Debian Bug report logs -
#479036
CVE-2008-1996: DoS due to too many connections
Reported by: Steffen Joeris <steffen.joeris@skolelinux.de>
Date: Fri, 2 May 2008 11:57:02 UTC
Severity: normal
Tags: security
Fixed in version licq/1.3.5-6
Done: Frank Lichtenheld <djpig@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#479036; Package licq.
(full text, mbox, link).
Acknowledgement sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
New Bug report received and forwarded. Copy sent to Debian QA Group <packages@qa.debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: licq
Severity: normal
Hi
The following CVE(0) has been issued against licq.
CVE-2008-1996:
licq before 1.3.6 allows remote attackers to cause a denial of service
(file-descriptor exhaustion and application crash) via a large number of
connections.
A proposed patch can be found here(1).
Cheers
Steffen
(0) http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1996
(1) http://www.licq.org/changeset/6146
Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#479036; Package licq.
(full text, mbox, link).
Acknowledgement sent to Frank Lichtenheld <djpig@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>.
(full text, mbox, link).
Message #10 received at 479036@bugs.debian.org (full text, mbox, reply):
On Sat, May 03, 2008 at 05:54:18AM +1000, Steffen Joeris wrote:
> Package: licq
> Severity: normal
>
> The following CVE(0) has been issued against licq.
>
> CVE-2008-1996:
>
> licq before 1.3.6 allows remote attackers to cause a denial of service
> (file-descriptor exhaustion and application crash) via a large number of
> connections.
I will make a QA upload for that.
Gruesse,
--
Frank Lichtenheld <djpig@debian.org>
www: http://www.djpig.de/
Reply sent to Frank Lichtenheld <djpig@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #15 received at 479036-close@bugs.debian.org (full text, mbox, reply):
Source: licq
Source-Version: 1.3.5-6
We believe that the bug you reported is fixed in the latest version of
licq, which is due to be installed in the Debian FTP archive:
licq-dev_1.3.5-6_all.deb
to pool/main/l/licq/licq-dev_1.3.5-6_all.deb
licq-plugin-autoreply_1.3.5-6_i386.deb
to pool/main/l/licq/licq-plugin-autoreply_1.3.5-6_i386.deb
licq-plugin-console_1.3.5-6_i386.deb
to pool/main/l/licq/licq-plugin-console_1.3.5-6_i386.deb
licq-plugin-forwarder_1.3.5-6_i386.deb
to pool/main/l/licq/licq-plugin-forwarder_1.3.5-6_i386.deb
licq-plugin-kde_1.3.5-6_i386.deb
to pool/main/l/licq/licq-plugin-kde_1.3.5-6_i386.deb
licq-plugin-msn_1.3.5-6_i386.deb
to pool/main/l/licq/licq-plugin-msn_1.3.5-6_i386.deb
licq-plugin-osd_1.3.5-6_i386.deb
to pool/main/l/licq/licq-plugin-osd_1.3.5-6_i386.deb
licq-plugin-qt_1.3.5-6_i386.deb
to pool/main/l/licq/licq-plugin-qt_1.3.5-6_i386.deb
licq-plugin-rms_1.3.5-6_i386.deb
to pool/main/l/licq/licq-plugin-rms_1.3.5-6_i386.deb
licq_1.3.5-6.diff.gz
to pool/main/l/licq/licq_1.3.5-6.diff.gz
licq_1.3.5-6.dsc
to pool/main/l/licq/licq_1.3.5-6.dsc
licq_1.3.5-6_i386.deb
to pool/main/l/licq/licq_1.3.5-6_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 479036@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Frank Lichtenheld <djpig@debian.org> (supplier of updated licq package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 02 May 2008 14:36:59 +0200
Source: licq
Binary: licq licq-dev licq-plugin-autoreply licq-plugin-console licq-plugin-forwarder licq-plugin-kde licq-plugin-msn licq-plugin-osd licq-plugin-qt licq-plugin-rms
Architecture: source all i386
Version: 1.3.5-6
Distribution: unstable
Urgency: high
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Frank Lichtenheld <djpig@debian.org>
Description:
licq - ICQ client (base files)
licq-dev - Licq development and header files
licq-plugin-autoreply - autoreply plug-in for Licq
licq-plugin-console - console user interface plug-in for Licq
licq-plugin-forwarder - forwarder plug-in for Licq
licq-plugin-kde - graphical user interface plug-in for Licq using Qt and KDE
licq-plugin-msn - MSN plug-in for Licq
licq-plugin-osd - on-screen display plug-in for Licq
licq-plugin-qt - graphical user interface plug-in for Licq using Qt
licq-plugin-rms - remote management server plug-in for telnet Licq access
Closes: 479036
Changes:
licq (1.3.5-6) unstable; urgency=high
.
* QA Upload
* CVE-2008-1996: Limit maximum number of connections to avoid
DoS attacks. Patch from upstream, pointed out by Steffen Joeris.
(closes: #479036)
Checksums-Sha1:
870be54b8ee85b9325ac4b5bd05852fabe87cbac 1297 licq_1.3.5-6.dsc
3bb029ac3e55b75a8e7728480d82f503297c979d 36549 licq_1.3.5-6.diff.gz
86f794df5a6b468a2266b5df1f316b7fb2aa1f18 90220 licq-dev_1.3.5-6_all.deb
57dbe69ff735ad0d6c2616dada809a5823725489 691072 licq_1.3.5-6_i386.deb
4417feeadf172a2d0004baba80def0ba8f00b8a0 36798 licq-plugin-autoreply_1.3.5-6_i386.deb
4f92543702f1eb629a8d057200c2f469e5a94469 76558 licq-plugin-console_1.3.5-6_i386.deb
8adf09b41531e4eb28a0b659863265ebed8fb88e 37960 licq-plugin-forwarder_1.3.5-6_i386.deb
ec970727d6e7212d520a16becb456494d59413b8 1709420 licq-plugin-kde_1.3.5-6_i386.deb
0f979453397fda6652e4816fdb672c1c444233f5 75378 licq-plugin-msn_1.3.5-6_i386.deb
3e65aae76d7629d42733cb729e0640e17d9ae3c5 56756 licq-plugin-osd_1.3.5-6_i386.deb
a51fa0511f50b550013df1b4feecf740a4308858 1678244 licq-plugin-qt_1.3.5-6_i386.deb
52c2b3e22eff8d2a3f557a333ae74a072e79fa1e 44688 licq-plugin-rms_1.3.5-6_i386.deb
Checksums-Sha256:
adcfabc1e1d7606099270d67e1fd30045c100de8bf9856c3883ed1bf24c038ba 1297 licq_1.3.5-6.dsc
1bf5d0aa01c65ef22e3341db724fbe81830a36021d38626ad4e6e63cd5d6f775 36549 licq_1.3.5-6.diff.gz
e36eba5f9e6b008bbda8a6dfee48cad77e7be050969d535502a616c4af477026 90220 licq-dev_1.3.5-6_all.deb
04bc4cd8bf61fbf70be02f9bd73f31d92edd143f15fd6df6051b127a58d8ef5a 691072 licq_1.3.5-6_i386.deb
727a78acd9d60a8b84171f2e3a22a4520de01069f641d955d401371bd1af3b1e 36798 licq-plugin-autoreply_1.3.5-6_i386.deb
02de38325b9f16bba96104194f351cfea383514d516aa3d21dd4acd714639447 76558 licq-plugin-console_1.3.5-6_i386.deb
6013a3a4bf51524121f3fac79eaba842ceadeebf8eb720e2c5d43418a9eed126 37960 licq-plugin-forwarder_1.3.5-6_i386.deb
8ef8e28225dc3f6289d29df9ca3cdc3d0deda7552563cd78c9158e182f1886d2 1709420 licq-plugin-kde_1.3.5-6_i386.deb
22694763d9606ab28356b82a9f301c96bd687c51837549e4c9af5bb975c98fee 75378 licq-plugin-msn_1.3.5-6_i386.deb
fb2008b5c9d9ac30d5e2e5f5aca061814d432b60aeb56d182985bb38e7621bda 56756 licq-plugin-osd_1.3.5-6_i386.deb
d8b63927e9c80ff5b562a00a63c01bd9210a3f3c7679c346c7f56416f26c8330 1678244 licq-plugin-qt_1.3.5-6_i386.deb
0a240c50b070e833769159d79a0fad5c61267700cf393474e86ff83d69cd4d8e 44688 licq-plugin-rms_1.3.5-6_i386.deb
Files:
f08981c3a73c2968f10402b0885179d9 1297 net optional licq_1.3.5-6.dsc
321d9732284f004e74c99bda0a0d692b 36549 net optional licq_1.3.5-6.diff.gz
b2fbb0605f96daff52c017162095821c 90220 libdevel optional licq-dev_1.3.5-6_all.deb
c167a4b4b6f10545e93bc7f7889f6725 691072 net optional licq_1.3.5-6_i386.deb
d0ed403d1309837e29dfd11fdddb9057 36798 net optional licq-plugin-autoreply_1.3.5-6_i386.deb
fbe94ce00166e9240d8b069d4bdc850f 76558 net optional licq-plugin-console_1.3.5-6_i386.deb
e034ed4f1d3244352afcd01de08092e9 37960 net optional licq-plugin-forwarder_1.3.5-6_i386.deb
41b4b4d3a54e4964b466c7d11bf0e935 1709420 net optional licq-plugin-kde_1.3.5-6_i386.deb
02cdb6ea3d55226c61f5f7f6d2302033 75378 net optional licq-plugin-msn_1.3.5-6_i386.deb
87025b672cc5a3b4f1f17d3a3282064f 56756 net optional licq-plugin-osd_1.3.5-6_i386.deb
7006550be3c501aee4abebe676ce6a2f 1678244 net optional licq-plugin-qt_1.3.5-6_i386.deb
2265b1805cd125f767c9112fa9e74032 44688 net optional licq-plugin-rms_1.3.5-6_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIGxoKQbn06FtxPfARAv+AAJ9QHn9mlX4kUSzh/L7sLh+xM8wAfQCgvjot
LwiK7rLFUq8nx44hgiQ1EZw=
=cVL+
-----END PGP SIGNATURE-----
Tags added: security
Request was from Frank Lichtenheld <djpig@debian.org>
to control@bugs.debian.org.
(Fri, 02 May 2008 15:33:02 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 06 Jun 2008 07:32:38 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:46:06 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon