Debian Bug report logs - #416038
Several NAS security bugs

version graph

Package: nas; Maintainer for nas is Steve McIntyre <93sam@debian.org>; Source for nas is src:nas.

Reported by: Florian Weimer <fw@deneb.enyo.de>

Date: Sat, 24 Mar 2007 10:09:01 UTC

Severity: grave

Tags: security

Fixed in version nas/1.8-4

Done: Steve McIntyre <93sam@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Steve McIntyre <93sam@debian.org>:
Bug#416038; Package nas. Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
New Bug report received and forwarded. Copy sent to Steve McIntyre <93sam@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: submit@bugs.debian.org
Subject: Several NAS security bugs
Date: Sat, 24 Mar 2007 11:08:27 +0100
Package: nas
Tags: security
Severity: grave

Several bugs in the Network Audio System have been disclosed:

<http://aluigi.altervista.org/adv/nasbugs-adv.txt>

The CVE project has assigned the names CVE-2007-1543, CVE-2007-1544,
CVE-2007-1545, CVE-2007-1546 and CVE-2007-1547 to these
vulnerabilities.  Please mention them in the changelog when fixing the
bugs.



Information forwarded to debian-bugs-dist@lists.debian.org, Steve McIntyre <93sam@debian.org>:
Bug#416038; Package nas. Full text and rfc822 format available.

Acknowledgement sent to Steve McIntyre <steve@einval.com>:
Extra info received and forwarded to list. Copy sent to Steve McIntyre <93sam@debian.org>. Full text and rfc822 format available.

Message #10 received at 416038@bugs.debian.org (full text, mbox):

From: Steve McIntyre <steve@einval.com>
To: Florian Weimer <fw@deneb.enyo.de>, 416038@bugs.debian.org
Cc: team@security.debian.org
Subject: Re: Bug#416038: Several NAS security bugs
Date: Sun, 25 Mar 2007 23:30:13 +0100
[Message part 1 (text/plain, inline)]
On Sat, Mar 24, 2007 at 11:08:27AM +0100, Florian Weimer wrote:
>Package: nas
>Tags: security
>Severity: grave
>
>Several bugs in the Network Audio System have been disclosed:
>
><http://aluigi.altervista.org/adv/nasbugs-adv.txt>
>
>The CVE project has assigned the names CVE-2007-1543, CVE-2007-1544,
>CVE-2007-1545, CVE-2007-1546 and CVE-2007-1547 to these
>vulnerabilities.  Please mention them in the changelog when fixing the
>bugs.

I'm working on updates for both sarge and etch now. Upstream just
released a new version which I'll put into sid, and the diffs from the
last version are clear, easy to follow and well documented. I *like*
the nas upstream... :-)

-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
"I suspect most samba developers are already technically insane... Of
 course, since many of them are Australians, you can't tell." -- Linus Torvalds
[signature.asc (application/pgp-signature, inline)]

Reply sent to Steve McIntyre <93sam@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Florian Weimer <fw@deneb.enyo.de>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #15 received at 416038-close@bugs.debian.org (full text, mbox):

From: Steve McIntyre <93sam@debian.org>
To: 416038-close@bugs.debian.org
Subject: Bug#416038: fixed in nas 1.8-4
Date: Mon, 26 Mar 2007 00:32:02 +0000
Source: nas
Source-Version: 1.8-4

We believe that the bug you reported is fixed in the latest version of
nas, which is due to be installed in the Debian FTP archive:

libaudio-dev_1.8-4_i386.deb
  to pool/main/n/nas/libaudio-dev_1.8-4_i386.deb
libaudio2_1.8-4_i386.deb
  to pool/main/n/nas/libaudio2_1.8-4_i386.deb
nas-bin_1.8-4_i386.deb
  to pool/main/n/nas/nas-bin_1.8-4_i386.deb
nas-doc_1.8-4_all.deb
  to pool/main/n/nas/nas-doc_1.8-4_all.deb
nas_1.8-4.diff.gz
  to pool/main/n/nas/nas_1.8-4.diff.gz
nas_1.8-4.dsc
  to pool/main/n/nas/nas_1.8-4.dsc
nas_1.8-4_i386.deb
  to pool/main/n/nas/nas_1.8-4_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 416038@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steve McIntyre <93sam@debian.org> (supplier of updated nas package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 26 Mar 2007 00:29:10 +0100
Source: nas
Binary: nas-doc libaudio-dev nas libaudio2 nas-bin
Architecture: source i386 all
Version: 1.8-4
Distribution: unstable
Urgency: high
Maintainer: Steve McIntyre <93sam@debian.org>
Changed-By: Steve McIntyre <93sam@debian.org>
Description: 
 libaudio-dev - The Network Audio System (NAS). (development files)
 libaudio2  - The Network Audio System (NAS). (shared libraries)
 nas        - The Network Audio System (NAS). (local server)
 nas-bin    - The Network Audio System (NAS). (client binaries)
 nas-doc    - The Network Audio System (NAS). (extra documentation)
Closes: 416038
Changes: 
 nas (1.8-4) unstable; urgency=high
 .
    * High-urgency upload to fix multiple security holes (CVE-2007-1543,
      CVE-2007-1544, CVE-2007-1545, CVE-2007-1546 and CVE-2007-1547):
     + accept_att_local buffer overflow through USL connection
     + server termination through unexistent ID in AddResource
     + bcopy crash caused by integer overflow in ProcAuWriteElement
     + invalid memory pointer caused by big num_actions in
       ProcAuSetElements
     + another invalid memory pointer caused by big num_actions in
       ProcAuSetElements
     + invalid memory pointer in compileInputs
     + exploits bug 3 in read mode (requires something playing on
       the server)
     + NULL pointer caused by too much connections
     + Closes: #416038
Files: 
 9aa8fa5e47bd1b7281ffd77f30c0a7f2 715 sound optional nas_1.8-4.dsc
 7f9a5cdfeb39b3ec36f2314ecea87214 488564 sound optional nas_1.8-4.diff.gz
 5fb310aeef5d5c0ad65aa0887f6e9bb7 151780 doc extra nas-doc_1.8-4_all.deb
 fe56bf4843b5396ab9044799d2ffa6e5 101526 sound optional nas_1.8-4_i386.deb
 e1035ce0a66ed2022f169e8cbfb6057e 496384 sound extra nas-bin_1.8-4_i386.deb
 43d0541380860eb26ad07bcd212680e5 73426 libs optional libaudio2_1.8-4_i386.deb
 7776942340fedf8506f54e7b0d519e5b 1102850 libdevel optional libaudio-dev_1.8-4_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGBw4lfDt5cIjHwfcRAuAwAJ42f/Xy6bwZS8kuEQtCIBlKrR0m1gCfTxAY
DVm88GcYyYweSjlbNUDu8YQ=
=nmeb
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, Steve McIntyre <93sam@debian.org>:
Bug#416038; Package nas. Full text and rfc822 format available.

Acknowledgement sent to Steve McIntyre <steve@einval.com>:
Extra info received and forwarded to list. Copy sent to Steve McIntyre <93sam@debian.org>. Full text and rfc822 format available.

Message #20 received at 416038@bugs.debian.org (full text, mbox):

From: Steve McIntyre <steve@einval.com>
To: Florian Weimer <fw@deneb.enyo.de>, 416038@bugs.debian.org
Cc: team@security.debian.org
Subject: Re: Bug#416038: Several NAS security bugs
Date: Mon, 26 Mar 2007 02:26:45 +0100
[Message part 1 (text/plain, inline)]
On Sun, Mar 25, 2007 at 11:30:13PM +0100, Steve McIntyre wrote:
>On Sat, Mar 24, 2007 at 11:08:27AM +0100, Florian Weimer wrote:
>>Package: nas
>>Tags: security
>>Severity: grave
>>
>>Several bugs in the Network Audio System have been disclosed:
>>
>><http://aluigi.altervista.org/adv/nasbugs-adv.txt>
>>
>>The CVE project has assigned the names CVE-2007-1543, CVE-2007-1544,
>>CVE-2007-1545, CVE-2007-1546 and CVE-2007-1547 to these
>>vulnerabilities.  Please mention them in the changelog when fixing the
>>bugs.
>
>I'm working on updates for both sarge and etch now. Upstream just
>released a new version which I'll put into sid, and the diffs from the
>last version are clear, easy to follow and well documented. I *like*
>the nas upstream... :-)

New versions for sid/etch and sarge now uploaded.

-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
"The problem with defending the purity of the English language is that
 English is about as pure as a cribhouse whore. We don't just borrow words; on
 occasion, English has pursued other languages down alleyways to beat them
 unconscious and rifle their pockets for new vocabulary."  -- James D. Nicoll
[signature.asc (application/pgp-signature, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 25 Jun 2007 07:07:06 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 11:27:33 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.