Debian Bug report logs -
#397076
rpm: CVE-2006-5466
Reported by: Adrian Bunk <bunk@stusta.de>
Date: Sun, 5 Nov 2006 00:18:13 UTC
Severity: grave
Tags: security
Found in version rpm/4.4.1-10
Fixed in version rpm/4.4.1-11
Done: Anibal Monsalve Salazar <anibal@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Anibal Monsalve Salazar <anibal@debian.org>
:
Bug#397076
; Package rpm
.
(full text, mbox, link).
Acknowledgement sent to Adrian Bunk <bunk@stusta.de>
:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Anibal Monsalve Salazar <anibal@debian.org>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: rpm
Version: 4.4.1-10
Severity: grave
Tags: security
Quoting http://www.ubuntu.com/usn/usn-378-1:
An error was found in the RPM library's handling of query reports. In
some locales, certain RPM packages would cause the library to crash. If
a user was tricked into querying a specially crafted RPM package, the
flaw could be exploited to execute arbitrary code with the user's
privileges.
Reply sent to Anibal Monsalve Salazar <anibal@debian.org>
:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Adrian Bunk <bunk@stusta.de>
:
Bug acknowledged by developer.
(full text, mbox, link).
Message #10 received at 397076-close@bugs.debian.org (full text, mbox, reply):
Source: rpm
Source-Version: 4.4.1-11
We believe that the bug you reported is fixed in the latest version of
rpm, which is due to be installed in the Debian FTP archive:
librpm-dev_4.4.1-11_i386.deb
to pool/main/r/rpm/librpm-dev_4.4.1-11_i386.deb
librpm4_4.4.1-11_i386.deb
to pool/main/r/rpm/librpm4_4.4.1-11_i386.deb
lsb-rpm_4.4.1-11_i386.deb
to pool/main/r/rpm/lsb-rpm_4.4.1-11_i386.deb
python-rpm_4.4.1-11_i386.deb
to pool/main/r/rpm/python-rpm_4.4.1-11_i386.deb
rpm_4.4.1-11.diff.gz
to pool/main/r/rpm/rpm_4.4.1-11.diff.gz
rpm_4.4.1-11.dsc
to pool/main/r/rpm/rpm_4.4.1-11.dsc
rpm_4.4.1-11_i386.deb
to pool/main/r/rpm/rpm_4.4.1-11_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 397076@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Anibal Monsalve Salazar <anibal@debian.org> (supplier of updated rpm package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 05 Nov 2006 13:27:39 +1100
Source: rpm
Binary: python-rpm rpm librpm-dev lsb-rpm librpm4
Architecture: source i386
Version: 4.4.1-11
Distribution: unstable
Urgency: high
Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
Changed-By: Anibal Monsalve Salazar <anibal@debian.org>
Description:
librpm-dev - RPM shared library, development kit
librpm4 - RPM shared library
lsb-rpm - Red Hat package manager for LSB package building
python-rpm - Python bindings for RPM
rpm - Red Hat package manager
Closes: 397076
Changes:
rpm (4.4.1-11) unstable; urgency=high
.
* Synchronized to Ubuntu
- SECURITY UPDATE: heap overflow in query report could lead to
arbitrary code execution.
- Add 'debian/patches/99_query_heap_protection.diff': validate
message length. Patch from upstream CVS, applied inline.
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212833
- CVE-2006-5466
- Closes: #397076.
* Updated debian/watch.
* Added debian/pycompat.
Files:
717f47386bef0c0a6ff5e0e05643a841 992 admin optional rpm_4.4.1-11.dsc
4a449c23ba10b3dea8da4b372956c871 241642 admin optional rpm_4.4.1-11.diff.gz
3d8b69b4a6fd99af40e89c8261e9f8ea 829518 admin optional rpm_4.4.1-11_i386.deb
11222fa2f0157a6e72867590128c146a 2462884 devel optional lsb-rpm_4.4.1-11_i386.deb
a73301c64d7af388bbac9720fc4b91b8 977982 libs optional librpm4_4.4.1-11_i386.deb
ec386ce598cc1be148b7870f79dad231 1310190 libdevel extra librpm-dev_4.4.1-11_i386.deb
75225253798d39faaf448617de261923 496756 python extra python-rpm_4.4.1-11_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFFTXtCipBneRiAKDwRAmd8AJ9+I0oPJggH6cb0J3uM/fn21C3e4ACfVIuC
ivrPBqoc7/g+OkcLQqLkXKg=
=MuvE
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Tue, 26 Jun 2007 14:57:00 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:22:51 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.