Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2015-5177

Related Vulnerabilities: CVE-2015-5177  

Source

Debian Bug report logs - #795429
CVE-2015-5177

version graph

Package: src:openslp-dfsg; Maintainer for src:openslp-dfsg is Debian QA Group <packages@qa.debian.org>;

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Thu, 13 Aug 2015 22:00:02 UTC

Severity: grave

Tags: security

Found in versions 1.2.1-10, openslp-dfsg/1.2.1-7

Fixed in versions openslp-dfsg/1.2.1-7.8+deb6u1, openslp-dfsg/1.2.1-9+deb7u1, openslp-dfsg/1.2.1-10+deb8u1, openslp-dfsg/1.2.1-11

Done: Salvatore Bonaccorso <carnil@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#795429; Package src:openslp-dfsg. (Thu, 13 Aug 2015 22:00:06 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian QA Group <packages@qa.debian.org>. (Thu, 13 Aug 2015 22:00:06 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2015-5177
Date: Thu, 13 Aug 2015 23:57:11 +0200
Source: openslp-dfsg
Severity: grave
Tags: security

Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5177

Cheers,
        Moritz

Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#795429; Package src:openslp-dfsg. (Fri, 28 Aug 2015 19:51:07 GMT) (full text, mbox, link).

Acknowledgement sent to Marc Deslauriers <marc.deslauriers@ubuntu.com>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Fri, 28 Aug 2015 19:51:07 GMT) (full text, mbox, link).

Message #10 received at 795429@bugs.debian.org (full text, mbox, reply):

From: Marc Deslauriers <marc.deslauriers@ubuntu.com>
To: Debian Bug Tracking System <795429@bugs.debian.org>
Subject: Re: CVE-2015-5177
Date: Fri, 28 Aug 2015 15:49:48 -0400
[Message part 1 (text/plain, inline)]
Package: openslp-dfsg
Version: 1.2.1-10
Followup-For: Bug #795429
User: ubuntu-devel@lists.ubuntu.com
Usertags: origin-ubuntu wily ubuntu-patch



*** /tmp/tmpHzlE84/bug_body

In Ubuntu, the attached patch was applied to achieve the following:

  * SECURITY UPDATE: denial of service via double free flaw
    - debian/patches/CVE-2015-5177.patch: fix double free if
      SLPDKnownDAAdd() fails in slpd/slpd_knownda.c.
    - CVE-2015-5177


Thanks for considering the patch.


-- System Information:
Debian Release: jessie/sid
  APT prefers vivid-updates
  APT policy: (500, 'vivid-updates'), (500, 'vivid-security'), (500, 'vivid-proposed'), (500, 'vivid'), (100, 'vivid-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.19.0-27-generic (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

[openslp-dfsg_1.2.1-10ubuntu1.debdiff (text/x-diff, attachment)]

Marked as found in versions openslp-dfsg/1.2.1-7. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 04 Sep 2015 10:39:08 GMT) (full text, mbox, link).

Marked as fixed in versions openslp-dfsg/1.2.1-7.8+deb6u1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 04 Sep 2015 10:48:05 GMT) (full text, mbox, link).

Marked as fixed in versions openslp-dfsg/1.2.1-9+deb7u1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sat, 05 Sep 2015 16:18:07 GMT) (full text, mbox, link).

Marked as fixed in versions openslp-dfsg/1.2.1-10+deb8u1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sat, 05 Sep 2015 16:18:08 GMT) (full text, mbox, link).

Reply sent to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility. (Sat, 05 Sep 2015 16:21:04 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Sat, 05 Sep 2015 16:21:04 GMT) (full text, mbox, link).

Message #23 received at 795429-done@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: 795429-done@bugs.debian.org
Subject: Re: Bug#795429: CVE-2015-5177
Date: Sat, 5 Sep 2015 18:18:50 +0200
Source: openslp-dfsg
Source-Version: 1.2.1-11

This was fixed in unstable with the 1.2.1-11 upload, closing #795429
accordingly.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 24 Jan 2016 07:29:01 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 16:53:30 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started