Debian Bug report logs - #264972
wv: Security problem with wv

version graph

Package: wv; Maintainer for wv is Daniel Walrond <debian@djw.org.uk>; Source for wv is src:wv.

Reported by: Mikael Sennerholm <mikan@debian.org>

Date: Wed, 11 Aug 2004 07:48:01 UTC

Severity: grave

Tags: fixed, patch, sarge, security, sid

Found in version 0.7.4-1

Fixed in version 1.0.2-0.1

Done: Hubert Figuiere <hub@figuiere.net>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Mikael Sennerholm <mikan@debian.org>, Matej Vela <vela@debian.org>:
Bug#264972; Package wv. Full text and rfc822 format available.

Acknowledgement sent to Mikael Sennerholm <mikan@debian.org>:
New Bug report received and forwarded. Copy sent to Mikael Sennerholm <mikan@debian.org>, Matej Vela <vela@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Mikael Sennerholm <mikan@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: wv: Security problem with wv
Date: Wed, 11 Aug 2004 09:34:17 +0200 (CEST)
Package: wv
Version: 0.7.4-1
Severity: grave
Tags: security

Hi!

According to: 
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0645 
a buffer overflow exists in wv (and the library). 

This one is solved in in upstream 1.0.2 version wish exists at:
http://prdownloads.sourceforge.net/wvware

Sincerely
Mikael

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.25
Locale: LANG=sv_SE, LC_CTYPE=sv_SE

Versions of packages wv depends on:
ii  libc6                     2.3.2.ds1-15   GNU C Library: Shared libraries an
ii  libexpat1                 1.95.6-8       XML parsing C library - runtime li
ii  libfreetype6              2.1.7-2.2      FreeType 2 font engine, shared lib
ii  libglib2.0-0              2.4.5-2        The GLib library of C routines
ii  libjpeg62                 6b-9           The Independent JPEG Group's JPEG 
ii  libpng12-0                1.2.5.0-7      PNG library - runtime
ii  libwmf0.2-7               0.2.8-1.1      Windows metafile conversion librar
ii  xlibs                     4.3.0.dfsg.1-6 X Window System client libraries m
ii  zlib1g                    1:1.2.1.1-5    compression library - runtime

-- no debconf information



Tags added: sid, sarge Request was from Mikael Sennerholm <mikan@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Matej Vela <vela@debian.org>:
Bug#264972; Package wv. Full text and rfc822 format available.

Acknowledgement sent to Mikael Sennerholm <mikan@debian.org>:
Extra info received and forwarded to list. Copy sent to Matej Vela <vela@debian.org>. Full text and rfc822 format available.

Message #12 received at 264972@bugs.debian.org (full text, mbox):

From: Mikael Sennerholm <mikan@debian.org>
To: 264972@bugs.debian.org
Subject: Re: Bug#264972: wv: Security problem with wv
Date: Wed, 11 Aug 2004 14:36:59 +0200
Hi!

I have now created a package for 1.0.2 version of wv. It's located at:
http://www.mikan.net/~mikan/debian/bug264972/

Entry from changelog: 
wv (1.0.2-0.1) unstable; urgency=high

  * NMU to fix security bug, it also applies to the sarge version.

  * New upstream release, with fix for security bugg with
    CAN-2004-0645 (Closes: #264972)

  * wvText.in has changed, so the diff doesn't apply any more.

  * debian/rules L33: Checking for GNUmakefile instead for makefile

  * debian/rules L43: bin/make_epses.sh,bin/wv-*config and share/wv/ttf
    doesn't not exists any more

  * debian/rules L44,L45: Some removed files. README still exists, but
the
    other doesn't exists in 1.0.2.

  * help/man/GNUmakefile.am: L1, adding share to manonedir
    (aclocal-1.8 and automake-1.8 need to be runned after that and give
some
     warnings)

 -- Mikael Sennerholm <mikan@debian.org>  Wed, 11 Aug 2004 11:44:10
+0200

Sincerely
Mikael



Tags added: patch Request was from Mikael Sennerholm <mikan@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: fixed Request was from Mikael Sennerholm <mikan@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to Hubert Figuiere <hub@figuiere.net>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Mikael Sennerholm <mikan@debian.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #21 received at 264972-done@bugs.debian.org (full text, mbox):

From: Hubert Figuiere <hub@figuiere.net>
To: 264972-done@bugs.debian.org
Subject: bug fixed
Date: Sun, 26 Feb 2006 00:10:06 -0500
Version: 1.0.2-0.1


version 1.0.2 include that fix. see bug comments
it is in sarge and up.


Hub



Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 26 Jun 2007 11:51:22 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 16:48:12 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.