Debian Bug report logs -
#654785
CVE-2011-4620: Buffer overflow
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Thu, 5 Jan 2012 18:51:24 UTC
Severity: grave
Tags: security
Found in version 1.8.5-5
Fixed in versions plib/1.8.5-5.1, plib/1.8.5-5+squeeze1
Done: Aron Xu <aron@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Bradley Smith <bradsmith@debian.org>:
Bug#654785; Package src:plib.
(Thu, 05 Jan 2012 18:51:26 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Bradley Smith <bradsmith@debian.org>.
(Thu, 05 Jan 2012 18:51:26 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: plib
Severity: grave
Tags: security
Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4620
for references.
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Bradley Smith <bradsmith@debian.org>:
Bug#654785; Package src:plib.
(Sun, 15 Jan 2012 19:27:09 GMT) (full text, mbox, link).
Acknowledgement sent
to Luk Claes <luk@debian.org>:
Extra info received and forwarded to list. Copy sent to Bradley Smith <bradsmith@debian.org>.
(Sun, 15 Jan 2012 19:27:09 GMT) (full text, mbox, link).
Message #10 received at 654785@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: plib
Version: 1.8.5-5
Severity: normal
Tags: patch pending
Dear maintainer,
I've prepared an NMU for plib (versioned as 1.8.5-5.1) and
uploaded it to DELAYED/02. Please feel free to tell me if I
should delay it longer.
Cheers
Luk
[plib-1.8.5-5.1-nmu.diff (text/x-diff, attachment)]
Reply sent
to Luk Claes <luk@debian.org>:
You have taken responsibility.
(Tue, 17 Jan 2012 19:51:13 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Tue, 17 Jan 2012 19:51:14 GMT) (full text, mbox, link).
Message #15 received at 654785-close@bugs.debian.org (full text, mbox, reply):
Source: plib
Source-Version: 1.8.5-5.1
We believe that the bug you reported is fixed in the latest version of
plib, which is due to be installed in the Debian FTP archive:
libplib-dev_1.8.5-5.1_i386.deb
to main/p/plib/libplib-dev_1.8.5-5.1_i386.deb
libplib1_1.8.5-5.1_i386.deb
to main/p/plib/libplib1_1.8.5-5.1_i386.deb
plib_1.8.5-5.1.diff.gz
to main/p/plib/plib_1.8.5-5.1.diff.gz
plib_1.8.5-5.1.dsc
to main/p/plib/plib_1.8.5-5.1.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 654785@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luk Claes <luk@debian.org> (supplier of updated plib package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 15 Jan 2012 20:13:07 +0100
Source: plib
Binary: libplib1 libplib-dev
Architecture: source i386
Version: 1.8.5-5.1
Distribution: unstable
Urgency: high
Maintainer: Bradley Smith <bradsmith@debian.org>
Changed-By: Luk Claes <luk@debian.org>
Description:
libplib-dev - Portability Libraries: Development package
libplib1 - Portability Libraries: Run-time package
Closes: 633178 654785
Changes:
plib (1.8.5-5.1) unstable; urgency=high
.
* Non-maintainer upload.
* Use vsnprintf to fix buffer overflow CVE-2011-4620 (Closes: #654785).
* Don't install .la file anymore (Closes: #633178).
Checksums-Sha1:
9ea096a2000ad951a9791c1025d3f802d81ba645 1297 plib_1.8.5-5.1.dsc
952a3ecd049ec7e1aa021f5d726ea61281eb9b94 9855 plib_1.8.5-5.1.diff.gz
dc3fc234ee21a29f683eb24b402d530713bd8ae5 645804 libplib1_1.8.5-5.1_i386.deb
63bc5eca85da452934896a25055fc43828c350d2 857360 libplib-dev_1.8.5-5.1_i386.deb
Checksums-Sha256:
c8b8199d4dedb03326f2c7c0ab8c659bf9f475aaea0f6c4c447e93edef43ead3 1297 plib_1.8.5-5.1.dsc
ad93f34e86b8dd02be59a7105b77d7262a970b766e65b83b808c5f559189f0a0 9855 plib_1.8.5-5.1.diff.gz
7d2ff84baf78518720040c7ca8a2818775bbe6cd92cfc8bdee5db1dbad99859b 645804 libplib1_1.8.5-5.1_i386.deb
4b764bc560cf82ae6d3df7d1e897730ce9a32f62cc2b5c8b62de10471d67af6d 857360 libplib-dev_1.8.5-5.1_i386.deb
Files:
bcf9575cc57083216f698469bc750169 1297 devel extra plib_1.8.5-5.1.dsc
348d9d4163b23efb1ef0e229bfb6b12d 9855 devel extra plib_1.8.5-5.1.diff.gz
90fd46c7b0a0340f0aae6fca07aff64c 645804 libs extra libplib1_1.8.5-5.1_i386.deb
03b08ecef3e41e29454ced24a967af3b 857360 libdevel extra libplib-dev_1.8.5-5.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk8TJ+IACgkQ5UTeB5t8Mo1B6gCeLGC89+yca1WpudNs8+W/0OL1
H6oAn2ngBp7UaODPDc9KNyZuLBWh+TDF
=xkrE
-----END PGP SIGNATURE-----
Reply sent
to Aron Xu <aron@debian.org>:
You have taken responsibility.
(Sun, 04 Mar 2012 22:51:07 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Sun, 04 Mar 2012 22:51:07 GMT) (full text, mbox, link).
Message #20 received at 654785-close@bugs.debian.org (full text, mbox, reply):
Source: plib
Source-Version: 1.8.5-5+squeeze1
We believe that the bug you reported is fixed in the latest version of
plib, which is due to be installed in the Debian FTP archive:
libplib-dev_1.8.5-5+squeeze1_amd64.deb
to main/p/plib/libplib-dev_1.8.5-5+squeeze1_amd64.deb
libplib1_1.8.5-5+squeeze1_amd64.deb
to main/p/plib/libplib1_1.8.5-5+squeeze1_amd64.deb
plib_1.8.5-5+squeeze1.diff.gz
to main/p/plib/plib_1.8.5-5+squeeze1.diff.gz
plib_1.8.5-5+squeeze1.dsc
to main/p/plib/plib_1.8.5-5+squeeze1.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 654785@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aron Xu <aron@debian.org> (supplier of updated plib package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 01 Mar 2012 20:39:21 +0800
Source: plib
Binary: libplib1 libplib-dev
Architecture: source amd64
Version: 1.8.5-5+squeeze1
Distribution: stable-security
Urgency: high
Maintainer: Bradley Smith <bradsmith@debian.org>
Changed-By: Aron Xu <aron@debian.org>
Description:
libplib-dev - Portability Libraries: Development package
libplib1 - Portability Libraries: Run-time package
Closes: 654785
Changes:
plib (1.8.5-5+squeeze1) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Use vsnprintf to fix buffer overflow CVE-2011-4620 (Closes: #654785).
Checksums-Sha1:
f973bdd0d171298153245dd2e6a6abd62b81f827 1550 plib_1.8.5-5+squeeze1.dsc
c2cf7e3e1e58f7b63dae4bb21e4fa82c3e4d4cfc 779133 plib_1.8.5.orig.tar.gz
5fce9466c9208783c91c83017a478fc65526ca65 10028 plib_1.8.5-5+squeeze1.diff.gz
74351f525659e9f5cc582907c04bcb7bcd6850ba 643686 libplib1_1.8.5-5+squeeze1_amd64.deb
abf94656310d647b739d8c3a9a9ee56c3e640eee 933860 libplib-dev_1.8.5-5+squeeze1_amd64.deb
Checksums-Sha256:
2d42d73c94dbef8ef49fef597ef3971d265741b1d04b4c7bdac3925c6f31a307 1550 plib_1.8.5-5+squeeze1.dsc
485b22bf6fdc0da067e34ead5e26f002b76326f6371e2ae006415dea6a380a32 779133 plib_1.8.5.orig.tar.gz
88d5d67f9bb5f1628536dd1264614b1ab737db7af7c711746565ac6ff1e3377b 10028 plib_1.8.5-5+squeeze1.diff.gz
cf7a5dc153d65edf02b2db6460a0a940951bb49e95c553055135d59b74ea58d4 643686 libplib1_1.8.5-5+squeeze1_amd64.deb
6a3f5bda4a35d788415f18807ceab8486697c3430b3d676e01d74b219306c67c 933860 libplib-dev_1.8.5-5+squeeze1_amd64.deb
Files:
ae02ad1184ace2a0fd417df32d586556 1550 devel extra plib_1.8.5-5+squeeze1.dsc
47a6fbf63668c1eed631024038b2ea90 779133 devel extra plib_1.8.5.orig.tar.gz
30d96b19bc1fe7f5d790c30778d9a5af 10028 devel extra plib_1.8.5-5+squeeze1.diff.gz
37c392a09e57d454a86780fe3241d662 643686 libs extra libplib1_1.8.5-5+squeeze1_amd64.deb
cdcf7d0fccc79cc44b2b386c7a53431e 933860 libdevel extra libplib-dev_1.8.5-5+squeeze1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBCgAGBQJPU6Z8AAoJEIAhAkTu07wNdQwIANQFZFO79oXqwtQcLtF0EEb8
XqZLG3lbVDX2pBaVhRm2o350gm40Qd5gT6L0xLu7r2n9kt5h0hEEIqETyyW7wnV2
DE7dSWVZHDo+vXFghBH+5pV3PQiYagF/g4+5Oii46tHyWO3N94Sw1XQ1vjLoHj1H
aEl/dkzReYq6g6sBKwjwacQoNCsLDuOKvHTRpqJfAtR5+DpbDwk4wptw7rtrYgO3
NoOKZ1yb4M+lMz5ScIiGHja8PEdzzZdNeiy4vDI3T5ZDLo7lmSXxN72RUoV+xG0t
f1Hd1kqGS4V96Jg1+iZBhbOn6Xcp/R/W69aeNBpdBMHg/jiI25h7e9QjKaKfHQE=
=ojp/
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 13 May 2012 07:49:48 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:28:57 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon