Debian Bug report logs -
#411944
CVE-2007-1006: format string overflows
Reported by: Kees Cook <kees@outflux.net>
Date: Thu, 22 Feb 2007 00:27:05 UTC
Severity: grave
Tags: confirmed, fixed-upstream, patch, security, upstream
Found in version ekiga/2.0.3-2
Fixed in versions ekiga/2.0.3-2.1, ekiga/2.0.3-3
Done: Loic Minier <lool@dooz.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Kilian Krause <kilian@debian.org>:
Bug#411944; Package ekiga.
(full text, mbox, link).
Acknowledgement sent to Kees Cook <kees@outflux.net>:
New Bug report received and forwarded. Copy sent to Kilian Krause <kilian@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: ekiga
Version: 2.0.3-2
Severity: grave
Tags: patch, security, fixed-upstream
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1006 says:
"Multiple format string vulnerabilities in the
gm_main_window_flash_message function in Ekiga before 2.0.5 allow
attackers to cause a denial of service and possibly execute arbitrary
code via a crafted Q.931 SETUP packet."
See attached patch for upstream fix.
--
Kees Cook @outflux.net
[ekiga.patch (text/x-diff, attachment)]
Tags added: upstream, confirmed
Request was from Loic Minier <lool@dooz.org>
to control@bugs.debian.org.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Kilian Krause <kilian@debian.org>:
Bug#411944; Package ekiga.
(full text, mbox, link).
Acknowledgement sent to Martin Zobel-Helas <zobel@ftbfs.de>:
Extra info received and forwarded to list. Copy sent to Kilian Krause <kilian@debian.org>.
(full text, mbox, link).
Message #12 received at 411944@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
tags 411944 + patch
thanks
Hi,
Attached is the diff for my ekiga 2.0.3-2.1 NMU.
Greetings
Martin
[ekiga-2.0.3-2.1-nmu.diff (text/x-diff, attachment)]
Tags added: patch
Request was from Martin Zobel-Helas <zobel@ftbfs.de>
to control@bugs.debian.org.
(full text, mbox, link).
Reply sent to Martin Zobel-Helas <zobel@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Kees Cook <kees@outflux.net>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #19 received at 411944-close@bugs.debian.org (full text, mbox, reply):
Source: ekiga
Source-Version: 2.0.3-2.1
We believe that the bug you reported is fixed in the latest version of
ekiga, which is due to be installed in the Debian FTP archive:
ekiga_2.0.3-2.1.diff.gz
to pool/main/e/ekiga/ekiga_2.0.3-2.1.diff.gz
ekiga_2.0.3-2.1.dsc
to pool/main/e/ekiga/ekiga_2.0.3-2.1.dsc
ekiga_2.0.3-2.1_i386.deb
to pool/main/e/ekiga/ekiga_2.0.3-2.1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 411944@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Martin Zobel-Helas <zobel@debian.org> (supplier of updated ekiga package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 26 Feb 2007 23:35:33 +0100
Source: ekiga
Binary: ekiga
Architecture: source i386
Version: 2.0.3-2.1
Distribution: unstable
Urgency: high
Maintainer: Kilian Krause <kilian@debian.org>
Changed-By: Martin Zobel-Helas <zobel@debian.org>
Description:
ekiga - H.323 and SIP compatible VOIP client
Closes: 411944
Changes:
ekiga (2.0.3-2.1) unstable; urgency=high
.
* Non-maintainer upload.
* NMU to apply patch from BTS to fix CVE 2007-1006 (Closes: #411944)
Files:
a56b9ca253ac03ea9c5fc1a74b203e0a 1724 gnome optional ekiga_2.0.3-2.1.dsc
e888653aa60de385420e63b4ae1c4946 11777 gnome optional ekiga_2.0.3-2.1.diff.gz
0bbbb191d00d9732f905c131fa978062 5497132 gnome optional ekiga_2.0.3-2.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFF42gGST77jl1k+HARAvrYAKDbkWtNy4/Cnb4lYed4o4y8d1/fUwCeJtsh
ettn8wAuSz67cdEIA02oosU=
=7yoO
-----END PGP SIGNATURE-----
Reply sent to Loic Minier <lool@dooz.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Kees Cook <kees@outflux.net>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #24 received at 411944-close@bugs.debian.org (full text, mbox, reply):
Source: ekiga
Source-Version: 2.0.3-3
We believe that the bug you reported is fixed in the latest version of
ekiga, which is due to be installed in the Debian FTP archive:
ekiga_2.0.3-3.diff.gz
to pool/main/e/ekiga/ekiga_2.0.3-3.diff.gz
ekiga_2.0.3-3.dsc
to pool/main/e/ekiga/ekiga_2.0.3-3.dsc
ekiga_2.0.3-3_i386.deb
to pool/main/e/ekiga/ekiga_2.0.3-3_i386.deb
gnomemeeting_2.0.3-3_all.deb
to pool/main/e/ekiga/gnomemeeting_2.0.3-3_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 411944@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Loic Minier <lool@dooz.org> (supplier of updated ekiga package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 4 Mar 2007 11:31:43 +0100
Source: ekiga
Binary: gnomemeeting ekiga
Architecture: source i386 all
Version: 2.0.3-3
Distribution: unstable
Urgency: high
Maintainer: Kilian Krause <kilian@debian.org>
Changed-By: Loic Minier <lool@dooz.org>
Description:
ekiga - H.323 and SIP compatible VOIP client
gnomemeeting - Dummy transition package of GnomeMeeting for Ekiga
Closes: 399336 411944
Changes:
ekiga (2.0.3-3) unstable; urgency=high
.
[ Kilian Krause ]
* Add transparency to tray icon. (Closes: #399336)
.
[ Loic Minier ]
* Merge diff from 2.0.3-2.1 NMU; thanks Martin Zobel-Helas; closes: #411944.
* Bump up Standards-Version to 3.7.2.
* Remove trailing whitespace in rules and control.
* Add a dummy gnomemeeting transition package; add .install file, rename
other debhelper files with an "ekiga." prefix.
* Add gnomemeeting.NEWS to explain the transition.
Files:
4fa65fb5f9f0f5f669844a0ab4378cae 1734 gnome optional ekiga_2.0.3-3.dsc
f1fdf0a967fc970a98cfd7715fb248fb 15761 gnome optional ekiga_2.0.3-3.diff.gz
8057371fcdb91c754ad36c7a0569f96f 5497414 gnome optional ekiga_2.0.3-3_i386.deb
ecbb3afefe95211fc36d58b9761f1cad 141692 gnome optional gnomemeeting_2.0.3-3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFF6qEs4VUX8isJIMARAgVlAJoDzA5Y7oDl6cw6ypWszsbckIXxlgCeOkHd
zby3BjCXXpMpQNKVQvnJKxM=
=rSrf
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 03 Aug 2007 07:34:25 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:25:58 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon