Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

plib: CVE-2012-4552

Related Vulnerabilities: CVE-2012-4552  

Source

Debian Bug report logs - #694810
plib: CVE-2012-4552

version graph

Package: plib; Maintainer for plib is Debian QA Group <packages@qa.debian.org>;

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Fri, 30 Nov 2012 15:21:02 UTC

Severity: grave

Tags: patch

Found in version 1.8.5-5

Fixed in version plib/1.8.5-6

Done: Michael Stapelberg <stapelberg@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Bradley Smith <bradsmith@debian.org>:
Bug#694810; Package plib. (Fri, 30 Nov 2012 15:21:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Bradley Smith <bradsmith@debian.org>. (Fri, 30 Nov 2012 15:21:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: plib: CVE-2012-4552
Date: Fri, 30 Nov 2012 16:14:42 +0100
Package: plib
Severity: grave
Tags: important

http://www.openwall.com/lists/oss-security/2012/10/29/8

Please see the Red Hat bug for more details on the patch
status:
https://bugzilla.redhat.com/show_bug.cgi?id=871187

Cheers,
        Moritz

Information forwarded to debian-bugs-dist@lists.debian.org, Bradley Smith <bradsmith@debian.org>:
Bug#694810; Package plib. (Tue, 04 Dec 2012 19:27:03 GMT) (full text, mbox, link).

Acknowledgement sent to Michael Stapelberg <stapelberg@debian.org>:
Extra info received and forwarded to list. Copy sent to Bradley Smith <bradsmith@debian.org>. (Tue, 04 Dec 2012 19:27:03 GMT) (full text, mbox, link).

Message #10 received at 694810@bugs.debian.org (full text, mbox, reply):

From: Michael Stapelberg <stapelberg@debian.org>
To: Moritz Muehlenhoff <jmm@inutil.org>
Cc: 694810@bugs.debian.org, team@security.debian.org, control@bugs.debian.org
Subject: Re: plib: CVE-2012-4552
Date: Tue, 4 Dec 2012 20:25:38 +0100
[Message part 1 (text/plain, inline)]
tags 694810 + patch
thanks

On Fri, 30 Nov 2012 16:14:42 +0100
Moritz Muehlenhoff <jmm@inutil.org> wrote:
> http://www.openwall.com/lists/oss-security/2012/10/29/8
> 
> Please see the Red Hat bug for more details on the patch
> status:
> https://bugzilla.redhat.com/show_bug.cgi?id=871187
Fedora has a patch by now.

I built a package which incorporates that patch, debdiff is attached.

I am unsure where to upload/what to do with this new package. security
team, please enlighten me :-).

-- 
Best regards,
Michael

[plib.debdiff (application/octet-stream, attachment)]

Added tag(s) patch. Request was from Michael Stapelberg <stapelberg@debian.org> to control@bugs.debian.org. (Tue, 04 Dec 2012 19:27:07 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Bradley Smith <bradsmith@debian.org>:
Bug#694810; Package plib. (Wed, 05 Dec 2012 11:57:03 GMT) (full text, mbox, link).

Acknowledgement sent to "Thijs Kinkhorst" <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to Bradley Smith <bradsmith@debian.org>. (Wed, 05 Dec 2012 11:57:03 GMT) (full text, mbox, link).

Message #17 received at 694810@bugs.debian.org (full text, mbox, reply):

From: "Thijs Kinkhorst" <thijs@debian.org>
To: "Michael Stapelberg" <stapelberg@debian.org>
Cc: 694810@bugs.debian.org, team@security.debian.org
Subject: Re: plib: CVE-2012-4552
Date: Wed, 5 Dec 2012 12:55:11 +0100
Hi Michael,

On Tue, December 4, 2012 20:25, Michael Stapelberg wrote:
> On Fri, 30 Nov 2012 16:14:42 +0100
> Moritz Muehlenhoff <jmm@inutil.org> wrote:
>> http://www.openwall.com/lists/oss-security/2012/10/29/8
>>
>> Please see the Red Hat bug for more details on the patch
>> status:
>> https://bugzilla.redhat.com/show_bug.cgi?id=871187
> Fedora has a patch by now.
>
> I built a package which incorporates that patch, debdiff is attached.

Thanks! You should change urgency to 'high' though.

> I am unsure where to upload/what to do with this new package. security
> team, please enlighten me :-).

As this package targets unstable, you can upload it to unstable. Don't
forget to ask the Release Team for an unblock.


Cheers,
Thijs

Reply sent to Michael Stapelberg <stapelberg@debian.org>:
You have taken responsibility. (Thu, 06 Dec 2012 12:12:11 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Thu, 06 Dec 2012 12:12:11 GMT) (full text, mbox, link).

Message #22 received at 694810-close@bugs.debian.org (full text, mbox, reply):

From: Michael Stapelberg <stapelberg@debian.org>
To: 694810-close@bugs.debian.org
Subject: Bug#694810: fixed in plib 1.8.5-6
Date: Thu, 06 Dec 2012 12:11:04 +0000
Source: plib
Source-Version: 1.8.5-6

We believe that the bug you reported is fixed in the latest version of
plib, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 694810@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Stapelberg <stapelberg@debian.org> (supplier of updated plib package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 05 Dec 2012 17:36:58 +0100
Source: plib
Binary: libplib1 libplib-dev
Architecture: source amd64
Version: 1.8.5-6
Distribution: unstable
Urgency: high
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Michael Stapelberg <stapelberg@debian.org>
Description: 
 libplib-dev - Portability Libraries: Development package
 libplib1   - Portability Libraries: Run-time package
Closes: 694810
Changes: 
 plib (1.8.5-6) unstable; urgency=high
 .
   * QA upload.
   * Apply patch to fix CVE-2012-4552 by Hans de Goede (Closes: #694810).
Checksums-Sha1: 
 eba778a72103516bda4c742c7448c2500976cc16 1936 plib_1.8.5-6.dsc
 b193b775fb2d95eb153ddd3ce5f9ae4d3806db84 10405 plib_1.8.5-6.diff.gz
 66a21a7a96314a362fc897768e6c9907fae158a0 647384 libplib1_1.8.5-6_amd64.deb
 6a9dec8483f3973133e1f41f87f78c8642b85eb8 939318 libplib-dev_1.8.5-6_amd64.deb
Checksums-Sha256: 
 51a768fd319566dd5b3efacfe50d7f2ec3629e64e1358f83f0df61a424a324c6 1936 plib_1.8.5-6.dsc
 5d7bafcb298e8a38563e597b4b4bce6ffe351103c7e051ae33ccf6bf274390ca 10405 plib_1.8.5-6.diff.gz
 90e2e9ca9e072b17304766adb1edfebf82df6fbf0f60d9494341513ad6911fdd 647384 libplib1_1.8.5-6_amd64.deb
 d3423d2e6cc23bf2899035aae751ab0675860e11e46d1a65c36a7ae4e2a41b71 939318 libplib-dev_1.8.5-6_amd64.deb
Files: 
 7c4d61be59cdc64725eed0e943341885 1936 devel extra plib_1.8.5-6.dsc
 af7620c1ca727405d386d13640bf8568 10405 devel extra plib_1.8.5-6.diff.gz
 db55f3efcb5f618fdee687923fc8a03d 647384 libs extra libplib1_1.8.5-6_amd64.deb
 b4930c351abe392bd5cc1e6771dcce75 939318 libdevel extra libplib-dev_1.8.5-6_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJQv3nnAAoJEE5xYO1KyO4dq/sP/1lr5f/E/gyvpKofTAfh0tux
er1Gzv/bkG8gLJ7P8twFviqr7Ri/8BBaiLhrcoosGa4Bnoi97E7dlWTfMkEnHGqK
k4JeC3lAL/jInVJoOSelm0Zrw9qzH86YjF6KMCIombomNAiX6qaQlu4Y0vfFwerA
q1tDehnip42XnLtBWEqQkilUBR0UuQ5CGcGpCGFtKcbQXE+RBO2PicKrwhZitaB3
ytYblVoVVgaIUgGX/6Ms7f7BBebiORTETZFqAqsQjVbjR7pDtcB+IOvB6Y9C0To2
ghUKwj8WaH0fNM5gZ4E8Zmv+mrU3RdUHP3OwChRQdGge8mDq1XwNdtV7yyP30sA8
GYgK57p08z3tUDyBUb2Dw+uFYRA5wy+gU/HTb25EkC4+vAloBMcvI0pzdiFdPwo4
P83LCmY2NiqXUZtnsC3hJyKCMGvGg395v8z2+awIZrX3J9dW0Co6kscBmOvoK4rC
8u4IRd/7yfqwaT82Onwj2WrtNFR5E4JtryoLM8UKqhE6T4uedjJMfkggtiQDXnCY
YrXp4tIKinEbexRigsVCNZcoPBzqwlgbBCTbXv5Ep+W6fLpeoTwNq1CLmgFGbzQz
2a3/C/Xo101kWyDveCLiDtKNAyYty8XmceZLBfAiaNE9Mr/x7vVB8li4v933Y5LU
MgEjbMoOh7UST48sJz+E
=9mYS
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 04 Jan 2013 07:25:44 GMT) (full text, mbox, link).

Bug unarchived. Request was from jmw@debian.org to control@bugs.debian.org. (Thu, 17 Jan 2013 17:03:09 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#694810; Package plib. (Fri, 18 Jan 2013 12:36:08 GMT) (full text, mbox, link).

Acknowledgement sent to Jonathan Wiltshire <jmw@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Fri, 18 Jan 2013 12:36:08 GMT) (full text, mbox, link).

Message #31 received at 694810@bugs.debian.org (full text, mbox, reply):

From: Jonathan Wiltshire <jmw@debian.org>
To: 694810@bugs.debian.org
Subject: Re: plib: CVE-2012-4552
Date: Fri, 18 Jan 2013 12:15:08 -0000
Package: plib

Dear maintainer,

Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:

squeeze (6.0.7) - use target "stable"

Please prepare a minimal-changes upload targetting each of these suites,
and submit a debdiff to the Release Team [0] for consideration. They will
offer additional guidance or instruct you to upload your package.

I will happily assist you at any stage if the patch is straightforward and
you need help. Please keep me in CC at all times so I can
track [1] the progress of this request.

For details of this process and the rationale, please see the original
announcement [2] and my blog post [3].

0: debian-release@lists.debian.org
1: http://prsc.debian.net/tracker/694810/
2: <201101232332.11736.thijs@debian.org>
3: http://deb.li/prsc

Thanks,

with his security hat on:
--
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 16 Feb 2013 07:25:50 GMT) (full text, mbox, link).

Bug unarchived. Request was from Raphael Geissert <geissert@debian.org> to control@bugs.debian.org. (Thu, 28 Feb 2013 16:00:05 GMT) (full text, mbox, link).

Marked as found in versions 1.8.5-5. Request was from Raphael Geissert <geissert@debian.org> to control@bugs.debian.org. (Thu, 28 Feb 2013 16:00:06 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 02 Jun 2013 07:34:38 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 19:17:58 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started