Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

socat: CVE-2014-0019: PROXY-CONNECT address overflow

Related Vulnerabilities: CVE-2014-0019  

Source

Debian Bug report logs - #736993
socat: CVE-2014-0019: PROXY-CONNECT address overflow

version graph

Package: socat; Maintainer for socat is Laszlo Boszormenyi (GCS) <gcs@debian.org>; Source for socat is src:socat (PTS, buildd, popcon).

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Wed, 29 Jan 2014 05:39:02 UTC

Severity: important

Tags: fixed-upstream, security, upstream

Found in versions socat/1.7.2.2-1, socat/1.7.1.3-1

Fixed in version socat/1.7.2.3-1

Done: Laszlo Boszormenyi (GCS) <gcs@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Chris Taylor <ctaylor@debian.org>:
Bug#736993; Package socat. (Wed, 29 Jan 2014 05:39:06 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Chris Taylor <ctaylor@debian.org>. (Wed, 29 Jan 2014 05:39:06 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: socat: CVE-2014-0019: PROXY-CONNECT address overflow
Date: Wed, 29 Jan 2014 06:37:24 +0100
Package: socat
Severity: important
Tags: security upstream fixed-upstream

Hi,

the following vulnerability was published for socat.

CVE-2014-0019[0,1]:
PROXY-CONNECT address overflow

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0019
    http://security-tracker.debian.org/tracker/CVE-2014-0019
[1] http://www.dest-unreach.org/socat/contrib/socat-secadv5.txt

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Marked as found in versions socat/1.7.1.3-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Wed, 29 Jan 2014 05:51:09 GMT) (full text, mbox, link).

Marked as found in versions socat/1.7.2.2-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Wed, 29 Jan 2014 05:51:10 GMT) (full text, mbox, link).

Reply sent to Laszlo Boszormenyi (GCS) <gcs@debian.org>:
You have taken responsibility. (Sat, 01 Feb 2014 09:51:09 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Sat, 01 Feb 2014 09:51:09 GMT) (full text, mbox, link).

Message #14 received at 736993-close@bugs.debian.org (full text, mbox, reply):

From: Laszlo Boszormenyi (GCS) <gcs@debian.org>
To: 736993-close@bugs.debian.org
Subject: Bug#736993: fixed in socat 1.7.2.3-1
Date: Sat, 01 Feb 2014 09:50:16 +0000
Source: socat
Source-Version: 1.7.2.3-1

We believe that the bug you reported is fixed in the latest version of
socat, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 736993@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <gcs@debian.org> (supplier of updated socat package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 01 Feb 2014 09:48:00 +0100
Source: socat
Binary: socat
Architecture: source amd64
Version: 1.7.2.3-1
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description: 
 socat      - multipurpose relay for bidirectional data transfer
Closes: 736993
Changes: 
 socat (1.7.2.3-1) unstable; urgency=high
 .
   * New upstream release, fixing CVE-2014-0019 (closes: #736993).
   * Update to Standards-Version 3.9.5 .
 .
   [ Bart Martens <bartm@debian.org> ]
   * Update watch file.
Checksums-Sha1: 
 e14054591f76124f1b612995556b82bfe15526b2 1714 socat_1.7.2.3-1.dsc
 ff51cd13b672e67b630cf82aa52c83f829f31121 424461 socat_1.7.2.3.orig.tar.bz2
 f1848ea0eb7c86c54c133dd62ffe881c1720f232 8820 socat_1.7.2.3-1.debian.tar.xz
 8f6b0b9256deb0de7c649b5d5639b1f2c67df355 319592 socat_1.7.2.3-1_amd64.deb
Checksums-Sha256: 
 80c52d0fc21d44dd1810d83223ab8ee7b0e5f7de13d87184ab291b7500df002b 1714 socat_1.7.2.3-1.dsc
 0598ac54af7b138cda9e3c141bcf0cc63eeb2ab31f468a772dc3f7eb3896aad0 424461 socat_1.7.2.3.orig.tar.bz2
 860f64521f2dfe0a5baff2404cdaad92581aabe07d6885701daab675aeedef5f 8820 socat_1.7.2.3-1.debian.tar.xz
 a9c9640ac2afc0fb1e3a8026b645a701c80e143092d2567a3ed8b7f3ac15199e 319592 socat_1.7.2.3-1_amd64.deb
Files: 
 34569244a44c31fe091b0d38e68f6cd8 1714 net extra socat_1.7.2.3-1.dsc
 75008d8baf7c6c9e27aa7afb34a622de 424461 net extra socat_1.7.2.3.orig.tar.bz2
 70e09c6bd9fb2a35370997ac1cd18a17 8820 net extra socat_1.7.2.3-1.debian.tar.xz
 8088bed836a750a1c859eed175dec26b 319592 net extra socat_1.7.2.3-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJS7LszAAoJENzjEOeGTMi/jCUP/RXuGVmd849Uv0EiG0gNH4zP
0+ZA7mRt0EpWHnfmm43fmxpjjSclNFt+3Hexcy3zLnDL0Y0KbN1pQIogmoMGkRuP
F7BgEAxwic4Og6pDjzMblqO4dxN3fNcKHE83AMBF/5msnDvLNfBpC060D3snwfIS
u2Rt/6slpvgNjuilCNvC3MX1d6yB4guwe35H5iHhhikyU/M7L+HBsEYZIbulVP4d
WRk3pO9/tVIAKoq3GLD57DRNzSaMZxaXT8eYHPXGlQcj7TZYFke+g/EaSgzr/zwj
3spRSbgFh/I07jIT9ljTmdGbGj4VNx3X2/3TUiNT7KmhLiJU+RLGraVhRbu/OzzZ
VyosvOdyH3JkYNkZmHylaI5i3v6CdNFairZXaUhii3TQDlpyfsroga+c8OOnlq5s
qEEZebuubpJjblMbLd6D/mHf86miuY+EBuNMkwY6FTAlyLTTCJiRS49SB4uU7fbm
qW1vHKpJ7TULE9pE9F/uKDI/J+9AKuGzevBzcdh4bul9G25VGcW6QOCk19Q29LS5
cfxtGOnkKz/Jf/2wyj3KNlY5KulOHY/dGUg2TDIQdBZrfwp8aE16NGY21F/jdT0o
W1quaO4m8hKDa9L4WGQYFirKbgOmhV7y5dBnc3jBpJhdI/qcAW0EcDJkHsraUs0f
ZoqiTH4WsiUInSDkBFDU
=FgNB
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 04 Mar 2014 07:33:30 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 17:20:12 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook
Vulmon Logo
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started