Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

raptor: Fix for CVE-2012-0037 no applied during build

Related Vulnerabilities: CVE-2012-0037  

Source

Debian Bug report logs - #677427
raptor: Fix for CVE-2012-0037 no applied during build

version graph

Package: raptor; Maintainer for raptor is Dave Beckett <dajobe@debian.org>;

Reported by: Jamie Strandboge <jamie@ubuntu.com>

Date: Wed, 13 Jun 2012 21:33:02 UTC

Severity: grave

Tags: patch, security

Found in version 1.4.21-7

Fixed in version raptor/1.4.21-7.1

Done: Luk Claes <luk@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Dave Beckett <dajobe@debian.org>:
Bug#677427; Package raptor. (Wed, 13 Jun 2012 21:33:05 GMT) (full text, mbox, link).

Acknowledgement sent to Jamie Strandboge <jamie@ubuntu.com>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Dave Beckett <dajobe@debian.org>. (Wed, 13 Jun 2012 21:33:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Jamie Strandboge <jamie@ubuntu.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: raptor: Fix for CVE-2012-0037 no applied during build
Date: Wed, 13 Jun 2012 16:31:41 -0500
[Message part 1 (text/plain, inline)]
Package: raptor
Version: 1.4.21-7
Severity: grave
Tags: patch security
Justification: user security hole
User: ubuntu-devel@lists.ubuntu.com
Usertags: origin-ubuntu quantal ubuntu-patch

Dear Maintainer,

While 1.4.21-7 claims to fix CVE-2012-0037, it does not because
debian/patches/series was not updated. Attached is a patch to:
 * update the series file
 * update raptor-1.4.21-cve.patch to apply cleanly with 02-fix-639065
   applied first
 * adjust raptor-1.4.21-cve.patch to initialize entity_input to NULL to
   fix a compiler warning when compiling with -Wuninitialized.

Thanks for considering the patch.


-- System Information:
Debian Release: wheezy/sid
  APT prefers precise-updates
  APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500, 'precise')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-24-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

[raptor_1.4.21-7ubuntu1.debdiff (text/x-diff, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Dave Beckett <dajobe@debian.org>:
Bug#677427; Package raptor. (Sat, 23 Jun 2012 16:51:02 GMT) (full text, mbox, link).

Acknowledgement sent to Luk Claes <luk@debian.org>:
Extra info received and forwarded to list. Copy sent to Dave Beckett <dajobe@debian.org>. (Sat, 23 Jun 2012 16:51:02 GMT) (full text, mbox, link).

Message #10 received at 677427@bugs.debian.org (full text, mbox, reply):

From: Luk Claes <luk@debian.org>
To: 677427@bugs.debian.org
Subject: raptor: diff for NMU version 1.4.21-7.1
Date: Sat, 23 Jun 2012 18:48:43 +0200
[Message part 1 (text/plain, inline)]
tags 677427 + pending
thanks

Dear maintainer,

I've prepared an NMU for raptor (versioned as 1.4.21-7.1) and
uploaded it to DELAYED/02. Please feel free to tell me if I
should delay it longer.

Cheers

Luk

[raptor-1.4.21-7.1-nmu.diff (text/x-diff, attachment)]

Added tag(s) pending. Request was from Luk Claes <luk@debian.org> to control@bugs.debian.org. (Sat, 23 Jun 2012 16:51:06 GMT) (full text, mbox, link).

Reply sent to Luk Claes <luk@debian.org>:
You have taken responsibility. (Mon, 25 Jun 2012 17:06:13 GMT) (full text, mbox, link).

Notification sent to Jamie Strandboge <jamie@ubuntu.com>:
Bug acknowledged by developer. (Mon, 25 Jun 2012 17:06:13 GMT) (full text, mbox, link).

Message #17 received at 677427-close@bugs.debian.org (full text, mbox, reply):

From: Luk Claes <luk@debian.org>
To: 677427-close@bugs.debian.org
Subject: Bug#677427: fixed in raptor 1.4.21-7.1
Date: Mon, 25 Jun 2012 17:04:27 +0000
Source: raptor
Source-Version: 1.4.21-7.1

We believe that the bug you reported is fixed in the latest version of
raptor, which is due to be installed in the Debian FTP archive:

libraptor1-dbg_1.4.21-7.1_i386.deb
  to main/r/raptor/libraptor1-dbg_1.4.21-7.1_i386.deb
libraptor1-dev_1.4.21-7.1_i386.deb
  to main/r/raptor/libraptor1-dev_1.4.21-7.1_i386.deb
libraptor1-doc_1.4.21-7.1_all.deb
  to main/r/raptor/libraptor1-doc_1.4.21-7.1_all.deb
libraptor1_1.4.21-7.1_i386.deb
  to main/r/raptor/libraptor1_1.4.21-7.1_i386.deb
raptor-utils_1.4.21-7.1_i386.deb
  to main/r/raptor/raptor-utils_1.4.21-7.1_i386.deb
raptor_1.4.21-7.1.debian.tar.gz
  to main/r/raptor/raptor_1.4.21-7.1.debian.tar.gz
raptor_1.4.21-7.1.dsc
  to main/r/raptor/raptor_1.4.21-7.1.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 677427@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luk Claes <luk@debian.org> (supplier of updated raptor package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 23 Jun 2012 18:36:29 +0200
Source: raptor
Binary: libraptor1-dev libraptor1 raptor-utils libraptor1-doc libraptor1-dbg
Architecture: source all i386
Version: 1.4.21-7.1
Distribution: unstable
Urgency: high
Maintainer: Dave Beckett <dajobe@debian.org>
Changed-By: Luk Claes <luk@debian.org>
Description: 
 libraptor1 - Raptor RDF parser and serializer library
 libraptor1-dbg - Raptor RDF parser and serializer library - debugging symbols
 libraptor1-dev - Raptor RDF parser and serializer development libraries and header
 libraptor1-doc - Documentation for the Raptor RDF parser and serializer library
 raptor-utils - Raptor RDF parser and serializer utilities
Closes: 677427
Changes: 
 raptor (1.4.21-7.1) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Do also apply the patch to fix CVE-2012-0037 (Closes: #677427).
Checksums-Sha1: 
 e64b5cbe32b956f7096d3ac22081a1135cc082e3 1377 raptor_1.4.21-7.1.dsc
 d277cf94c14278a04f2dce82839d9eb8581bb48f 10495 raptor_1.4.21-7.1.debian.tar.gz
 3c7c716b023119b0cfd54779fef4147ab35121d9 191882 libraptor1-doc_1.4.21-7.1_all.deb
 1818678bb3bea9f136a3f2208049bede87027065 284482 libraptor1-dev_1.4.21-7.1_i386.deb
 b9d279d7a4a3a2aa7af6a26e64538d25ea19a83b 227958 libraptor1_1.4.21-7.1_i386.deb
 9cb51a1513d8a7a7fce38fabd768dd628faa8ce8 66528 raptor-utils_1.4.21-7.1_i386.deb
 7decc61080fcecbaf702ae2652312db956b10367 509320 libraptor1-dbg_1.4.21-7.1_i386.deb
Checksums-Sha256: 
 55b5478a29e9e8db3c401a9c7e880b8e549a02e9619e0bf526bb54d4ea0298b3 1377 raptor_1.4.21-7.1.dsc
 68c2fe3cf0d1a09eb174943bf5eccb1e0ea56d61791ba2e524e9e0027f91a7ad 10495 raptor_1.4.21-7.1.debian.tar.gz
 28b3fe10d83d2c40e210312767a3c11a79f02ef52820f08309cf0e320935084f 191882 libraptor1-doc_1.4.21-7.1_all.deb
 ce89da7da9e9b42641a2afba1c7d2629e313f2a4a215e41ce4b4ff6b038a25f9 284482 libraptor1-dev_1.4.21-7.1_i386.deb
 1ce423290b2e5a2099ca2e0cb94d5026c42545c9669f297d8f07c5000d7c3de6 227958 libraptor1_1.4.21-7.1_i386.deb
 2f33f9d7eb409e47e10eb23a71e5ea5484a9bee97a885983d0c2b543947845c6 66528 raptor-utils_1.4.21-7.1_i386.deb
 b63a05fcefabc81a96009658b52a69de9bab0e7a6388535993171295ace6a173 509320 libraptor1-dbg_1.4.21-7.1_i386.deb
Files: 
 b5bd67ef61437762717832b288df9177 1377 devel optional raptor_1.4.21-7.1.dsc
 01c7bf6740eb54579d7861163bf6d0db 10495 devel optional raptor_1.4.21-7.1.debian.tar.gz
 0e94940615d18e2fe84c0b7a6363155f 191882 doc optional libraptor1-doc_1.4.21-7.1_all.deb
 8edbccf1ddd12ef9cbc76a975132d349 284482 libdevel optional libraptor1-dev_1.4.21-7.1_i386.deb
 0b4e785cc22e71696b38136bdb816fa8 227958 libs optional libraptor1_1.4.21-7.1_i386.deb
 5fb0ad37fc86687509f142479f576b71 66528 text optional raptor-utils_1.4.21-7.1_i386.deb
 683f9ba71003d74cc173eef5913a734f 509320 debug extra libraptor1-dbg_1.4.21-7.1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAk/l83QACgkQ5UTeB5t8Mo1UlACgurRKV98QJ+9PDlBLIBQNfal1
Mz8An12Mab0LcJTtZoXfcAWIDhf1oqLF
=xebw
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 24 Jul 2012 07:28:08 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 13:37:25 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started