Debian Bug report logs - #332424
CAN-2005-3150: Format string vulnerability in log_flush function

version graph

Package: weex; Maintainer for weex is Ludovic Drolez <ldrolez@debian.org>; Source for weex is src:weex.

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Thu, 6 Oct 2005 12:33:07 UTC

Severity: grave

Tags: fixed, security

Fixed in version 2.6.1-6sarge1

Done: "Adam D. Barratt" <debian-bts@adam-barratt.org.uk>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Ludovic Drolez <ldrolez@debian.org>:
Bug#332424; Package weex. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Ludovic Drolez <ldrolez@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CAN-2005-3150: Format string vulnerability in log_flush function
Date: Thu, 06 Oct 2005 14:26:03 +0200
Package: weex
Severity: grave
Tags: security
Justification: user security hole

A remotely exploitable format string vulnerability has been found in
weex. Please see http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/86833
for details and a patch.

Please mention the CVE assignment CAN-2005-3150 in the changelog when
fixing this.

Cheers,
        Moritz

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-rc1
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)



Information forwarded to debian-bugs-dist@lists.debian.org, Ludovic Drolez <ldrolez@debian.org>:
Bug#332424; Package weex. Full text and rfc822 format available.

Acknowledgement sent to Noah Meyerhans <noahm@debian.org>:
Extra info received and forwarded to list. Copy sent to Ludovic Drolez <ldrolez@debian.org>. Full text and rfc822 format available.

Message #10 received at 332424@bugs.debian.org (full text, mbox):

From: Noah Meyerhans <noahm@debian.org>
To: Moritz Muehlenhoff <jmm@inutil.org>, 332424@bugs.debian.org
Subject: Re: Bug#332424: CAN-2005-3150: Format string vulnerability in log_flush function
Date: Thu, 6 Oct 2005 09:12:35 -0400
[Message part 1 (text/plain, inline)]
On Thu, Oct 06, 2005 at 02:26:03PM +0200, Moritz Muehlenhoff wrote:
> A remotely exploitable format string vulnerability has been found in
> weex. Please see http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/86833
> for details and a patch.

A fix for stable is already being prepared.

noah

[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Ludovic Drolez <ldrolez@debian.org>:
Bug#332424; Package weex. Full text and rfc822 format available.

Acknowledgement sent to Ludovic Drolez <ldrolez@free.fr>:
Extra info received and forwarded to list. Copy sent to Ludovic Drolez <ldrolez@debian.org>. Full text and rfc822 format available.

Message #15 received at 332424@bugs.debian.org (full text, mbox):

From: Ludovic Drolez <ldrolez@free.fr>
To: Noah Meyerhans <noahm@debian.org>, 332424@bugs.debian.org
Cc: Moritz Muehlenhoff <jmm@inutil.org>
Subject: Re: Bug#332424: CAN-2005-3150: Format string vulnerability in log_flush function
Date: Thu, 06 Oct 2005 20:30:37 +0200

Noah Meyerhans wrote:
> On Thu, Oct 06, 2005 at 02:26:03PM +0200, Moritz Muehlenhoff wrote:
> 
>>A remotely exploitable format string vulnerability has been found in
>>weex. Please see http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/86833
>>for details and a patch.
> 
> 
> A fix for stable is already being prepared.
> 

Thanks ! I see that it was trivial to patch.

Cheers,

-- 
Ludovic Drolez.

http://www.palmopensource.com       - The PalmOS Open Source Portal
http://www.drolez.com      - Personal site - Linux and PalmOS stuff



Tags added: fixed Request was from Bastian Kleineidam <calvin@users.sourceforge.net> to control@bugs.debian.org. Full text and rfc822 format available.

Information stored:
Bug#332424; Package weex. Full text and rfc822 format available.

Acknowledgement sent to Bastian Kleineidam <calvin@users.sourceforge.net>:
Extra info received and filed, but not forwarded. Full text and rfc822 format available.

Message #22 received at 332424-quiet@bugs.debian.org (full text, mbox):

From: Bastian Kleineidam <calvin@users.sourceforge.net>
To: control@bugs.debian.org, 332424-quiet@bugs.debian.org
Subject: tagging
Date: Mon, 09 Jan 2006 00:44:20 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

tags 332424 + fixed
thanks

This bug is fixed by NMU.

Regards,
- --
  ,''`.                  Bastian Kleineidam
 : :' :                    GnuPG Schl├╝ssel
 `. `'    gpg --keyserver wwwkeys.pgp.net --recv-keys 32EC6F3E
   `-

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDwaPTeBwlBDLsbz4RAr7RAKCYSxVha08IWLan0jeyrNb4twmABQCdG0rc
rLisWf6wrO+u28U68/uHh9c=
=N+/F
-----END PGP SIGNATURE-----



Bug marked as fixed in version 2.6.1-6sarge1, send any further explanations to Moritz Muehlenhoff <jmm@inutil.org> Request was from "Adam D. Barratt" <debian-bts@adam-barratt.org.uk> to control@bugs.debian.org. Full text and rfc822 format available.

Message sent on to Moritz Muehlenhoff <jmm@inutil.org>:
Bug#332424. Full text and rfc822 format available.

Message #27 received at 332424-submitter@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <debian-bts@adam-barratt.org.uk>
To: 331601-submitter@bugs.debian.org, 331607-submitter@bugs.debian.org, 332216-submitter@bugs.debian.org, 332237-submitter@bugs.debian.org, 332389-submitter@bugs.debian.org, 332424-submitter@bugs.debian.org, 325490-submitter@bugs.debian.org, 332451-submitter@bugs.debian.org, 332507-submitter@bugs.debian.org, 332702-submitter@bugs.debian.org, 332703-submitter@bugs.debian.org, 332808-submitter@bugs.debian.org, 332896-submitter@bugs.debian.org, 333035-submitter@bugs.debian.org, 342420-submitter@bugs.debian.org, 333046-submitter@bugs.debian.org, 333460-submitter@bugs.debian.org, 333857-submitter@bugs.debian.org, 333885-submitter@bugs.debian.org, 340743-submitter@bugs.debian.org, 334252-submitter@bugs.debian.org, 334320-submitter@bugs.debian.org, 334651-submitter@bugs.debian.org, 335126-submitter@bugs.debian.org, 335144-submitter@bugs.debian.org, 335146-submitter@bugs.debian.org, 335252-submitter@bugs.debian.org, 335274-submitter@bugs.debian.org, 335567-submitter@bugs.debian.org, 335719-submitter@bugs.debian.org, 335842-submitter@bugs.debian.org, 336168-submitter@bugs.debian.org, 336312-submitter@bugs.debian.org, 336485-submitter@bugs.debian.org, 379846-submitter@bugs.debian.org, 336535-submitter@bugs.debian.org, 336710-submitter@bugs.debian.org, 337246-submitter@bugs.debian.org, 337453-submitter@bugs.debian.org, 337495-submitter@bugs.debian.org, 337576-submitter@bugs.debian.org, 337593-submitter@bugs.debian.org, 339192-submitter@bugs.debian.org, 346695-submitter@bugs.debian.org, 347154-submitter@bugs.debian.org, 337708-submitter@bugs.debian.org, 337711-submitter@bugs.debian.org, 338327-submitter@bugs.debian.org, 340076-submitter@bugs.debian.org, 345223-submitter@bugs.debian.org, 338370-submitter@bugs.debian.org, 338432-submitter@bugs.debian.org, 338483-submitter@bugs.debian.org, 338537-submitter@bugs.debian.org, 338920-submitter@bugs.debian.org, 339024-submitter@bugs.debian.org, 341234-submitter@bugs.debian.org, 339073-submitter@bugs.debian.org, 339103-submitter@bugs.debian.org, 339187-submitter@bugs.debian.org, 339220-submitter@bugs.debian.org, 339225-submitter@bugs.debian.org, 339226-submitter@bugs.debian.org, 339236-submitter@bugs.debian.org, 339241-submitter@bugs.debian.org, 339250-submitter@bugs.debian.org, 339267-submitter@bugs.debian.org, 339268-submitter@bugs.debian.org, 339280-submitter@bugs.debian.org, 339711-submitter@bugs.debian.org, 339806-submitter@bugs.debian.org, 339835-submitter@bugs.debian.org, 340010-submitter@bugs.debian.org, 340084-submitter@bugs.debian.org, 340163-submitter@bugs.debian.org, 340174-submitter@bugs.debian.org, 340516-submitter@bugs.debian.org, 340577-submitter@bugs.debian.org, 341011-submitter@bugs.debian.org, 341975-submitter@bugs.debian.org, 342035-submitter@bugs.debian.org, 342322-submitter@bugs.debian.org, 346188-submitter@bugs.debian.org, 347153-submitter@bugs.debian.org, 343035-submitter@bugs.debian.org, 343771-submitter@bugs.debian.org, 343782-submitter@bugs.debian.org, 343795-submitter@bugs.debian.org, 343804-submitter@bugs.debian.org, 343912-submitter@bugs.debian.org, 343989-submitter@bugs.debian.org, 344029-submitter@bugs.debian.org, 344254-submitter@bugs.debian.org, 344447-submitter@bugs.debian.org, 344503-submitter@bugs.debian.org, 345737-submitter@bugs.debian.org, 345880-submitter@bugs.debian.org, 344742-submitter@bugs.debian.org
Subject: Bugs fixed in NMU, documenting versions
Date: Sun, 22 Oct 2006 23:09:18 +0100
# Hi,
#
# These bugs were fixed in an NMU, but have not been acknowledged by the
# maintainers.  With version tracking in the Debian BTS, it is important
# to know which version of a package fixes each bug so that they can be
# tracked for release status, so I'm closing these bugs with the
#relevant version information now

close 331601 0.11.3-1.3
close 331607 0.11.3-1.3
close 332216 2005.08.R1-1.1
close 332237 0.11.3-1.4
close 332389 3.1.2-0.1
close 332424 2.6.1-6sarge1
close 325490 0.7.1-1.1
close 332451 0.7.1-1.1
close 332507 0.4.5+cvs20030824-1.5
close 332702 1.5-2.1
close 332703 2.1.19-1.7
close 332808 2.0.12-1.5
close 332896 2.6.2.pre2-1.1
close 333035 0.12-8.1
close 342420 0.12-8.1
close 333046 2.2-5.1
close 333460 1.0-23.2
close 333857 1.0-23.2
close 333885 1.0.20040603-1.1
close 340743 1.0.20040603-1.1
close 334252 20031130-2.1
close 334320 1.4.2-5.1
close 334651 3.0-4.1
close 335126 0.5.3-1.1
close 335144 3.1.1-4.1
close 335146 0.2-1.1
close 335252 0.4.0-1.1
close 335274 0.13-3.2
close 335567 0.4.5+cvs20030824-1.6
close 335719 3.0.cvs20050714-1.1
close 335842 3.10-1.1
close 336168 1.4-2.1
close 336312 0.2.4-4.1
close 336485 2.1.19.dfsg1-0.3
close 379846 2.1.19.dfsg1-0.3
close 336535 2005.08.R1-1.2
close 336710 1:3.2.6-2.1
close 337246 1.0.1-6.1
close 337453 0.9b3-2.1
close 337495 2.09-2sarge1
close 337576 20.0-1.1
close 337593 1.1.3-5.1
close 339192 1.1.3-5.1
close 346695 1.1.3-5.1
close 347154 1.1.3-5.1
close 337708 1.20-2.1
close 337711 0.5-0.2
close 338327 1.9-11.1
close 340076 1.9-11.1
close 345223 1.9-11.1
close 338370 1.35-4.1
close 338432 2.3.3-6.2
close 338483 0.95-1.3
close 338537 1.6-1.1
close 338920 46-2.1
close 339024 4.2.24-1.1
close 341234 4.2.24-1.1
close 339073 1.5.19-20+sarge1
close 339103 0.5.0-1.1
close 339187 6:6.2.4.5-0.3
close 339220 0.6.5-2
close 339225 1.0.4-1.2
close 339226 2.6.1-2.2
close 339236 2.6.2.pre2-1.2
close 339241 1.2.2-4.1
close 339250 6.4-1.1
close 339267 4.2.0-8.1
close 339268 0.7.2-1.1
close 339280 0.1.5.9+cvs.2004.02.07-3.3
close 339711 2.0pl5-19.4
close 339806 0.8pre1-6.1
close 339835 2.11b-1.4
close 340010 1.3-2.2
close 340084 1:1.2.3-9.1
close 340163 0.2.9-5.1
close 340174 0.99.44-0.1
close 340516 1.1.6-2.1
close 340577 1.1.0.20050815-2.1
close 341011 1.8-1.1
close 341975 0.70.1-1.1
close 342035 0.70.1-1.1
close 342322 9.4.2-2.5
close 346188 9.4.2-2.5
close 347153 9.4.2-2.5
close 343035 0.3b.19990815-3.1
close 343771 4.3.9-2.1
close 343782 1.3.13.1-4.1
close 343795 0.5.8-0.1
close 343804 0.3.7-4.1
close 343912 0.0.4-2.1
close 343989 8.4.11-1.1
close 344029 2.1-5.1
close 344254 2.0.9-3.2
close 344447 0.79-3.1
close 344503 9.4.2-2.7
close 345737 2.1.19-1.8
close 345880 2.1.19-1.8
close 344742 0.1.14-1.1




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 24 Jun 2007 22:33:44 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 01:19:31 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.