Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2008-5030

Source

Debian Bug report logs - #505478
CVE-2008-5030: Buffer overflow

Package: libcdaudio; Maintainer for libcdaudio is Debian QA Group <packages@qa.debian.org>;

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Wed, 12 Nov 2008 21:21:01 UTC

Severity: grave

Tags: security

Fixed in version libcdaudio/0.99.12p2-7

Done: Daniel Baumann <daniel@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Daniel Baumann <daniel@debian.org>:
Bug#505478; Package libcdaudio. (Wed, 12 Nov 2008 21:21:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Daniel Baumann <daniel@debian.org>. (Wed, 12 Nov 2008 21:21:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

Package: libcdaudio
Severity: grave
Tags: security
Justification: user security hole

Hi Daniel, please see
http://www.openwall.com/lists/oss-security/2008/11/05/1
http://www.openwall.com/lists/oss-security/2008/11/07/1

I'm attaching the dpatch I'm using for stable-security for your
convenience. Please upload to unstable with urgency=high and
pester the RMs.

Cheers,
        Moritz

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

[02-cddb-bufferoverflow.dpatch (text/x-shellscript, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Daniel Baumann <daniel@debian.org>:
Bug#505478; Package libcdaudio. (Wed, 12 Nov 2008 21:50:32 GMT) (full text, mbox, link).

Acknowledgement sent to daniel@debian.org:
Extra info received and forwarded to list. Copy sent to Daniel Baumann <daniel@debian.org>. (Wed, 12 Nov 2008 21:50:57 GMT) (full text, mbox, link).

Message #10 received at 505478@bugs.debian.org (full text, mbox, reply):

Moritz Muehlenhoff wrote:
> Package: libcdaudio
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> Hi Daniel, please see
> http://www.openwall.com/lists/oss-security/2008/11/05/1
> http://www.openwall.com/lists/oss-security/2008/11/07/1
> 
> I'm attaching the dpatch I'm using for stable-security for your
> convenience.

thanks.

> Please upload to unstable with urgency=high

done.

> and pester the RMs.

done hereby.

-- 
Address:        Daniel Baumann, Burgunderstrasse 3, CH-4562 Biberist
Email:          daniel.baumann@panthera-systems.net
Internet:       http://people.panthera-systems.net/~daniel-baumann/

Information forwarded to debian-bugs-dist@lists.debian.org, Daniel Baumann <daniel@debian.org>:
Bug#505478; Package libcdaudio. (Wed, 12 Nov 2008 22:17:47 GMT) (full text, mbox, link).

Acknowledgement sent to Luk Claes <luk@debian.org>:
Extra info received and forwarded to list. Copy sent to Daniel Baumann <daniel@debian.org>. (Wed, 12 Nov 2008 22:17:49 GMT) (full text, mbox, link).

Message #15 received at 505478@bugs.debian.org (full text, mbox, reply):

Daniel Baumann wrote:
> Moritz Muehlenhoff wrote:
>> Package: libcdaudio
>> Severity: grave
>> Tags: security
>> Justification: user security hole
>>
>> Hi Daniel, please see
>> http://www.openwall.com/lists/oss-security/2008/11/05/1
>> http://www.openwall.com/lists/oss-security/2008/11/07/1
>>
>> I'm attaching the dpatch I'm using for stable-security for your
>> convenience.
> 
> thanks.
> 
>> Please upload to unstable with urgency=high
> 
> done.

unblocked

Cheers

Luk

Reply sent to Daniel Baumann <daniel@debian.org>:
You have taken responsibility. (Wed, 12 Nov 2008 22:18:14 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Wed, 12 Nov 2008 22:18:18 GMT) (full text, mbox, link).

Message #20 received at 505478-close@bugs.debian.org (full text, mbox, reply):

Source: libcdaudio
Source-Version: 0.99.12p2-7

We believe that the bug you reported is fixed in the latest version of
libcdaudio, which is due to be installed in the Debian FTP archive:

libcdaudio-dbg_0.99.12p2-7_i386.deb
  to pool/main/libc/libcdaudio/libcdaudio-dbg_0.99.12p2-7_i386.deb
libcdaudio-dev_0.99.12p2-7_i386.deb
  to pool/main/libc/libcdaudio/libcdaudio-dev_0.99.12p2-7_i386.deb
libcdaudio1_0.99.12p2-7_i386.deb
  to pool/main/libc/libcdaudio/libcdaudio1_0.99.12p2-7_i386.deb
libcdaudio_0.99.12p2-7.diff.gz
  to pool/main/libc/libcdaudio/libcdaudio_0.99.12p2-7.diff.gz
libcdaudio_0.99.12p2-7.dsc
  to pool/main/libc/libcdaudio/libcdaudio_0.99.12p2-7.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 505478@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Daniel Baumann <daniel@debian.org> (supplier of updated libcdaudio package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 12 Nov 2008 22:34:00 +0100
Source: libcdaudio
Binary: libcdaudio1 libcdaudio-dev libcdaudio-dbg
Architecture: source i386
Version: 0.99.12p2-7
Distribution: unstable
Urgency: high
Maintainer: Daniel Baumann <daniel@debian.org>
Changed-By: Daniel Baumann <daniel@debian.org>
Description: 
 libcdaudio-dbg - library for controlling a CD-ROM when playing audio CDs (debug)
 libcdaudio-dev - library for controlling a CD-ROM when playing audio CDs (developm
 libcdaudio1 - library for controlling a CD-ROM when playing audio CDs
Closes: 505478
Changes: 
 libcdaudio (0.99.12p2-7) unstable; urgency=high
 .
   * Updating vcs fields in control file.
   * Using patch-stamp rather than patch in rules file.
   * Replacing obsolete dh_clean -k with dh_prep.
   * Adding patch from Moritz Muehlenhoff <jmm@inutil.org> to fix bufferoverflow
     with CDDB handling [CVE-2008-5030] (Closes: #505478).
Checksums-Sha1: 
 3eebf514cfd8dc70a4f1fecd1567cd026ed8320b 1211 libcdaudio_0.99.12p2-7.dsc
 2c6a025d674edf82b6dc8ded767b177984188245 5227 libcdaudio_0.99.12p2-7.diff.gz
 9c12e89cafd2a0714695ddd683c0a0ca68c6c434 44804 libcdaudio1_0.99.12p2-7_i386.deb
 15c1c80d0a3c546ec5db2d2689a41efa0dce440d 48350 libcdaudio-dev_0.99.12p2-7_i386.deb
 38402fb5cb166d14122f89007a5b0249655524e1 47506 libcdaudio-dbg_0.99.12p2-7_i386.deb
Checksums-Sha256: 
 c809cd5f634ac2f6e55f0fbe5dca73617000f535e4a643111823534f5ca99c46 1211 libcdaudio_0.99.12p2-7.dsc
 3a5144408aeb24b1e03495ab64ff0ec0ef91612be6d8d4bb80387e8d6bbcf7e4 5227 libcdaudio_0.99.12p2-7.diff.gz
 de499d70fdc24fb0d2a22fa3969709ff0dd9dd5930eaf9e2f6d1df630220d876 44804 libcdaudio1_0.99.12p2-7_i386.deb
 f60d407b9e7a0d131b8f9dd6a35239212a4439a0b5a29e91e8911e15fa52269a 48350 libcdaudio-dev_0.99.12p2-7_i386.deb
 63ddf4126787121d50445fb8698a9d309312f1e800caf0550e298f427ce8df1a 47506 libcdaudio-dbg_0.99.12p2-7_i386.deb
Files: 
 80f88403871f9c4001393ea5cfa439e5 1211 libs optional libcdaudio_0.99.12p2-7.dsc
 3fde3ac0eee70c540830e8ba454304f3 5227 libs optional libcdaudio_0.99.12p2-7.diff.gz
 3814f9ca102514906e082abec18d43bb 44804 libs optional libcdaudio1_0.99.12p2-7_i386.deb
 9f6fd3c6c109c7d9df94f4c14c717c4c 48350 libdevel optional libcdaudio-dev_0.99.12p2-7_i386.deb
 7ec980026dc2d05a85740dbfd08c51b5 47506 devel extra libcdaudio-dbg_0.99.12p2-7_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEUEARECAAYFAkkbTG0ACgkQ+C5cwEsrK54VKgCg4PW7BXHYFGmj/cZqVH0Uz62s
P8IAl2zpWHRlB2VJ1XjtM9lj0CBEudU=
=FPlA
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 19 Dec 2008 07:32:43 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 18:36:47 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-5030: Buffer overflow

Debian Bug report logs - #505478
CVE-2008-5030: Buffer overflow

Vulmon Search

About

Products

Connect

CVE-2008-5030: Buffer overflow

Debian Bug report logs - #505478 CVE-2008-5030: Buffer overflow

Vulmon Search

About

Products

Connect

Debian Bug report logs - #505478
CVE-2008-5030: Buffer overflow