Debian Bug report logs -
#690675
libsocialweb: CVE-2012-4511
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Tue, 16 Oct 2012 10:09:01 UTC
Severity: important
Tags: patch, security
Fixed in version libsocialweb/0.25.20-3.1
Done: Hideki Yamane <henrich@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Ying-Chun Liu (PaulLiu) <paulliu@debian.org>:
Bug#690675; Package libsocialweb.
(Tue, 16 Oct 2012 10:09:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Ying-Chun Liu (PaulLiu) <paulliu@debian.org>.
(Tue, 16 Oct 2012 10:09:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libsocialweb
Severity: important
Tags: security
Please see https://bugzilla.redhat.com/show_bug.cgi?id=863206 for
details.
Cheers,
Moritz
Message sent on
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug#690675.
(Tue, 12 Feb 2013 05:27:03 GMT) (full text, mbox, link).
Message #8 received at 690675-submitter@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: tags -1 + patch
Hi,
Upstream has dealt with this issue in git, so pick it up as attached
patch. Please check and apply it (also push to testing).
--
Regards,
Hideki Yamane henrich @ debian.or.jp/org
http://wiki.debian.org/HidekiYamane
[CVE-2012-4511.patch (text/x-diff, attachment)]
Added tag(s) patch.
Request was from Hideki Yamane <henrich@debian.or.jp>
to 690675-submitter@bugs.debian.org.
(Tue, 12 Feb 2013 05:27:03 GMT) (full text, mbox, link).
Information stored
:
Bug#690675; Package libsocialweb.
(Fri, 01 Mar 2013 17:15:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Mühlenhoff <jmm@inutil.org>:
Extra info received and filed, but not forwarded.
(Fri, 01 Mar 2013 17:15:03 GMT) (full text, mbox, link).
Message #15 received at 690675-quiet@bugs.debian.org (full text, mbox, reply):
Hi,
> Upstream has dealt with this issue in git, so pick it up as attached
> patch. Please check and apply it (also push to testing).
Can you NMU this?
Cheers,
Moritz
Message sent on
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug#690675.
(Fri, 01 Mar 2013 17:15:05 GMT) (full text, mbox, link).
Reply sent
to Hideki Yamane <henrich@debian.org>:
You have taken responsibility.
(Sat, 02 Mar 2013 11:06:03 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(Sat, 02 Mar 2013 11:06:03 GMT) (full text, mbox, link).
Message #23 received at 690675-close@bugs.debian.org (full text, mbox, reply):
Source: libsocialweb
Source-Version: 0.25.20-3.1
We believe that the bug you reported is fixed in the latest version of
libsocialweb, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 690675@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hideki Yamane <henrich@debian.org> (supplier of updated libsocialweb package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 02 Mar 2013 19:45:59 +0900
Source: libsocialweb
Binary: libsocialweb0 libsocialweb-common libsocialweb-service libsocialweb-dev libsocialweb-doc libsocialweb0-dbg libsocialweb-client2 libsocialweb-client-dev libsocialweb-client-doc libsocialweb-client2-dbg gir1.2-socialweb-client-0.25
Architecture: source all amd64
Version: 0.25.20-3.1
Distribution: unstable
Urgency: medium
Maintainer: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Changed-By: Hideki Yamane <henrich@debian.org>
Description:
gir1.2-socialweb-client-0.25 - client library to access socialweb server (introspection files)
libsocialweb-client-dev - client library to access socialweb server (development headers)
libsocialweb-client-doc - client library to access socialweb server (documentation)
libsocialweb-client2 - client library to access socialweb server
libsocialweb-client2-dbg - client library to access socialweb server (debug symbols)
libsocialweb-common - socialweb library to fetch data from social service (common files
libsocialweb-dev - socialweb library to fetch data from social service (dev. headers
libsocialweb-doc - socialweb library to fetch data from social service (documentatio
libsocialweb-service - socialweb library to fetch data from social service (dbus service
libsocialweb0 - socialweb library to fetch data from social service
libsocialweb0-dbg - socialweb library to fetch data from social service (debug symbol
Closes: 690675
Changes:
libsocialweb (0.25.20-3.1) unstable; urgency=medium
.
* Non-maintainer upload.
* debian/patches
- add CVE-2012-4511.patch: cherry picking from upstream to solve
CVE-2012-4511 as its name (Closes: #690675)
Checksums-Sha1:
a6f4e66f3437c9d9205b67c61e50796e25bf996a 2860 libsocialweb_0.25.20-3.1.dsc
c0a8febd45006f7904172ef2cab14c92f556ec36 12948 libsocialweb_0.25.20-3.1.debian.tar.gz
0a14f601ab10dd164115ff00eb1bbab480e18b82 61456 libsocialweb-common_0.25.20-3.1_all.deb
c68d6562e15d38d74bc33135460e62b7baf2afd0 35986 libsocialweb-doc_0.25.20-3.1_all.deb
5042c18f91161341e3ad714651cc244f463002c3 18040 libsocialweb-client-doc_0.25.20-3.1_all.deb
9f859e8f0b6d5af37a1dfd55d7badce6e082f73f 142030 libsocialweb0_0.25.20-3.1_amd64.deb
1b4ab3c4af6e12b2943eeff20ee12c1d87834aef 8828 libsocialweb-service_0.25.20-3.1_amd64.deb
172e418a70202374f857cd5ed8c2f8878e11464c 14494 libsocialweb-dev_0.25.20-3.1_amd64.deb
d762013d9de022609d05cadc7fc6e8fb21bb0883 604492 libsocialweb0-dbg_0.25.20-3.1_amd64.deb
e2d7ead62dc410258aa10c5a8a67d90945d5fa6d 21680 libsocialweb-client2_0.25.20-3.1_amd64.deb
7e083471b07757726a5517fd60e95e6818cb51f9 12946 libsocialweb-client-dev_0.25.20-3.1_amd64.deb
c7211af05b781347157935e409b8eb332db47261 64418 libsocialweb-client2-dbg_0.25.20-3.1_amd64.deb
d59c0ab0abf9eb7c0fec6c1c1a6a8f528b3f3d67 8078 gir1.2-socialweb-client-0.25_0.25.20-3.1_amd64.deb
Checksums-Sha256:
b49110c89c7fce191aeaa5008f7ff6fdcf5781fc28d9a6e962c367f8101c78e8 2860 libsocialweb_0.25.20-3.1.dsc
e8b6a8728fe2ef7c8c9b0601c376f12f1eb6e6af54590cc5fd462acc49041ed9 12948 libsocialweb_0.25.20-3.1.debian.tar.gz
1f456f5a2935a2dc8f9cb3ed002a27973ad7bd530f5931937ffd85c0ecf471a5 61456 libsocialweb-common_0.25.20-3.1_all.deb
aa06de5b00b85a2b4bb16807a70b04bc4707d0ff20396a5264943c7f3cd930a7 35986 libsocialweb-doc_0.25.20-3.1_all.deb
9b757e33ca6c24f35eb915cd359a1908faa9732d136033ed8b899929e10992a3 18040 libsocialweb-client-doc_0.25.20-3.1_all.deb
5d208e1b787ae434a870779dd429a57e595635425c3b5ce52c8f1b702d943287 142030 libsocialweb0_0.25.20-3.1_amd64.deb
c1214bbad77410894298fcec480584136af4ebee19bbc298ceb90e422b3a3f2e 8828 libsocialweb-service_0.25.20-3.1_amd64.deb
f31911720ee62940e069685ba6121d2d87dc6ce5050b7b36eccfe4c522ebb1f2 14494 libsocialweb-dev_0.25.20-3.1_amd64.deb
4eba961b7cbc40bbde67634437285173de4aa3ce3c1e5eabf8a6bc33215658ab 604492 libsocialweb0-dbg_0.25.20-3.1_amd64.deb
cd058617ee1389f558f44272f7c104fd5c873727fde2c5a6bbfc0f3ac4f1abad 21680 libsocialweb-client2_0.25.20-3.1_amd64.deb
12c79b4e5457e87eaac878d1766ada0c361577bd5e0dfbdfba690fbfda24655d 12946 libsocialweb-client-dev_0.25.20-3.1_amd64.deb
f87af2b716040a14d5e403df915878f37e1f98655a240a0ec731f465d30dd347 64418 libsocialweb-client2-dbg_0.25.20-3.1_amd64.deb
b9c68878171e90ad0d3be7f4670bfd8f650abe600baae55db9a9e92499368f70 8078 gir1.2-socialweb-client-0.25_0.25.20-3.1_amd64.deb
Files:
7a1475e26327d480b3e6f9be06dbe80c 2860 web optional libsocialweb_0.25.20-3.1.dsc
22a7222c7b6ca6cc3e66e810a3023970 12948 web optional libsocialweb_0.25.20-3.1.debian.tar.gz
23962574b4f0a75d282990860b29e5e2 61456 misc optional libsocialweb-common_0.25.20-3.1_all.deb
259e2b3548b58b78ccf9bcd67ccb5a04 35986 doc optional libsocialweb-doc_0.25.20-3.1_all.deb
d6454ea422b6a5cb34a9ab7f33b314f8 18040 doc optional libsocialweb-client-doc_0.25.20-3.1_all.deb
03f11776b9e458b631b97f0e88823352 142030 libs optional libsocialweb0_0.25.20-3.1_amd64.deb
03c20ae413296fafbd2f1b4c195cd606 8828 misc optional libsocialweb-service_0.25.20-3.1_amd64.deb
912ad337b7057e2f1d988eb04f4fb975 14494 libdevel optional libsocialweb-dev_0.25.20-3.1_amd64.deb
15f9da4a70bebb22cb5ae9426570d5f5 604492 debug extra libsocialweb0-dbg_0.25.20-3.1_amd64.deb
7cbed286ec774524849d3f0c529f0f41 21680 libs optional libsocialweb-client2_0.25.20-3.1_amd64.deb
f7a1640e1752e9ba8d4d2ee493e4e07b 12946 libdevel optional libsocialweb-client-dev_0.25.20-3.1_amd64.deb
836c1e46ad572ab65e96f939ef1afc3c 64418 debug extra libsocialweb-client2-dbg_0.25.20-3.1_amd64.deb
7f571dea4eff8ffdda4e823233e1bc53 8078 introspection optional gir1.2-socialweb-client-0.25_0.25.20-3.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJRMdk3AAoJEF0yjQgqqrFA8mQP/2FZoAeKJ9QkrfXAEvzk2iSd
m6l0L8o8Fm9t59Pq7SyVtofpXXse+R9MDzZChfSEj0CDie5Br12uOOjbGI2T/qPU
cxG7NeaLd4wRczveGILiHIxElAze4YiX3WsscLElIsYga6jKSbfvmO9DXHGQhznJ
oYZqgPM4lkIUNXzOapPAN/gSFD9DtpBfUrYdNx7RXwb7Td7ZkD8MSD6ZTBma5IfE
UnACkTdmz4jZbrlIdNqLvb2xBEBpAWcCo7UymypJSt+ZLFMwIBM7W2ucGxiiywfN
CwNZ8zThTF/qiJBc/asm0HHeRNX5kO1B6DC3md+DvqPnjMbzSZWY1G2xa7JXxx1b
NuiwwMPCpRDUa15dRcmto7Z80yJ4hnO9YgGFEhajN3EvQSS+gP9nJdR71xSTsOOU
w5F13XaA/nv2YeaZ5zm8YQbvT3oILQvKepeuC27f29+uR8ok+gJPWu8UORhGEFi7
GLU9Z9CmlR2O67d4QWxexFQUMflzKOwlYps3PwskKXvS0QkdAU5l2N+xW8lAEToD
A1fsIlYBvhJ7S5SW20G982q1fAhcJoob8GpwZvFR/f/ZqDGQPTs8tfmALvkbcA8n
KKR+uF4vie6d17vaEAGXp0ZfArNMfpWt3c1T5VNSA2UShkphSElwEQOIA/quFyQc
Bco6ef8jAz8j2puxISvx
=IB1R
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 25 Apr 2013 07:29:19 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:43:39 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon