Debian Bug report logs - #457300
peercast: CVE-2007-6454 heap-based buffer overflow possibly leading to code execution

version graph

Package: peercast; Maintainer for peercast is (unknown);

Reported by: Nico Golde <nion@debian.org>

Date: Fri, 21 Dec 2007 11:57:01 UTC

Severity: grave

Tags: patch, security

Found in version peercast/0.1217.toots.20060314-1

Fixed in versions peercast/0.1218+svn20071220+2-1, peercast/0.1217.toots.20060314-1etch0

Done: Romain Beauxis <toots@rastageeks.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Romain Beauxis <toots@rastageeks.org>:
Bug#457300; Package peercast. Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to Romain Beauxis <toots@rastageeks.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: submit@bugs.debian.org
Subject: peercast: CVE-2007-6454 heap-based buffer overflow possibly leading to code execution
Date: Fri, 21 Dec 2007 12:55:50 +0100
[Message part 1 (text/plain, inline)]
Package: peercast
Version: 0.1217.toots.20060314-1
Severity: grave
Tags: security patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for peercast.

CVE-2007-6454[0]:
| Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp
| in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote
| attackers to cause a denial of service and possibly execute arbitrary
| code via a long SOURCE request.

If you fix this vulnerability please also include the CVE id
in your changelog entry.

Attached is a patch extracted from the upstream svn to fix 
this.

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6454

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[CVE-2007-6454.patch (text/x-diff, attachment)]
[Message part 3 (application/pgp-signature, inline)]

Reply sent to Romain Beauxis <toots@rastageeks.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #10 received at 457300-done@bugs.debian.org (full text, mbox):

From: Romain Beauxis <toots@rastageeks.org>
To: 457300-done@bugs.debian.org
Subject: Re: Bug#457300: peercast: CVE-2007-6454 heap-based buffer overflow possibly leading to code execution
Date: Fri, 21 Dec 2007 13:10:05 +0100
Package: peercast
Version: 0.1218+svn20071220+2


	Hi !

This fix was uploaded yesterday !

Should we prepare a backport for current etch package ?


Romain


Le Friday 21 December 2007 12:55:50 Nico Golde, vous avez écrit :
> Package: peercast
> Version: 0.1217.toots.20060314-1
> Severity: grave
> Tags: security patch
>
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for peercast.
>
> CVE-2007-6454[0]:
> | Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp
> | in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote
> | attackers to cause a denial of service and possibly execute arbitrary
> | code via a long SOURCE request.
>
> If you fix this vulnerability please also include the CVE id
> in your changelog entry.
>
> Attached is a patch extracted from the upstream svn to fix
> this.
>
> For further information:
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6454
>
> Kind regards
> Nico






Bug no longer marked as fixed in version 0.1218+svn20071220+2. Request was from Romain Beauxis <toots@rastageeks.org> to control@bugs.debian.org. (Fri, 21 Dec 2007 12:21:05 GMT) Full text and rfc822 format available.

Bug marked as fixed in version 0.1218+svn20071220+2-1. Request was from Romain Beauxis <toots@rastageeks.org> to control@bugs.debian.org. (Fri, 21 Dec 2007 12:21:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Romain Beauxis <toots@rastageeks.org>:
Bug#457300; Package peercast. Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Romain Beauxis <toots@rastageeks.org>. Full text and rfc822 format available.

Message #19 received at 457300@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: 457300@bugs.debian.org
Subject: Re: Bug#457300 closed by Romain Beauxis <toots@rastageeks.org> (Re: Bug#457300: peercast: CVE-2007-6454 heap-based buffer overflow possibly leading to code execution)
Date: Fri, 21 Dec 2007 13:25:56 +0100
[Message part 1 (text/plain, inline)]
Hi,
> This fix was uploaded yesterday !

Cool thanks! I just fetched the package with apt-get source 
and had to old version :(

> Should we prepare a backport for current etch package ?

Please contact team@security.debian.org, this could be a 
candidate for a DSA. I will watch the migration to testing 
and prepare a testing-security update if I encounter any 
problems with it.

Kind regards
Nico

P.S. Why on earth did the peercast people reimplement the 
c++ String class? ;-P
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]

Reply sent to Romain Beauxis <toots@rastageeks.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #24 received at 457300-close@bugs.debian.org (full text, mbox):

From: Romain Beauxis <toots@rastageeks.org>
To: 457300-close@bugs.debian.org
Subject: Bug#457300: fixed in peercast 0.1217.toots.20060314-1etch0
Date: Fri, 28 Dec 2007 19:52:19 +0000
Source: peercast
Source-Version: 0.1217.toots.20060314-1etch0

We believe that the bug you reported is fixed in the latest version of
peercast, which is due to be installed in the Debian FTP archive:

libpeercast0-dev_0.1217.toots.20060314-1etch0_amd64.deb
  to pool/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch0_amd64.deb
libpeercast0_0.1217.toots.20060314-1etch0_amd64.deb
  to pool/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch0_amd64.deb
peercast-handlers_0.1217.toots.20060314-1etch0_all.deb
  to pool/main/p/peercast/peercast-handlers_0.1217.toots.20060314-1etch0_all.deb
peercast-servent_0.1217.toots.20060314-1etch0_amd64.deb
  to pool/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch0_amd64.deb
peercast_0.1217.toots.20060314-1etch0.diff.gz
  to pool/main/p/peercast/peercast_0.1217.toots.20060314-1etch0.diff.gz
peercast_0.1217.toots.20060314-1etch0.dsc
  to pool/main/p/peercast/peercast_0.1217.toots.20060314-1etch0.dsc
peercast_0.1217.toots.20060314-1etch0_amd64.deb
  to pool/main/p/peercast/peercast_0.1217.toots.20060314-1etch0_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 457300@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Romain Beauxis <toots@rastageeks.org> (supplier of updated peercast package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 21 Dec 2007 16:40:20 +0100
Source: peercast
Binary: libpeercast0 peercast-handlers peercast-servent peercast libpeercast0-dev
Architecture: source amd64 all
Version: 0.1217.toots.20060314-1etch0
Distribution: stable-security
Urgency: high
Maintainer: Romain Beauxis <toots@rastageeks.org>
Changed-By: Romain Beauxis <toots@rastageeks.org>
Description: 
 libpeercast0 - P2P audio and video streaming server libraries
 libpeercast0-dev - P2P audio and video streaming server -- development
 peercast   - P2P audio and video streaming server metapackage
 peercast-handlers - P2P audio and video streaming handlers
 peercast-servent - P2P audio and video streaming servent
Closes: 457300
Changes: 
 peercast (0.1217.toots.20060314-1etch0) stable-security; urgency=high
 .
   * Fixed CVE-2007-6454:
     | Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp
     | in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote
     | attackers to cause a denial of service and possibly execute arbitrary
     | code via a long SOURCE request.
     Closes: #457300
Files: 
 153071edd20929f6113345ed9d127853 778 sound optional peercast_0.1217.toots.20060314-1etch0.dsc
 d9e83aa7e66f4d3b160d7c4c8b2a3a4f 534016 sound optional peercast_0.1217.toots.20060314.orig.tar.gz
 2f7264e5f9bdff6eb74cfe6b26496534 6276 sound optional peercast_0.1217.toots.20060314-1etch0.diff.gz
 8063dd0125fdc41505554387b433fa91 6644 sound optional peercast-handlers_0.1217.toots.20060314-1etch0_all.deb
 3f4ed56979f0a071eb32a0b7d06d06ad 2710 sound optional peercast_0.1217.toots.20060314-1etch0_amd64.deb
 73d27cd6c28cbf5fd6e8bd29645e6e7d 50586 sound optional peercast-servent_0.1217.toots.20060314-1etch0_amd64.deb
 b7861763bffb0c495e96e3bb23155e4e 171950 libs optional libpeercast0_0.1217.toots.20060314-1etch0_amd64.deb
 17c96525ac00cbfe172c6dbf78495649 323544 libdevel optional libpeercast0-dev_0.1217.toots.20060314-1etch0_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHcQ/NnuQ3Rt5ZmAARAlVAAJ4vC3WqOkv1MYkDQiyACGZul2HkAwCgneL9
45lJpb+YyTb9jatNKHQsrdE=
=lcrd
-----END PGP SIGNATURE-----





Reply sent to Romain Beauxis <toots@rastageeks.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #29 received at 457300-close@bugs.debian.org (full text, mbox):

From: Romain Beauxis <toots@rastageeks.org>
To: 457300-close@bugs.debian.org
Subject: Bug#457300: fixed in peercast 0.1217.toots.20060314-1etch0
Date: Sat, 16 Feb 2008 12:17:24 +0000
Source: peercast
Source-Version: 0.1217.toots.20060314-1etch0

We believe that the bug you reported is fixed in the latest version of
peercast, which is due to be installed in the Debian FTP archive:

libpeercast0-dev_0.1217.toots.20060314-1etch0_amd64.deb
  to pool/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch0_amd64.deb
libpeercast0_0.1217.toots.20060314-1etch0_amd64.deb
  to pool/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch0_amd64.deb
peercast-handlers_0.1217.toots.20060314-1etch0_all.deb
  to pool/main/p/peercast/peercast-handlers_0.1217.toots.20060314-1etch0_all.deb
peercast-servent_0.1217.toots.20060314-1etch0_amd64.deb
  to pool/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch0_amd64.deb
peercast_0.1217.toots.20060314-1etch0.diff.gz
  to pool/main/p/peercast/peercast_0.1217.toots.20060314-1etch0.diff.gz
peercast_0.1217.toots.20060314-1etch0.dsc
  to pool/main/p/peercast/peercast_0.1217.toots.20060314-1etch0.dsc
peercast_0.1217.toots.20060314-1etch0_amd64.deb
  to pool/main/p/peercast/peercast_0.1217.toots.20060314-1etch0_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 457300@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Romain Beauxis <toots@rastageeks.org> (supplier of updated peercast package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 21 Dec 2007 16:40:20 +0100
Source: peercast
Binary: libpeercast0 peercast-handlers peercast-servent peercast libpeercast0-dev
Architecture: source amd64 all
Version: 0.1217.toots.20060314-1etch0
Distribution: stable-security
Urgency: high
Maintainer: Romain Beauxis <toots@rastageeks.org>
Changed-By: Romain Beauxis <toots@rastageeks.org>
Description: 
 libpeercast0 - P2P audio and video streaming server libraries
 libpeercast0-dev - P2P audio and video streaming server -- development
 peercast   - P2P audio and video streaming server metapackage
 peercast-handlers - P2P audio and video streaming handlers
 peercast-servent - P2P audio and video streaming servent
Closes: 457300
Changes: 
 peercast (0.1217.toots.20060314-1etch0) stable-security; urgency=high
 .
   * Fixed CVE-2007-6454:
     | Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp
     | in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote
     | attackers to cause a denial of service and possibly execute arbitrary
     | code via a long SOURCE request.
     Closes: #457300
Files: 
 153071edd20929f6113345ed9d127853 778 sound optional peercast_0.1217.toots.20060314-1etch0.dsc
 d9e83aa7e66f4d3b160d7c4c8b2a3a4f 534016 sound optional peercast_0.1217.toots.20060314.orig.tar.gz
 2f7264e5f9bdff6eb74cfe6b26496534 6276 sound optional peercast_0.1217.toots.20060314-1etch0.diff.gz
 8063dd0125fdc41505554387b433fa91 6644 sound optional peercast-handlers_0.1217.toots.20060314-1etch0_all.deb
 3f4ed56979f0a071eb32a0b7d06d06ad 2710 sound optional peercast_0.1217.toots.20060314-1etch0_amd64.deb
 73d27cd6c28cbf5fd6e8bd29645e6e7d 50586 sound optional peercast-servent_0.1217.toots.20060314-1etch0_amd64.deb
 b7861763bffb0c495e96e3bb23155e4e 171950 libs optional libpeercast0_0.1217.toots.20060314-1etch0_amd64.deb
 17c96525ac00cbfe172c6dbf78495649 323544 libdevel optional libpeercast0-dev_0.1217.toots.20060314-1etch0_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHcQ/NnuQ3Rt5ZmAARAlVAAJ4vC3WqOkv1MYkDQiyACGZul2HkAwCgneL9
45lJpb+YyTb9jatNKHQsrdE=
=lcrd
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 16 Feb 2009 07:36:44 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 11:29:50 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.