Debian Bug report logs - #591443
CVE-2010-2799: Stack overflow by lexical scanning of nested character patterns

version graph

Package: socat; Maintainer for socat is Chris Taylor <ctaylor@debian.org>; Source for socat is src:socat.

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Tue, 3 Aug 2010 06:03:02 UTC

Severity: grave

Tags: security

Fixed in versions socat/1.7.1.3-1, socat/1.6.0.1-1+lenny1

Done: Luciano Bello <luciano@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Chris Taylor <ctaylor@debian.org>:
Bug#591443; Package socat. (Tue, 03 Aug 2010 06:03:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Chris Taylor <ctaylor@debian.org>. (Tue, 03 Aug 2010 06:03:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2010-2799: Stack overflow by lexical scanning of nested character patterns
Date: Tue, 03 Aug 2010 01:58:58 -0400
Package: socat
Severity: grave
Tags: security

This is CVE-2010-2799:
http://www.dest-unreach.org/socat/contrib/socat-secadv2.html

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages socat depends on:
ii  libc6                         2.11.2-2   Embedded GNU C Library: Shared lib
ii  libreadline5                  5.2-7      GNU readline and history libraries
ii  libssl0.9.8                   0.9.8o-1   SSL shared libraries
ii  libwrap0                      7.6.q-19   Wietse Venema's TCP wrappers libra

socat recommends no packages.

socat suggests no packages.




Reply sent to Chris Taylor <ctaylor@debian.org>:
You have taken responsibility. (Tue, 03 Aug 2010 09:15:14 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Tue, 03 Aug 2010 09:15:14 GMT) Full text and rfc822 format available.

Message #10 received at 591443-close@bugs.debian.org (full text, mbox):

From: Chris Taylor <ctaylor@debian.org>
To: 591443-close@bugs.debian.org
Subject: Bug#591443: fixed in socat 1.7.1.3-1
Date: Tue, 03 Aug 2010 09:10:48 +0000
Source: socat
Source-Version: 1.7.1.3-1

We believe that the bug you reported is fixed in the latest version of
socat, which is due to be installed in the Debian FTP archive:

socat_1.7.1.3-1.debian.tar.gz
  to main/s/socat/socat_1.7.1.3-1.debian.tar.gz
socat_1.7.1.3-1.dsc
  to main/s/socat/socat_1.7.1.3-1.dsc
socat_1.7.1.3-1_amd64.deb
  to main/s/socat/socat_1.7.1.3-1_amd64.deb
socat_1.7.1.3.orig.tar.gz
  to main/s/socat/socat_1.7.1.3.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 591443@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Chris Taylor <ctaylor@debian.org> (supplier of updated socat package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 03 Aug 2010 06:07:55 +0000
Source: socat
Binary: socat
Architecture: source amd64
Version: 1.7.1.3-1
Distribution: unstable
Urgency: low
Maintainer: Chris Taylor <ctaylor@debian.org>
Changed-By: Chris Taylor <ctaylor@debian.org>
Description: 
 socat      - multipurpose relay for bidirectional data transfer
Closes: 591443
Changes: 
 socat (1.7.1.3-1) unstable; urgency=low
 .
   * New upstream release.
   * Upstream release fixes CVE-2010-2799 (Closes: #591443)
   * Bump Standards-Version.
Checksums-Sha1: 
 f369054ab1ab001949f6797612b7f7c9687db00c 1071 socat_1.7.1.3-1.dsc
 5a42275da0d8a5182452b36535a74c3cdf21793b 553489 socat_1.7.1.3.orig.tar.gz
 f8c0a36b0dc3bf1bd97ae6f2e401740017fd2a39 11542 socat_1.7.1.3-1.debian.tar.gz
 e57472ed39fff8a167e1a8037b1b2d801b8d95ae 381808 socat_1.7.1.3-1_amd64.deb
Checksums-Sha256: 
 be271e001adbb49ee0fafa8f552cea0ea7b5a911d2556e9d7251618307c0a392 1071 socat_1.7.1.3-1.dsc
 d6c2e6cae5e790c5fd875c19818c1be14234afe5a137fd78663cb85f828c4976 553489 socat_1.7.1.3.orig.tar.gz
 599906b9fa279af849685389b5ad4a0deeccebccd67779d8a44be0f2fb6a41c2 11542 socat_1.7.1.3-1.debian.tar.gz
 922ef17b21d0181657597608ad791100145247eaf250ed8ea16213fcb68c6325 381808 socat_1.7.1.3-1_amd64.deb
Files: 
 a3fbc3fb952c7c72fc3c77d977bee71e 1071 net extra socat_1.7.1.3-1.dsc
 f5cd212c511725864c4b5e08a22d3366 553489 net extra socat_1.7.1.3.orig.tar.gz
 228bd27c944b8fc7d925d013fb572cfa 11542 net extra socat_1.7.1.3-1.debian.tar.gz
 2257d22ba3cd8effa155b1b9305564f7 381808 net extra socat_1.7.1.3-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkxXtvgACgkQLpNUoan9SCG64wCeOcoYZ6f5UQxItyTK46HQW4xm
bUkAn3XRtbFiWFbaDRnNNgGJKIWSn0EK
=eDaq
-----END PGP SIGNATURE-----





Reply sent to Luciano Bello <luciano@debian.org>:
You have taken responsibility. (Sat, 07 Aug 2010 08:00:03 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Sat, 07 Aug 2010 08:00:03 GMT) Full text and rfc822 format available.

Message #15 received at 591443-close@bugs.debian.org (full text, mbox):

From: Luciano Bello <luciano@debian.org>
To: 591443-close@bugs.debian.org
Subject: Bug#591443: fixed in socat 1.6.0.1-1+lenny1
Date: Sat, 07 Aug 2010 07:57:04 +0000
Source: socat
Source-Version: 1.6.0.1-1+lenny1

We believe that the bug you reported is fixed in the latest version of
socat, which is due to be installed in the Debian FTP archive:

socat_1.6.0.1-1+lenny1.diff.gz
  to main/s/socat/socat_1.6.0.1-1+lenny1.diff.gz
socat_1.6.0.1-1+lenny1.dsc
  to main/s/socat/socat_1.6.0.1-1+lenny1.dsc
socat_1.6.0.1-1+lenny1_i386.deb
  to main/s/socat/socat_1.6.0.1-1+lenny1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 591443@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luciano Bello <luciano@debian.org> (supplier of updated socat package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 03 Aug 2010 18:21:01 -0300
Source: socat
Binary: socat
Architecture: source i386
Version: 1.6.0.1-1+lenny1
Distribution: stable-security
Urgency: high
Maintainer: Thomas Seyrat <tomasera@debian.org>
Changed-By: Luciano Bello <luciano@debian.org>
Description: 
 socat      - multipurpose relay for bidirectional data transfer
Closes: 591443
Changes: 
 socat (1.6.0.1-1+lenny1) stable-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2010-2799: Stack overflow by lexical scanning of nested character
     patterns (closes: #591443)
Checksums-Sha1: 
 2fbed43b190735379ea147c7aead89805d9974f5 1013 socat_1.6.0.1-1+lenny1.dsc
 39ed55df397cdf7d8adaa26a60c22ebe3a6c0f0e 489105 socat_1.6.0.1.orig.tar.gz
 4b239e6937a6e94a21eaa45bbf2d1a7bd08bf08e 4381 socat_1.6.0.1-1+lenny1.diff.gz
 ed24386ba2e603e55d132b8a2b0a39129f0dbe44 316594 socat_1.6.0.1-1+lenny1_i386.deb
Checksums-Sha256: 
 a80e3f0b1e8d64516e38455a90c7cda7cf9987b94770664348eb03401a3c5b05 1013 socat_1.6.0.1-1+lenny1.dsc
 11b65ea9ac211a996ac9fd32f039a0e51390e9771d14e421bae17d9c3b634458 489105 socat_1.6.0.1.orig.tar.gz
 876f2373480b171bb724964d607bb923b1b1b01f9ce17c98b420fffc11a00908 4381 socat_1.6.0.1-1+lenny1.diff.gz
 60b04309bba8c150be42f69b3f7504e0116ffec1f30f2fb3e4c73f0be480cfa9 316594 socat_1.6.0.1-1+lenny1_i386.deb
Files: 
 157ca774934ca80c6a94c1b741a9093b 1013 net extra socat_1.6.0.1-1+lenny1.dsc
 5a6a1d1e398d5c4d32fa6515baf477af 489105 net extra socat_1.6.0.1.orig.tar.gz
 7e52b5124379d307c379b6ecf70284f0 4381 net extra socat_1.6.0.1-1+lenny1.diff.gz
 24c9775f51968d945266e7a28b9d103a 316594 net extra socat_1.6.0.1-1+lenny1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkxYrVAACgkQQWTRs4lLtHnr+wCgrELK4YGaippsTO4zHQhIX6xu
ZtIAoJ1JOVpEgSHKlBPSZL5hzVpUb2Oz
=W0B5
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 26 Jul 2011 07:36:03 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 14:17:28 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.