Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2011-3581

Source

Debian Bug report logs - #647297
CVE-2011-3581: heap overflow flaw in ldns_rr_new_frm_str_internal()

Package: ldns; Maintainer for ldns is Debian DNS Team <team+dns@tracker.debian.org>;

Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>

Date: Tue, 1 Nov 2011 17:30:02 UTC

Severity: grave

Tags: security

Fixed in version ldns/1.6.6-2+squeeze1

Done: Ondřej Surý <ondrej@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Ondřej Surý <ondrej@debian.org>:
Bug#647297; Package ldns. (Tue, 01 Nov 2011 17:30:05 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Ondřej Surý <ondrej@debian.org>. (Tue, 01 Nov 2011 17:30:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: ldns
Severity: grave
Tags: security

Please see https://bugzilla.redhat.com/show_bug.cgi?id=741024
http://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=403

Cheers,
        Moritz

Information forwarded to debian-bugs-dist@lists.debian.org, Ondřej Surý <ondrej@debian.org>:
Bug#647297; Package ldns. (Tue, 22 Nov 2011 20:24:03 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Mühlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Ondřej Surý <ondrej@debian.org>. (Tue, 22 Nov 2011 20:24:03 GMT) (full text, mbox, link).

Message #10 received at 647297@bugs.debian.org (full text, mbox, reply):

On Tue, Nov 01, 2011 at 06:28:48PM +0100, Moritz Muehlenhoff wrote:
> Package: ldns
> Severity: grave
> Tags: security
> 
> Please see https://bugzilla.redhat.com/show_bug.cgi?id=741024
> http://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=403

Ondrey, what's the status?

Cheers,
        Moritz

Reply sent to Ondřej Surý <ondrej@debian.org>:
You have taken responsibility. (Sat, 26 Nov 2011 13:57:25 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer. (Sat, 26 Nov 2011 13:57:25 GMT) (full text, mbox, link).

Message #15 received at 647297-close@bugs.debian.org (full text, mbox, reply):

Source: ldns
Source-Version: 1.6.6-2+squeeze1

We believe that the bug you reported is fixed in the latest version of
ldns, which is due to be installed in the Debian FTP archive:

ldns_1.6.6-2+squeeze1.debian.tar.gz
  to main/l/ldns/ldns_1.6.6-2+squeeze1.debian.tar.gz
ldns_1.6.6-2+squeeze1.dsc
  to main/l/ldns/ldns_1.6.6-2+squeeze1.dsc
ldnsutils_1.6.6-2+squeeze1_amd64.deb
  to main/l/ldns/ldnsutils_1.6.6-2+squeeze1_amd64.deb
libldns-dev_1.6.6-2+squeeze1_amd64.deb
  to main/l/ldns/libldns-dev_1.6.6-2+squeeze1_amd64.deb
libldns1_1.6.6-2+squeeze1_amd64.deb
  to main/l/ldns/libldns1_1.6.6-2+squeeze1_amd64.deb
python-ldns_1.6.6-2+squeeze1_amd64.deb
  to main/l/ldns/python-ldns_1.6.6-2+squeeze1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 647297@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ondřej Surý <ondrej@debian.org> (supplier of updated ldns package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 23 Nov 2011 08:20:55 +0100
Source: ldns
Binary: libldns1 libldns-dev ldnsutils python-ldns
Architecture: source amd64
Version: 1.6.6-2+squeeze1
Distribution: stable-security
Urgency: low
Maintainer: Ondřej Surý <ondrej@debian.org>
Changed-By: Ondřej Surý <ondrej@debian.org>
Description: 
 ldnsutils  - ldns library for DNS programming
 libldns-dev - ldns library for DNS programming
 libldns1   - ldns library for DNS programming
 python-ldns - Python bindings for the ldns library for DNS programming
Closes: 647297
Changes: 
 ldns (1.6.6-2+squeeze1) stable-security; urgency=low
 .
   * Fix heap overflow in ldns_rr_new_frm_str_internal [CVE-2011-3581]
     (Closes: #647297)
Checksums-Sha1: 
 38d966c7397493aba0a6a82c88ac6db686453a6e 1217 ldns_1.6.6-2+squeeze1.dsc
 d9615d6d0021ec35fb089635cba6401bc87ac962 955239 ldns_1.6.6.orig.tar.gz
 554f1411c6949cf4be44045c211612faed340ebd 11912 ldns_1.6.6-2+squeeze1.debian.tar.gz
 1a778e243384b5b3cdbdc07129e1be96db70ff0c 146286 libldns1_1.6.6-2+squeeze1_amd64.deb
 04f679aa85268238e6a29f64e5ac60164e589a0b 556396 libldns-dev_1.6.6-2+squeeze1_amd64.deb
 cd32a9c9369c240b2633ce5ba46a5df2e047e41a 153866 ldnsutils_1.6.6-2+squeeze1_amd64.deb
 5849464ae2ca0cdf7027126e2350917851a50c6d 379378 python-ldns_1.6.6-2+squeeze1_amd64.deb
Checksums-Sha256: 
 3834e960d3baf7c17c14d880aac2e4100512cfa1e19603bf28731b483aaf2633 1217 ldns_1.6.6-2+squeeze1.dsc
 04e001d281434debf13d065bddb51d2f26a2427bcf658127bd3690640e7bff41 955239 ldns_1.6.6.orig.tar.gz
 0a4682d8ce1c551d1e279e83b2db230bc47483f914b4f7449b69976a010bfeb7 11912 ldns_1.6.6-2+squeeze1.debian.tar.gz
 a1b797c10a1fdc82c34032fdeaef62d230a0fca5b5d11e27c8253ca600fc59f6 146286 libldns1_1.6.6-2+squeeze1_amd64.deb
 256ec1747c6aba12a8b2d731fd51fc3247f4892325c70f5f6c2792faab1f4751 556396 libldns-dev_1.6.6-2+squeeze1_amd64.deb
 1c9f93a0206a911642c55ce6e2ab81c9517b12a1c622c6ac7667c094b7a4d3ef 153866 ldnsutils_1.6.6-2+squeeze1_amd64.deb
 2c448aaf10b4ca9d73c110c4473dfa063b4e2d3dc6775896f487d72b430d8bbf 379378 python-ldns_1.6.6-2+squeeze1_amd64.deb
Files: 
 c9f2b7d6e8cc2ba0b072288b29bbfd29 1217 net extra ldns_1.6.6-2+squeeze1.dsc
 f2bff31764c98aa69749070a21199164 955239 net extra ldns_1.6.6.orig.tar.gz
 85a1f90c07aab571923051363d5a23ea 11912 net extra ldns_1.6.6-2+squeeze1.debian.tar.gz
 c80dc94934dc06b53a7ba72f1760fd86 146286 libs extra libldns1_1.6.6-2+squeeze1_amd64.deb
 d4b97291eafcded7de7252f8a49618f4 556396 libdevel extra libldns-dev_1.6.6-2+squeeze1_amd64.deb
 13c6b2de832707867d52a7e1f59e4061 153866 net extra ldnsutils_1.6.6-2+squeeze1_amd64.deb
 154ec0b3f66958ffd174fab2485ee07e 379378 python extra python-ldns_1.6.6-2+squeeze1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk7NAZYACgkQ9OZqfMIN8nO1kgCffSfUWp7TUPTq1iU7+P+Pv2v0
SIUAoKXwrv5BwgKF+mlr3CjTJ3byS6zd
=8irh
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 29 Jan 2012 07:39:29 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 14:25:43 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2011-3581: heap overflow flaw in ldns_rr_new_frm_str_internal()

Debian Bug report logs - #647297
CVE-2011-3581: heap overflow flaw in ldns_rr_new_frm_str_internal()

Vulmon Search

About

Products

Connect

CVE-2011-3581: heap overflow flaw in ldns_rr_new_frm_str_internal()

Debian Bug report logs - #647297 CVE-2011-3581: heap overflow flaw in ldns_rr_new_frm_str_internal()

Vulmon Search

About

Products

Connect

Debian Bug report logs - #647297
CVE-2011-3581: heap overflow flaw in ldns_rr_new_frm_str_internal()