Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2006-5466

Source

Debian Bug report logs - #397076
rpm: CVE-2006-5466

Package: rpm; Maintainer for rpm is RPM packaging team <team+pkg-rpm@tracker.debian.org>; Source for rpm is src:rpm (PTS, buildd, popcon).

Reported by: Adrian Bunk <bunk@stusta.de>

Date: Sun, 5 Nov 2006 00:18:13 UTC

Severity: grave

Tags: security

Found in version rpm/4.4.1-10

Fixed in version rpm/4.4.1-11

Done: Anibal Monsalve Salazar <anibal@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#397076; Package rpm. (full text, mbox, link).

Acknowledgement sent to Adrian Bunk <bunk@stusta.de>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Anibal Monsalve Salazar <anibal@debian.org>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: rpm
Version: 4.4.1-10
Severity: grave
Tags: security


Quoting http://www.ubuntu.com/usn/usn-378-1:

An error was found in the RPM library's handling of query reports.  In
some locales, certain RPM packages would cause the library to crash.  If
a user was tricked into querying a specially crafted RPM package, the
flaw could be exploited to execute arbitrary code with the user's
privileges.

Reply sent to Anibal Monsalve Salazar <anibal@debian.org>:
You have taken responsibility. (full text, mbox, link).

Notification sent to Adrian Bunk <bunk@stusta.de>:
Bug acknowledged by developer. (full text, mbox, link).

Message #10 received at 397076-close@bugs.debian.org (full text, mbox, reply):

Source: rpm
Source-Version: 4.4.1-11

We believe that the bug you reported is fixed in the latest version of
rpm, which is due to be installed in the Debian FTP archive:

librpm-dev_4.4.1-11_i386.deb
  to pool/main/r/rpm/librpm-dev_4.4.1-11_i386.deb
librpm4_4.4.1-11_i386.deb
  to pool/main/r/rpm/librpm4_4.4.1-11_i386.deb
lsb-rpm_4.4.1-11_i386.deb
  to pool/main/r/rpm/lsb-rpm_4.4.1-11_i386.deb
python-rpm_4.4.1-11_i386.deb
  to pool/main/r/rpm/python-rpm_4.4.1-11_i386.deb
rpm_4.4.1-11.diff.gz
  to pool/main/r/rpm/rpm_4.4.1-11.diff.gz
rpm_4.4.1-11.dsc
  to pool/main/r/rpm/rpm_4.4.1-11.dsc
rpm_4.4.1-11_i386.deb
  to pool/main/r/rpm/rpm_4.4.1-11_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 397076@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Anibal Monsalve Salazar <anibal@debian.org> (supplier of updated rpm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 05 Nov 2006 13:27:39 +1100
Source: rpm
Binary: python-rpm rpm librpm-dev lsb-rpm librpm4
Architecture: source i386
Version: 4.4.1-11
Distribution: unstable
Urgency: high
Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
Changed-By: Anibal Monsalve Salazar <anibal@debian.org>
Description: 
 librpm-dev - RPM shared library, development kit
 librpm4    - RPM shared library
 lsb-rpm    - Red Hat package manager for LSB package building
 python-rpm - Python bindings for RPM
 rpm        - Red Hat package manager
Closes: 397076
Changes: 
 rpm (4.4.1-11) unstable; urgency=high
 .
   * Synchronized to Ubuntu
     - SECURITY UPDATE: heap overflow in query report could lead to
       arbitrary code execution.
     - Add 'debian/patches/99_query_heap_protection.diff': validate
       message length. Patch from upstream CVS, applied inline.
     - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212833
     - CVE-2006-5466
     - Closes: #397076.
   * Updated debian/watch.
   * Added debian/pycompat.
Files: 
 717f47386bef0c0a6ff5e0e05643a841 992 admin optional rpm_4.4.1-11.dsc
 4a449c23ba10b3dea8da4b372956c871 241642 admin optional rpm_4.4.1-11.diff.gz
 3d8b69b4a6fd99af40e89c8261e9f8ea 829518 admin optional rpm_4.4.1-11_i386.deb
 11222fa2f0157a6e72867590128c146a 2462884 devel optional lsb-rpm_4.4.1-11_i386.deb
 a73301c64d7af388bbac9720fc4b91b8 977982 libs optional librpm4_4.4.1-11_i386.deb
 ec386ce598cc1be148b7870f79dad231 1310190 libdevel extra librpm-dev_4.4.1-11_i386.deb
 75225253798d39faaf448617de261923 496756 python extra python-rpm_4.4.1-11_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFFTXtCipBneRiAKDwRAmd8AJ9+I0oPJggH6cb0J3uM/fn21C3e4ACfVIuC
ivrPBqoc7/g+OkcLQqLkXKg=
=MuvE
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 26 Jun 2007 14:57:00 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 18:22:51 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

rpm: CVE-2006-5466

Debian Bug report logs - #397076
rpm: CVE-2006-5466

Vulmon Search

About

Products

Connect

rpm: CVE-2006-5466

Debian Bug report logs - #397076 rpm: CVE-2006-5466

Vulmon Search

About

Products

Connect

Debian Bug report logs - #397076
rpm: CVE-2006-5466