Debian Bug report logs - #492742
CVE-2008-3252: buffer overflow

version graph

Package: newsx; Maintainer for newsx is (unknown);

Reported by: Steffen Joeris <steffen.joeris@skolelinux.de>

Date: Mon, 28 Jul 2008 15:12:02 UTC

Severity: grave

Tags: patch, security

Fixed in version newsx/1.6-3

Done: Andreas Metzler <ametzler@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Andreas Metzler <ametzler@debian.org>:
Bug#492742; Package newsx. Full text and rfc822 format available.

Acknowledgement sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Andreas Metzler <ametzler@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Steffen Joeris <steffen.joeris@skolelinux.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2008-3252: buffer overflow
Date: Tue, 29 Jul 2008 01:08:27 +1000
[Message part 1 (text/plain, inline)]
Package: newsx
Severity: grave
Tags: security, patch
Justification: user security hole

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for newsx.

CVE-2008-3252[0]:
| Stack-based buffer overflow in the read_article function in
| getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary
| code via a news article containing a large number of lines starting
| with a period.

There is a redhat bugreport[1] with more information and I've attached their patch.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3252
    http://security-tracker.debian.net/tracker/CVE-2008-3252

[1] https://bugzilla.redhat.com/show_bug.cgi?id=454483
[CVE-2008-3252.patch (text/x-diff, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Andreas Metzler <ametzler@debian.org>:
Bug#492742; Package newsx. Full text and rfc822 format available.

Acknowledgement sent to Andreas Metzler <ametzler@downhill.at.eu.org>:
Extra info received and forwarded to list. Copy sent to Andreas Metzler <ametzler@debian.org>. Full text and rfc822 format available.

Message #10 received at 492742@bugs.debian.org (full text, mbox):

From: Andreas Metzler <ametzler@downhill.at.eu.org>
To: Steffen Joeris <steffen.joeris@skolelinux.de>, 492742@bugs.debian.org
Subject: Re: Bug#492742: CVE-2008-3252: buffer overflow
Date: Mon, 28 Jul 2008 19:09:07 +0200
On 2008-07-28 Steffen Joeris <steffen.joeris@skolelinux.de> wrote:
> Package: newsx
> Severity: grave
> Tags: security, patch
> Justification: user security hole

> Hi,
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for newsx.

> CVE-2008-3252[0]:
> | Stack-based buffer overflow in the read_article function in
> | getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary
> | code via a news article containing a large number of lines starting
> | with a period.

> There is a redhat bugreport[1] with more information and I've
> attached their patch.

> If you fix the vulnerability please also make sure to include the
> CVE id in your changelog entry.
[...]

Thanks for a perfect bug report, will upload soon.
cu andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'




Reply sent to Andreas Metzler <ametzler@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #15 received at 492742-close@bugs.debian.org (full text, mbox):

From: Andreas Metzler <ametzler@debian.org>
To: 492742-close@bugs.debian.org
Subject: Bug#492742: fixed in newsx 1.6-3
Date: Mon, 28 Jul 2008 17:32:17 +0000
Source: newsx
Source-Version: 1.6-3

We believe that the bug you reported is fixed in the latest version of
newsx, which is due to be installed in the Debian FTP archive:

newsx_1.6-3.diff.gz
  to pool/main/n/newsx/newsx_1.6-3.diff.gz
newsx_1.6-3.dsc
  to pool/main/n/newsx/newsx_1.6-3.dsc
newsx_1.6-3_i386.deb
  to pool/main/n/newsx/newsx_1.6-3_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 492742@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Metzler <ametzler@debian.org> (supplier of updated newsx package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 28 Jul 2008 18:55:36 +0200
Source: newsx
Binary: newsx
Architecture: source i386
Version: 1.6-3
Distribution: unstable
Urgency: high
Maintainer: Andreas Metzler <ametzler@debian.org>
Changed-By: Andreas Metzler <ametzler@debian.org>
Description: 
 newsx      - An NNTP client for posting and fetching news
Closes: 492742
Changes: 
 newsx (1.6-3) unstable; urgency=high
 .
   * Fix CVE-2008-3252 buffer overflow (Closes: #492742) using the (one-line)
     patch from RedHat BZ#454483.
   * Acknowledge NMU, Thank you, Chris.
Checksums-Sha1: 
 31afbef9c506cd1621c2d73b3a01b5cb4c2213c2 991 newsx_1.6-3.dsc
 fe0fdc70f77898298bc752820c9cb6765857d4b2 105818 newsx_1.6-3.diff.gz
 7b44f0093e8294d13b2c55620d65878103e67a06 149238 newsx_1.6-3_i386.deb
Checksums-Sha256: 
 160de0d7138229205a5c0ef99267eabedb7ad391645e6697b8b71c5c670c6835 991 newsx_1.6-3.dsc
 35adbf99c4616d288641d9a24e94acc32389ac89e930ce0fc97bc922ce7c30e3 105818 newsx_1.6-3.diff.gz
 c1b7ba2fe5d9977f29763b98c668cb6332240cc4caba91d9a78247750b0ada62 149238 newsx_1.6-3_i386.deb
Files: 
 df1dcdc8fba9eb02edb304b1fb257dea 991 news extra newsx_1.6-3.dsc
 0d6afc8f148a6d352a1d2da3cc45f244 105818 news extra newsx_1.6-3.diff.gz
 c7e25fd7a769f1e21f1b7afdcf812a76 149238 news extra newsx_1.6-3_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIjf9yHTOcZYuNdmMRApVOAJ96zQ5l+lRelif6DEfqIuRrzOremwCfd+W5
nYXvSR2QBd9y+1YLeQ4hr1s=
=toWv
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 16 Mar 2009 08:49:38 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 24 04:53:44 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.