Debian Bug report logs -
#584401
CVE-2010-1620: Integer overflow
Reported by: Giuseppe Iuculano <iuculano@debian.org>
Date: Thu, 3 Jun 2010 10:45:01 UTC
Severity: serious
Tags: security
Fixed in version 1.19.3-2
Done: Yavor Doganov <yavor@gnu.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian GNUstep maintainers <pkg-gnustep-maintainers@lists.alioth.debian.org>:
Bug#584401; Package gnustep-base.
(Thu, 03 Jun 2010 10:45:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Giuseppe Iuculano <iuculano@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian GNUstep maintainers <pkg-gnustep-maintainers@lists.alioth.debian.org>.
(Thu, 03 Jun 2010 10:45:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: gnustep-base
Version: 1.19.3-3
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for gnustep-base.
CVE-2010-1620[0]:
| Integer overflow in the load_iface function in Tools/gdomap.c in
| gdomap in GNUstep Base before 1.20.0 might allow context-dependent
| attackers to execute arbitrary code via a (1) file or (2) socket that
| provides configuration data with many entries, leading to a heap-based
| buffer overflow.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1620
http://security-tracker.debian.org/tracker/CVE-2010-1620
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkwHhwoACgkQNxpp46476apFvQCePP+7hUwuYaOJmTnF6vHE9VBS
dBwAnj2OWTbudmv2cee0NuFPGe5u2FxC
=uNR0
-----END PGP SIGNATURE-----
Reply sent
to Yavor Doganov <yavor@gnu.org>:
You have taken responsibility.
(Thu, 03 Jun 2010 11:51:21 GMT) (full text, mbox, link).
Notification sent
to Giuseppe Iuculano <iuculano@debian.org>:
Bug acknowledged by developer.
(Thu, 03 Jun 2010 11:51:21 GMT) (full text, mbox, link).
Message #10 received at 584401-done@bugs.debian.org (full text, mbox, reply):
Version: 1.19.3-2
Both security issues are fixed in the above version. I added the CVE
IDs retroactively, which is probably why the security team still counts
them as unfixed.
Bug No longer marked as found in versions 1.19.3-3.
Request was from Giuseppe Iuculano <iuculano@debian.org>
to control@bugs.debian.org.
(Thu, 03 Jun 2010 14:45:11 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 02 Jul 2010 07:30:56 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:54:39 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon