615f0011112a88ba5833ffd13f8cd 11356 ettercap_0.7.5.1-2.debian.tar.gz
bcaa7ed571446ccec5cea32e963e376e4f0dc8c6 394394 ettercap-common_0.7.5.1-2_amd64.deb
8aa9e8fae8adfd45ebbffb89fb18b919d09dd9f0 185542 ettercap-text-only_0.7.5.1-2_amd64.deb
314881e6f807912cea84fbe0cc5f489b8644c7c0 238460 ettercap-graphical_0.7.5.1-2_amd64.deb
f80894e4babd94e5fe2ad9f91276dd788b8356e3 2036884 ettercap-dbg_0.7.5.1-2_amd64.deb
Checksums-Sha256:
1377e2c8bc88c515c23f218b499185f1275d757b61689c4daefdb3972a23bd8d 1670 ettercap_0.7.5.1-2.dsc
f1c3bf8116258da6f08e77624cd0797ca8b543f6639147a2cd27af4cda1a8cb6 11356 ettercap_0.7.5.1-2.debian.tar.gz
4e9681fee4943d4e5bd6bfbb160a3ec31d0a4b475f1fb845eb8e6affeabb3f80 394394 ettercap-common_0.7.5.1-2_amd64.deb
2b1a654080f65038caa1a3b3c4bdb2b6190aea52f935c1f894b4b06a7d16af4b 185542 ettercap-text-only_0.7.5.1-2_amd64.deb
98d90b1d0b0b4f1df4f3544d2cc19b74e4af8cbd76084e48f55468a78fe3ea51 238460 ettercap-graphical_0.7.5.1-2_amd64.deb
b39bf3c84981986b8ca196d0e84181a91037e97d7093565a6c4aef1e7422f944 2036884 ettercap-dbg_0.7.5.1-2_amd64.deb
Files:
67b3d4eed1aae6fef3c1a856805589ce 1670 net optional ettercap_0.7.5.1-2.dsc
6c2ebe48d13383cd93c4bacab2cf57d9 11356 net optional ettercap_0.7.5.1-2.debian.tar.gz
1a4c239fe1991e952bf76367e7a0d7a9 394394 net optional ettercap-common_0.7.5.1-2_amd64.deb
df8ee77abf4bf945ff1f68e645a6a86b 185542 net optional ettercap-text-only_0.7.5.1-2_amd64.deb
ca0befaa85fdddbb878da7d7bef19cbf 238460 net optional ettercap-graphical_0.7.5.1-2_amd64.deb
d978ef8ab535d1c5d1ddc807b2361417 2036884 debug extra ettercap-dbg_0.7.5.1-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlDz3pkACgkQLz4Gnv7CP7KYXgCgz9UzTXtfjLLpuCgD2c5MvH0Z
aVgAoJayl0dOzB1RIpk2tLnFLcTW+uYG
=Fu0p
-----END PGP SIGNATURE-----
Reply sent
to bap@debian.org (Barak A. Pearlmutter):
You have taken responsibility.
(Sat, 16 Feb 2013 18:06:04 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sat, 16 Feb 2013 18:06:04 GMT) (full text, mbox, link).
Message #15 received at 697987-close@bugs.debian.org (full text, mbox, reply):
Source: ettercap
Source-Version: 1:0.7.3-2.1+squeeze1
We believe that the bug you reported is fixed in the latest version of
ettercap, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 697987@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Barak A. Pearlmutter <bap@debian.org> (supplier of updated ettercap package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 14 Jan 2013 14:14:15 +0000
Source: ettercap
Binary: ettercap-common ettercap ettercap-gtk
Architecture: source amd64
Version: 1:0.7.3-2.1+squeeze1
Distribution: stable
Urgency: high
Maintainer: Murat Demirten <murat@debian.org>
Changed-By: Barak A. Pearlmutter <bap@debian.org>
Description:
ettercap - Multipurpose sniffer/interceptor/logger for switched LAN
ettercap-common - Common support files and plugins for ettercap
ettercap-gtk - Multipurpose sniffer/interceptor/logger for switched LAN
Closes: 697987
Changes:
ettercap (1:0.7.3-2.1+squeeze1) stable; urgency=high
.
* Quilt patch for CVE-2013-0722, a stack-based buffer overflow when
parsing hosts list (closes: #697987)
Checksums-Sha1:
a92a8cae1ebbb8efca882cda233cf482a8c99519 1188 ettercap_0.7.3-2.1+squeeze1.dsc
737c49779e2495c8c184292b871b5ae4ebfca241 6548 ettercap_0.7.3-2.1+squeeze1.diff.gz
c64b6b6785b880fba0b119b2e3bd97b6ec38ee25 315914 ettercap-common_0.7.3-2.1+squeeze1_amd64.deb
394384388054c90ed0e8304ad15513d7a4d7459f 207112 ettercap_0.7.3-2.1+squeeze1_amd64.deb
3ef925c5d303f83d9204fb27fc34c110010827e5 246586 ettercap-gtk_0.7.3-2.1+squeeze1_amd64.deb
Checksums-Sha256:
dc882ee22608dd0ba3307852883088a99a71472f4dc12e3581493181faf4c797 1188 ettercap_0.7.3-2.1+squeeze1.dsc
fe0adbb12b34022ee1a14ece790298f2196d851688fd17904138d79725adfacc 6548 ettercap_0.7.3-2.1+squeeze1.diff.gz
d2f2152d13a0a8c24096ab1430cf35c92a036458cf838417a55f860458d5e7b4 315914 ettercap-common_0.7.3-2.1+squeeze1_amd64.deb
7009c0295cdf0e92b1c6293ec6d1497dd8cb1e39ad044d87e8a0e728836fe253 207112 ettercap_0.7.3-2.1+squeeze1_amd64.deb
9720eab372caff2778e09480a8e7877328cb3a689b666828e971f71aee8b6bc5 246586 ettercap-gtk_0.7.3-2.1+squeeze1_amd64.deb
Files:
41f8a3d2a96135e60d33c2bf75cc9c81 1188 net optional ettercap_0.7.3-2.1+squeeze1.dsc
196fd6cbd6d0d62542cf70d81c58b9a0 6548 net optional ettercap_0.7.3-2.1+squeeze1.diff.gz
1c95bbdfbd5042e3f651c7070c532098 315914 net optional ettercap-common_0.7.3-2.1+squeeze1_amd64.deb
ce100094287a8967efb23ac6b76753f2 207112 net optional ettercap_0.7.3-2.1+squeeze1_amd64.deb
a436591534020c5c5d14527e8ca7d8a9 246586 net optional ettercap-gtk_0.7.3-2.1+squeeze1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlD1ZXwACgkQLz4Gnv7CP7LRFgCgkQQmSzFThkB+6CCZULmw6Ty5
qvUAoLnSiZu59WVEtJI7M9ETRqW3u4Ht
=UrSw
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 17 Mar 2013 07:27:32 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:23:44 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon