Debian Bug report logs -
#825553
libimobiledevice: CVE-2016-5104: Sockets listening on INADDR_ANY
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 27 May 2016 18:33:02 UTC
Severity: important
Tags: fixed-upstream, patch, security, upstream
Found in version libimobiledevice/1.1.6+dfsg-1
Fixed in version libimobiledevice/1.2.0+dfsg-3
Done: Chow Loong Jin <hyperair@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, gtkpod Maintainers <pkg-gtkpod-devel@lists.alioth.debian.org>:
Bug#825553; Package src:libimobiledevice.
(Fri, 27 May 2016 18:33:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, gtkpod Maintainers <pkg-gtkpod-devel@lists.alioth.debian.org>.
(Fri, 27 May 2016 18:33:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: libimobiledevice
Version: 1.1.6+dfsg-1
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for libimobiledevice.
CVE-2016-5104[0]:
No description was found (try on a search engine)
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-5104
[1] https://github.com/libimobiledevice/libimobiledevice/commit/df1f5c4d70d0c19ad40072f5246ca457e7f9849e
Regards,
Salvatore
Reply sent
to Chow Loong Jin <hyperair@debian.org>:
You have taken responsibility.
(Thu, 02 Jun 2016 17:21:05 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Thu, 02 Jun 2016 17:21:05 GMT) (full text, mbox, link).
Message #10 received at 825553-close@bugs.debian.org (full text, mbox, reply):
Source: libimobiledevice
Source-Version: 1.2.0+dfsg-3
We believe that the bug you reported is fixed in the latest version of
libimobiledevice, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 825553@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chow Loong Jin <hyperair@debian.org> (supplier of updated libimobiledevice package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 02 Jun 2016 00:10:46 +0800
Source: libimobiledevice
Binary: libimobiledevice6 libimobiledevice-dev libimobiledevice6-dbg python-imobiledevice libimobiledevice-utils libimobiledevice-doc
Architecture: source amd64 all
Version: 1.2.0+dfsg-3
Distribution: unstable
Urgency: high
Maintainer: gtkpod Maintainers <pkg-gtkpod-devel@lists.alioth.debian.org>
Changed-By: Chow Loong Jin <hyperair@debian.org>
Description:
libimobiledevice-dev - Library for communicating with iPhone and iPod Touch devices
libimobiledevice-doc - Library for communicating with iPhone and iPod Touch devices
libimobiledevice-utils - Library for communicating with iPhone and iPod Touch devices
libimobiledevice6 - Library for communicating with the iPhone and iPod Touch
libimobiledevice6-dbg - Library for communicating with iPhone and iPod Touch devices
python-imobiledevice - Library for communicating with iPhone and iPod Touch devices
Closes: 825553
Changes:
libimobiledevice (1.2.0+dfsg-3) unstable; urgency=high
.
* Team upload
* [3b56a55] Import patch to make sockets listen locally.
Fixes CVE-2016-5104 (Closes: #825553)
* [754e9a1] Fix FTBFS with new gnutls
Checksums-Sha1:
34bf320483238013f3e770a72b32370ab2b86a73 2729 libimobiledevice_1.2.0+dfsg-3.dsc
62840ca7751bf37f75f776891ea97937f23306e5 11972 libimobiledevice_1.2.0+dfsg-3.debian.tar.xz
960d507f5d0556a8d227bd25a9aaafc6c841ab99 83104 libimobiledevice-dev_1.2.0+dfsg-3_amd64.deb
43710baf1de27c95fbff2f54d4357c4d20fb1a04 85994 libimobiledevice-doc_1.2.0+dfsg-3_all.deb
3af92879fe29528aacc922120dbca9e909e4c470 86354 libimobiledevice-utils_1.2.0+dfsg-3_amd64.deb
ac0d068e60c7f962e0e69bdbb26e0c25eb106b99 928048 libimobiledevice6-dbg_1.2.0+dfsg-3_amd64.deb
d9358021b6a903625a7905d6b277ecb591c768fa 64690 libimobiledevice6_1.2.0+dfsg-3_amd64.deb
d7240c36eb773cf34d61ed5eff791ab2168350d7 148260 python-imobiledevice_1.2.0+dfsg-3_amd64.deb
Checksums-Sha256:
090493dcd85bb79aefcc543af0dfc3417f0f3f8177ed0ed1225eb020009f4040 2729 libimobiledevice_1.2.0+dfsg-3.dsc
1c95a6c9ddc292ca734f70e1773ab1ec56f78d87346c0fa2cd6cda372e4206cc 11972 libimobiledevice_1.2.0+dfsg-3.debian.tar.xz
a9ca1ecc7563280fe8d0c5bd956d338a43013c6d90318b4f6d4b56fa8894e82c 83104 libimobiledevice-dev_1.2.0+dfsg-3_amd64.deb
5a54b5c645f2a95db4f3d6461585e9d63ec24a08c4f6821d77ceeac27fe8690c 85994 libimobiledevice-doc_1.2.0+dfsg-3_all.deb
95a608e2e1ee1b9175d73d30b22ce10050a34f8a4bc5d71118b334be2957452e 86354 libimobiledevice-utils_1.2.0+dfsg-3_amd64.deb
3bfcea7f04bc67c3ea3e3154b9c8397e4abcc23491b898d92b5c812be7038451 928048 libimobiledevice6-dbg_1.2.0+dfsg-3_amd64.deb
5afa7ff6f923b47fdeb2e332ef81b7c092742d79ed9b9552b1c003d2e2db1d50 64690 libimobiledevice6_1.2.0+dfsg-3_amd64.deb
84bd8d4a9bd01dd0aa1d789c7d108ce2f0bfa36de2cb788ab371c55099fd3a8e 148260 python-imobiledevice_1.2.0+dfsg-3_amd64.deb
Files:
bb239091fc6bf488a5b47b38e5d82cd4 2729 libs optional libimobiledevice_1.2.0+dfsg-3.dsc
3bf385e707de86a59a71062977be9086 11972 libs optional libimobiledevice_1.2.0+dfsg-3.debian.tar.xz
078db3eef2507db32275280bdc3b1ff0 83104 libdevel optional libimobiledevice-dev_1.2.0+dfsg-3_amd64.deb
655d6dcde24914b2e924c6cd7cec9995 85994 doc optional libimobiledevice-doc_1.2.0+dfsg-3_all.deb
58c47193939e7d94e0239f8e2315fecc 86354 utils optional libimobiledevice-utils_1.2.0+dfsg-3_amd64.deb
e7eaf5f1dd03431589ccdce5da96dccd 928048 debug extra libimobiledevice6-dbg_1.2.0+dfsg-3_amd64.deb
2aa47b7566db5c8d40cf55452966222a 64690 libs optional libimobiledevice6_1.2.0+dfsg-3_amd64.deb
930ff841cb45975af833ea83f09dc0a4 148260 python optional python-imobiledevice_1.2.0+dfsg-3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJXUGWMAAoJEPvVIltYh4KhwBYP/iTMX6+nLWrlXVJSmCSlYY9v
Ygw7DnGyFhosOzuPt7iGRbmJrKMphjUyaQVu+x4uBBGlGcUMraJRCF/Bepi0MdfG
9JakETu2mtqdjkguqPySBlfzvyHus2Fsi2/kGno1j2uHFlbaWRst5YesnsASLiXM
hun3GzrotFEBsYMkshPASrCvyLxMY7vpxl9ZRahH0zWypBbrt0m2NN+BHJO0JuDR
/kxtZfOt8xRBCmxJWH8Sqng6RVFvyVV/YKP0OBKWL1K6fo0DIHC/uiaEGJsRVfdw
cRfiYrg0h4wGh4MdCLKDJBedhpdM9GgISt2mozfROC6D+4cT0qSrpDNvSfH+jVAa
uRtCWQ9c8Ut8WOP0ePXgrom5Jbg34QlNFmhfJG9VOtC2EnvL0nrk+pJ9oVgr9JeA
BHL50OGve2guPgnsxWeP4qvWSS6X6zeI8P6K+7g5T/W4vavCTeWOVDwbR/TUOj55
TmRhBfgXiB5txoGsJZI2Th05NgcJCnSGEjsQNorLBEoWHIfb1sGVGCApZhfguH/P
J5M4+230If0BpT7NImSoKc7RksnCaAOWg8VbfxzxJMnWFGEIG91fuBdnuFK6oMjO
H5a2VHSBd3sXL5uhhv7k8D4Aeig11hP1nm0dSajSSDx2drqbsRQec7D/IbqR+rXT
nQuX6pKL/w/T2AlqAc9Q
=p0UY
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 06 Jul 2016 07:28:39 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:52:53 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon