Debian Bug report logs -
#379064
dumb: CVE-2006-3668: arbitrary code execution
Reported by: Alec Berryman <alec@thened.net>
Date: Thu, 20 Jul 2006 22:48:06 UTC
Severity: serious
Tags: security
Fixed in versions libdumb/1:0.9.3-5, libdumb/1:0.9.2-6
Done: Sam Hocevar (Debian packages) <sam+deb@zoy.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian allegro packages maintainers <pkg-allegro-maintainers@lists.alioth.debian.org>:
Bug#379064; Package libdumb.
(full text, mbox, link).
Acknowledgement sent to Alec Berryman <alec@thened.net>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian allegro packages maintainers <pkg-allegro-maintainers@lists.alioth.debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libdumb
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
CVE-2006-3668: "Heap-based buffer overflow in the it_read_envelope
function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and
earlier, and current CVS as of 20060716, allows user-complicit attackers
to execute arbitrary code via a ".it" (Impulse Tracker) file with an
enveloper with a large number of nodes."
There is a proof-of-concept expoit [1] in the original advisory [2]. I
have not verified the issue. Sarge is probably vulnerable. I do not
see an upstream patch, but the original advisory suggests that the issue
will be fixed in the next version.
Please mention the CVE in your changelog.
Thanks,
Alec
[1] http://aluigi.org/poc/dumbit.zip
[2] http://aluigi.altervista.org/adv/dumbit-adv.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEwAMzAud/2YgchcQRAnROAKCAbMTcW5DcUY9cNysbNEC1cgKznQCgxeZU
bHCS1r8WWutRKUbCIaRRHw8=
=26dP
-----END PGP SIGNATURE-----
Reply sent to Sam Hocevar (Debian packages) <sam+deb@zoy.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Alec Berryman <alec@thened.net>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #10 received at 379064-close@bugs.debian.org (full text, mbox, reply):
Source: libdumb
Source-Version: 1:0.9.3-5
We believe that the bug you reported is fixed in the latest version of
libdumb, which is due to be installed in the Debian FTP archive:
libaldmb1-dev_0.9.3-5_i386.deb
to pool/main/libd/libdumb/libaldmb1-dev_0.9.3-5_i386.deb
libaldmb1_0.9.3-5_i386.deb
to pool/main/libd/libdumb/libaldmb1_0.9.3-5_i386.deb
libdumb1-dev_0.9.3-5_i386.deb
to pool/main/libd/libdumb/libdumb1-dev_0.9.3-5_i386.deb
libdumb1_0.9.3-5_i386.deb
to pool/main/libd/libdumb/libdumb1_0.9.3-5_i386.deb
libdumb_0.9.3-5.diff.gz
to pool/main/libd/libdumb/libdumb_0.9.3-5.diff.gz
libdumb_0.9.3-5.dsc
to pool/main/libd/libdumb/libdumb_0.9.3-5.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 379064@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sam Hocevar (Debian packages) <sam+deb@zoy.org> (supplier of updated libdumb package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 21 Jul 2006 11:07:45 +0200
Source: libdumb
Binary: libdumb1 libaldmb1-dev libaldmb1 libdumb1-dev
Architecture: source i386
Version: 1:0.9.3-5
Distribution: unstable
Urgency: critical
Maintainer: Debian allegro packages maintainers <pkg-allegro-maintainers@lists.alioth.debian.org>
Changed-By: Sam Hocevar (Debian packages) <sam+deb@zoy.org>
Description:
libaldmb1 - dynamic universal music bibliotheque, Allegro version
libaldmb1-dev - development files for libaldmb1
libdumb1 - dynamic universal music bibliotheque
libdumb1-dev - development files for libdumb1
Closes: 379064
Changes:
libdumb (1:0.9.3-5) unstable; urgency=critical
.
* Set urgency=critical because of security fix.
.
* debian/patches/100_CVE-2006-3668.diff:
+ Fix for CVE-2006-3668 "Heap-based buffer overflow in the it_read_envelope
function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and
earlier, and current CVS as of 20060716, allows user-complicit attackers
to execute arbitrary code via a ".it" (Impulse Tracker) file with an
enveloper with a large number of nodes." (Closes: #379064).
.
* debian/control:
+ Set policy to 3.7.2.
Files:
b91cf1acdf25110b2fbd49f169c81e63 754 libs optional libdumb_0.9.3-5.dsc
6be3173f27c100781014fa249fc0cf08 4379 libs optional libdumb_0.9.3-5.diff.gz
bb9c024fc6cdd245466504f0badcdf0d 203864 libs optional libdumb1_0.9.3-5_i386.deb
e9ca3705673588d00f090370cef275a8 122542 libdevel optional libdumb1-dev_0.9.3-5_i386.deb
383209af6c5cc6228e825fc087ee6e26 94544 libs optional libaldmb1_0.9.3-5_i386.deb
4a7cea7289d8092aa6e32097c0398c11 4956 libdevel optional libaldmb1-dev_0.9.3-5_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEwJuKfPP1rylJn2ERAm6kAJ0V2q34Kn4AMws5TIzFcsAB9WI34gCdHZoN
F4m6LkVNZ7ZpnHy1uKfc3WM=
=M0YY
-----END PGP SIGNATURE-----
Reply sent to Sam Hocevar (Debian packages) <sam+deb@zoy.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Alec Berryman <alec@thened.net>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #15 received at 379064-close@bugs.debian.org (full text, mbox, reply):
Source: libdumb
Source-Version: 1:0.9.2-6
We believe that the bug you reported is fixed in the latest version of
libdumb, which is due to be installed in the Debian FTP archive:
libaldmb0-dev_0.9.2-6_i386.deb
to pool/main/libd/libdumb/libaldmb0-dev_0.9.2-6_i386.deb
libaldmb0_0.9.2-6_i386.deb
to pool/main/libd/libdumb/libaldmb0_0.9.2-6_i386.deb
libdumb0-dev_0.9.2-6_i386.deb
to pool/main/libd/libdumb/libdumb0-dev_0.9.2-6_i386.deb
libdumb0_0.9.2-6_i386.deb
to pool/main/libd/libdumb/libdumb0_0.9.2-6_i386.deb
libdumb_0.9.2-6.diff.gz
to pool/main/libd/libdumb/libdumb_0.9.2-6.diff.gz
libdumb_0.9.2-6.dsc
to pool/main/libd/libdumb/libdumb_0.9.2-6.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 379064@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sam Hocevar (Debian packages) <sam+deb@zoy.org> (supplier of updated libdumb package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 21 Jul 2006 11:07:45 +0200
Source: libdumb
Binary: libaldmb0-dev libaldmb0 libdumb0-dev libdumb0
Architecture: source i386
Version: 1:0.9.2-6
Distribution: stable-security
Urgency: high
Maintainer: Sam Hocevar (Debian packages) <sam+deb@zoy.org>
Changed-By: Sam Hocevar (Debian packages) <sam+deb@zoy.org>
Description:
libaldmb0 - dynamic universal music bibliotheque, allegro version
libaldmb0-dev - development files for libaldmb0
libdumb0 - dynamic universal music bibliotheque
libdumb0-dev - development files for libdumb0
Closes: 379064
Changes:
libdumb (1:0.9.2-6) stable-security; urgency=high
.
* src/it/itread.c:
+ Fix for CVE-2006-3668 "Heap-based buffer overflow in the it_read_envelope
function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and
earlier, and current CVS as of 20060716, allows user-complicit attackers
to execute arbitrary code via a ".it" (Impulse Tracker) file with an
enveloper with a large number of nodes." (Closes: #379064).
Files:
32242f365a1433e66ca9e46a004523df 634 libs optional libdumb_0.9.2-6.dsc
0ce45f64934e6d5d7b82a55108596680 145722 libs optional libdumb_0.9.2.orig.tar.gz
65aa4b7596e81c622e830bbe1d32ff22 3914 libs optional libdumb_0.9.2-6.diff.gz
ead6a0b39172a059491c864b9985101f 108496 libs optional libdumb0_0.9.2-6_i386.deb
a0d02ff38ef6791845756ca2394a4bc5 47478 libdevel optional libdumb0-dev_0.9.2-6_i386.deb
1c721ae454752d3a252f1cfc9a773d41 74484 libs optional libaldmb0_0.9.2-6_i386.deb
e4b77e2545480a205f675e39017efc58 4738 libdevel optional libaldmb0-dev_0.9.2-6_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEwQSOXm3vHE4uyloRAr8cAKDlhjg3bz8EvGrDjilhuKe0gjFNFQCguT1Q
5tiomedTMa9ysqsr29fgVvo=
=+I7H
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 26 Jun 2007 05:59:28 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:06:35 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon