Debian Bug report logs -
#354461
zoo: buffer overflow when processing archives
Reported by: metaur@telia.com
Date: Sun, 26 Feb 2006 15:48:07 UTC
Severity: grave
Tags: security
Found in version zoo/2.10-16
Fixed in version zoo/2.10-17
Done: Jose Carlos Medeiros <debian@psabs.com.br>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Jose Carlos Medeiros <debian@psabs.com.br>
:
Bug#354461
; Package zoo
.
(full text, mbox, link).
Acknowledgement sent to metaur@telia.com
:
New Bug report received and forwarded. Copy sent to Jose Carlos Medeiros <debian@psabs.com.br>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Subject: zoo: buffer overflow when processing archives
Package: zoo
Version: 2.10-16
Severity: grave
Justification: user security hole
Tags: security
Hello,
Jean-Sébastien Guay-Leroux has found a buffer overflow vulnerability in zoo:
o http://secunia.com/advisories/19002/
o http://seclists.org/lists/fulldisclosure/2006/Feb/0572.html
The full-disclosure post includes a patch.
// Ulf Harnhammar
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages zoo depends on:
ii libc6 2.3.5-13 GNU C Library: Shared libraries an
zoo recommends no packages.
-- no debconf information
Information forwarded to debian-bugs-dist@lists.debian.org, Jose Carlos Medeiros <debian@psabs.com.br>
:
Bug#354461
; Package zoo
.
(full text, mbox, link).
Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>
:
Extra info received and forwarded to list. Copy sent to Jose Carlos Medeiros <debian@psabs.com.br>
.
(full text, mbox, link).
Message #10 received at 354461@bugs.debian.org (full text, mbox, reply):
This is CVE-2006-0855
Please mention the CVE number in the changelog
Tags added: pending
Request was from "Jose Carlos Medeiros" <jcnascimento@gmail.com>
to control@bugs.debian.org
.
(full text, mbox, link).
Reply sent to Jose Carlos Medeiros <debian@psabs.com.br>
:
You have taken responsibility.
(full text, mbox, link).
Notification sent to metaur@telia.com
:
Bug acknowledged by developer.
(full text, mbox, link).
Message #17 received at 354461-close@bugs.debian.org (full text, mbox, reply):
Source: zoo
Source-Version: 2.10-17
We believe that the bug you reported is fixed in the latest version of
zoo, which is due to be installed in the Debian FTP archive:
zoo_2.10-17.diff.gz
to pool/main/z/zoo/zoo_2.10-17.diff.gz
zoo_2.10-17.dsc
to pool/main/z/zoo/zoo_2.10-17.dsc
zoo_2.10-17_i386.deb
to pool/main/z/zoo/zoo_2.10-17_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 354461@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jose Carlos Medeiros <debian@psabs.com.br> (supplier of updated zoo package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 3 Mar 2006 18:56:02 -0300
Source: zoo
Binary: zoo
Architecture: source i386
Version: 2.10-17
Distribution: unstable
Urgency: low
Maintainer: Jose Carlos Medeiros <debian@psabs.com.br>
Changed-By: Jose Carlos Medeiros <debian@psabs.com.br>
Description:
zoo - manipulate zoo archives
Closes: 354461
Changes:
zoo (2.10-17) unstable; urgency=low
.
* Added 04_fix_fullpath_buffer_overflow patch to fix a Buffer Overflow,
CAN-2006-0855. Thanks to Jean-SébastienGuay-Leroux
<jean-sebastien_at_guay-leroux.com>, (closes: #354461)
Files:
123e1150ca19f03d30fa6366215c48c6 617 utils optional zoo_2.10-17.dsc
77c580eafeb9b64c6977872d2588b2ca 12013 utils optional zoo_2.10-17.diff.gz
e76d6855bac61e68ff3079138751df0c 62854 utils optional zoo_2.10-17_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFEDeSbGKGxzw/lPdkRAv9WAJ0ZvWWOrIVnZFSFtikXBoCVZ3oS7QCfS/bo
Bwn49GaghHFobPiUhwxC5gg=
=lP9K
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Tue, 26 Jun 2007 03:36:14 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:01:14 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.