Debian Bug report logs -
#770513
android-tools: CVE-2014-1909
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Fri, 21 Nov 2014 21:33:02 UTC
Severity: grave
Tags: security
Fixed in version android-tools/4.2.2+git20130529-5.1
Done: Hilko Bengen <bengen@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Android tools Maintainer <android-tools-devel@lists.alioth.debian.org>:
Bug#770513; Package android-tools.
(Fri, 21 Nov 2014 21:33:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Android tools Maintainer <android-tools-devel@lists.alioth.debian.org>.
(Fri, 21 Nov 2014 21:33:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: android-tools
Severity: grave
Tags: security
Justification: user security hole
CVE-2014-1909 was assigned to the first section of
http://www.droidsec.org/advisories/2014/02/04/two-security-issues-found-in-the-android-sdk-tools.html
("ADB Client Stack Buffer Overflow")
Cheers,
Moritz
Reply sent
to Hilko Bengen <bengen@debian.org>:
You have taken responsibility.
(Mon, 24 Nov 2014 21:21:16 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(Mon, 24 Nov 2014 21:21:16 GMT) (full text, mbox, link).
Message #10 received at 770513-close@bugs.debian.org (full text, mbox, reply):
Source: android-tools
Source-Version: 4.2.2+git20130529-5.1
We believe that the bug you reported is fixed in the latest version of
android-tools, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 770513@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hilko Bengen <bengen@debian.org> (supplier of updated android-tools package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 24 Nov 2014 21:35:22 +0100
Source: android-tools
Binary: android-tools-adb android-tools-fastboot android-tools-fsutils
Architecture: source amd64
Version: 4.2.2+git20130529-5.1
Distribution: unstable
Urgency: medium
Maintainer: Hilko Bengen <bengen@debian.org>
Changed-By: Hilko Bengen <bengen@debian.org>
Description:
android-tools-adb - Android Debug Bridge CLI tool
android-tools-fastboot - Android Fastboot protocol CLI tool
android-tools-fsutils - Android ext4 utilities with sparse support
Closes: 770513
Changes:
android-tools (4.2.2+git20130529-5.1) unstable; urgency=medium
.
* Non-maintainer upload.
* add patch for CVE-2014-1909 (Closes: #770513)
Checksums-Sha1:
42c3fb8f334fffbf20be0f9439f6f56dd76aae63 1798 android-tools_4.2.2+git20130529-5.1.dsc
96603d31eecd22089c19aded2c46d4d2e6c5a751 17600 android-tools_4.2.2+git20130529-5.1.debian.tar.xz
71003e5f22d35706c3f475c555f54fcb60df1a28 72958 android-tools-adb_4.2.2+git20130529-5.1_amd64.deb
9d45825f07b2bc52edc787ba78966db0d4a48e69 56272 android-tools-fastboot_4.2.2+git20130529-5.1_amd64.deb
5c2320913cc7cc46305390d8b3a7ef51f0a174ef 71900 android-tools-fsutils_4.2.2+git20130529-5.1_amd64.deb
Checksums-Sha256:
f5112e01bad178b26b8d502a10663d1353f5475fe300ecb3077db9d6cc0e23ea 1798 android-tools_4.2.2+git20130529-5.1.dsc
c757cb04584034a683d93958300c44edb03933b5a7c71ef7435a12c985e7b801 17600 android-tools_4.2.2+git20130529-5.1.debian.tar.xz
a8ffb68f5e14b02caee65769c8c19812049ca3a5853c343028eb9e75af502a7e 72958 android-tools-adb_4.2.2+git20130529-5.1_amd64.deb
c094b7e53eb030957cdfab865f68c817d65bf6a1345b10d2982af38d042c3e84 56272 android-tools-fastboot_4.2.2+git20130529-5.1_amd64.deb
270ad759d1fef9cedf894c42b5f559d7386aa1ec4de4cc3880eb44fe8c53c833 71900 android-tools-fsutils_4.2.2+git20130529-5.1_amd64.deb
Files:
00a873105cba93b85363e7e778a8de24 1798 devel extra android-tools_4.2.2+git20130529-5.1.dsc
d4482355a2c5b46f311a59450bd8d307 17600 devel extra android-tools_4.2.2+git20130529-5.1.debian.tar.xz
304d36eda9251660c7d07d7db59daad7 72958 devel extra android-tools-adb_4.2.2+git20130529-5.1_amd64.deb
cd858b3257b250747822ebeea6c69f4a 56272 devel extra android-tools-fastboot_4.2.2+git20130529-5.1_amd64.deb
996732fc455acdcf4682de4f80a2dc95 71900 devel extra android-tools-fsutils_4.2.2+git20130529-5.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlRzl6wACgkQUCgnLz/SlGh+zACg64ewuDNdv5+teOXa2yRtcFWU
zzQAnij8OZ9noEV14ljJX7VYs+2UJYSd
=vSTg
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 28 Dec 2014 07:25:59 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:08:53 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon