Debian Bug report logs -
#716835
cyrus-sasl2: CVE-2013-4122: NULL pointer dereference
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 13 Jul 2013 12:33:01 UTC
Severity: important
Tags: patch, security, upstream
Fixed in version cyrus-sasl2/2.1.25.dfsg1-14
Done: Ondřej Surý <ondrej@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Cyrus SASL Team <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>:
Bug#716835; Package cyrus-sasl2.
(Sat, 13 Jul 2013 12:33:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Cyrus SASL Team <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>.
(Sat, 13 Jul 2013 12:33:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: cyrus-sasl2
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for cyrus-sasl2.
CVE-2013-4122[0]:
cyrus-sasl NULL ptr. dereference
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
Upstream patch is at [1].
For further information see:
[0] http://security-tracker.debian.org/tracker/CVE-2013-4122
[1] http://git.cyrusimap.org/cyrus-sasl/commit/?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d
Please adjust the affected versions in the BTS as needed.
(This is an issue with eglibc starting from 2.17).
Regards,
Salvatore
Reply sent
to Ondřej Surý <ondrej@debian.org>:
You have taken responsibility.
(Wed, 17 Jul 2013 15:09:05 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Wed, 17 Jul 2013 15:09:05 GMT) (full text, mbox, link).
Message #10 received at 716835-close@bugs.debian.org (full text, mbox, reply):
Source: cyrus-sasl2
Source-Version: 2.1.25.dfsg1-14
We believe that the bug you reported is fixed in the latest version of
cyrus-sasl2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 716835@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ondřej Surý <ondrej@debian.org> (supplier of updated cyrus-sasl2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 17 Jul 2013 16:19:39 +0200
Source: cyrus-sasl2
Binary: sasl2-bin cyrus-sasl2-doc libsasl2-2 libsasl2-modules libsasl2-modules-ldap libsasl2-modules-otp libsasl2-modules-sql libsasl2-modules-gssapi-mit libsasl2-dev libsasl2-modules-gssapi-heimdal cyrus-sasl2-dbg cyrus-sasl2-mit-dbg cyrus-sasl2-heimdal-dbg
Architecture: source amd64 all
Version: 2.1.25.dfsg1-14
Distribution: unstable
Urgency: low
Maintainer: Debian Cyrus SASL Team <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
Changed-By: Ondřej Surý <ondrej@debian.org>
Description:
cyrus-sasl2-dbg - Cyrus SASL - debugging symbols
cyrus-sasl2-doc - Cyrus SASL - documentation
cyrus-sasl2-heimdal-dbg - Cyrus SASL - debugging symbols for Heimdal modules
cyrus-sasl2-mit-dbg - Cyrus SASL - debugging symbols for MIT modules
libsasl2-2 - Cyrus SASL - authentication abstraction library
libsasl2-dev - Cyrus SASL - development files for authentication abstraction lib
libsasl2-modules - Cyrus SASL - pluggable authentication modules
libsasl2-modules-gssapi-heimdal - Pluggable Authentication Modules for SASL (GSSAPI)
libsasl2-modules-gssapi-mit - Cyrus SASL - pluggable authentication modules (GSSAPI)
libsasl2-modules-ldap - Cyrus SASL - pluggable authentication modules (LDAP)
libsasl2-modules-otp - Cyrus SASL - pluggable authentication modules (OTP)
libsasl2-modules-sql - Cyrus SASL - pluggable authentication modules (SQL)
sasl2-bin - Cyrus SASL - administration programs for SASL users database
Closes: 716835
Changes:
cyrus-sasl2 (2.1.25.dfsg1-14) unstable; urgency=low
.
* CVE-2013-4122: Handle NULL returns from glibc 2.17+ crypt()
(Closes: #716835)
Checksums-Sha1:
b271e05bf81e2024ca8962eba40572cdc4bd00c4 2560 cyrus-sasl2_2.1.25.dfsg1-14.dsc
cc3ce2cc036c53baf4c0956cf8adf6b4554d1844 108349 cyrus-sasl2_2.1.25.dfsg1-14.debian.tar.gz
5b11f99cf43b18e9298610deb1a357bf892d8687 184520 sasl2-bin_2.1.25.dfsg1-14_amd64.deb
b6acc5784695258b9f8cdbfa6e0328554ec15f67 113318 cyrus-sasl2-doc_2.1.25.dfsg1-14_all.deb
ddb2c111d0fbb2ae1a77e2efaf0e8b0bc0b7bbc6 108706 libsasl2-2_2.1.25.dfsg1-14_amd64.deb
61cd8f353c19135c1f571a019ac4cfba37446bf9 122764 libsasl2-modules_2.1.25.dfsg1-14_amd64.deb
cd98c1954973099e83edc7bfa8e89916e017c365 64342 libsasl2-modules-ldap_2.1.25.dfsg1-14_amd64.deb
f3df88574bb66e7c361f6483fcf66ff138272a91 88778 libsasl2-modules-otp_2.1.25.dfsg1-14_amd64.deb
8bef9ac889ef880a1005dd5c1cc4d0892361c797 67612 libsasl2-modules-sql_2.1.25.dfsg1-14_amd64.deb
bf148a068888ebfd220d87ef3179d1c8605c8cf2 99782 libsasl2-modules-gssapi-mit_2.1.25.dfsg1-14_amd64.deb
a5c8c7208d733b5c312d6c69a52937d8b2574451 359700 libsasl2-dev_2.1.25.dfsg1-14_amd64.deb
af3e75f1e2e604c9637437ecbfe307c04f9c1f52 69338 libsasl2-modules-gssapi-heimdal_2.1.25.dfsg1-14_amd64.deb
0ed2ed3823d38b7e1cff3def0bea0ec52435eed1 848520 cyrus-sasl2-dbg_2.1.25.dfsg1-14_amd64.deb
26e77a0c18dfe784ec272612c9bf55954cfd8ac6 88194 cyrus-sasl2-mit-dbg_2.1.25.dfsg1-14_amd64.deb
f80d80963a029c73e3dd13389de725123b1e26d2 88732 cyrus-sasl2-heimdal-dbg_2.1.25.dfsg1-14_amd64.deb
Checksums-Sha256:
9b49876850511ae1eebaaa58faf0d6319447902e5d3fb5a0b9c65a40cc269504 2560 cyrus-sasl2_2.1.25.dfsg1-14.dsc
8b2ad9827298e90c88a65271b85edaae07227ab6682ffa270c30e38dae15162c 108349 cyrus-sasl2_2.1.25.dfsg1-14.debian.tar.gz
f090f369c1de1f868ebcaeb80dc1a68eb4b144c828d4bcf8cc3aa01ac83128ac 184520 sasl2-bin_2.1.25.dfsg1-14_amd64.deb
bf49fe79a7457de2ed7467473d9ea868242c3e54ee49c3a74f039ec52f586098 113318 cyrus-sasl2-doc_2.1.25.dfsg1-14_all.deb
6b0d693a4be19b26737b720fbd1656e2e9fccc2a9f3330b0da3e2e6a008c2be7 108706 libsasl2-2_2.1.25.dfsg1-14_amd64.deb
3ae3e5827ae6afd16b65e031e89e058faa5c8d516fb647b916524a88a284281f 122764 libsasl2-modules_2.1.25.dfsg1-14_amd64.deb
1edc136a3f76d493649b9a8c99620fc208820d80d55cd11e3273ba472c5d5597 64342 libsasl2-modules-ldap_2.1.25.dfsg1-14_amd64.deb
d197aec1b7ceb4965f1d30de4350398764adc9d05341434e8a7aefe5c1579808 88778 libsasl2-modules-otp_2.1.25.dfsg1-14_amd64.deb
e8dda1da2c7c599f8e8aa24a5936ee091b55ec02d479ccef6f7f81b8ba5f6ae8 67612 libsasl2-modules-sql_2.1.25.dfsg1-14_amd64.deb
36360c0a512908165d10f77ca7dea9d5cd845d5fd653bb2fa71f971314555128 99782 libsasl2-modules-gssapi-mit_2.1.25.dfsg1-14_amd64.deb
8967c4144a55c4e2121cef183cc918a6f330969543c8dcf2ed4c2a3d52cd2143 359700 libsasl2-dev_2.1.25.dfsg1-14_amd64.deb
93a19f231340befe029bae0c691cfefa6df7078596a40390c9845bb8a110119f 69338 libsasl2-modules-gssapi-heimdal_2.1.25.dfsg1-14_amd64.deb
1bd168a2c3ab57ef611a9a2d61c880b84f408b3787bf0cb7d363cf7e4fe997e7 848520 cyrus-sasl2-dbg_2.1.25.dfsg1-14_amd64.deb
24c6c2d5aa1c3622b681817845835e2b721e26f6f2a50ba45140621baf786e14 88194 cyrus-sasl2-mit-dbg_2.1.25.dfsg1-14_amd64.deb
65c98d15e96026b7a5acc2af0860b0edada5fdb472a2c3b6aeab226a1838f70a 88732 cyrus-sasl2-heimdal-dbg_2.1.25.dfsg1-14_amd64.deb
Files:
b207f53bd3da1bc1d708b0500ec7bc08 2560 libs standard cyrus-sasl2_2.1.25.dfsg1-14.dsc
776e750f609ab0a4a1654f1590c7484a 108349 libs standard cyrus-sasl2_2.1.25.dfsg1-14.debian.tar.gz
000afce6a937a89b6be3e4acb0c5700e 184520 utils optional sasl2-bin_2.1.25.dfsg1-14_amd64.deb
006353b97a3949de7edf91e3f65b46e5 113318 doc optional cyrus-sasl2-doc_2.1.25.dfsg1-14_all.deb
d7f40cf30809a0f84a7ee8ef19e1e0a6 108706 libs standard libsasl2-2_2.1.25.dfsg1-14_amd64.deb
ee9178aba4bac8696a1eed1fe856e7ca 122764 libs optional libsasl2-modules_2.1.25.dfsg1-14_amd64.deb
e82e4a614d571d772de97a3806bef0d2 64342 libs extra libsasl2-modules-ldap_2.1.25.dfsg1-14_amd64.deb
ce5d26fdb525ae901b68fabb800b2b6b 88778 libs extra libsasl2-modules-otp_2.1.25.dfsg1-14_amd64.deb
4f33dbf080479c3ebdf541b21b56753e 67612 libs extra libsasl2-modules-sql_2.1.25.dfsg1-14_amd64.deb
735e98f3230ef206dcc6fb48f7d3fb61 99782 libs extra libsasl2-modules-gssapi-mit_2.1.25.dfsg1-14_amd64.deb
a960c9e98cac5325a0aaf8647012398b 359700 libdevel optional libsasl2-dev_2.1.25.dfsg1-14_amd64.deb
c33eb2b3502f1eba5723649c15062a8c 69338 libs extra libsasl2-modules-gssapi-heimdal_2.1.25.dfsg1-14_amd64.deb
9c4eedc9ca7f7f13069db098887330ec 848520 debug extra cyrus-sasl2-dbg_2.1.25.dfsg1-14_amd64.deb
da22242a1d37611412f0e6766c8c7add 88194 debug extra cyrus-sasl2-mit-dbg_2.1.25.dfsg1-14_amd64.deb
59e45987755e37731a7869009377bb17 88732 debug extra cyrus-sasl2-heimdal-dbg_2.1.25.dfsg1-14_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlHmqpkACgkQ9OZqfMIN8nOREQCfQ+8zO59/g/T3HiRF9ZPQRcuw
KRYAoKCm7NqCd/Wre7bxJKCyRJCZF+Qi
=ANyv
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 25 Aug 2013 07:27:24 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:54:51 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon