Debian Bug report logs - #631161
kfreebsd-8: cve-2011-2480 info disclosure

version graph

Package: kfreebsd-8; Maintainer for kfreebsd-8 is GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>;

Reported by: Michael Gilbert <michael.s.gilbert@gmail.com>

Date: Mon, 20 Jun 2011 21:51:05 UTC

Severity: important

Tags: security

Found in version 8.1

Fixed in version kfreebsd-8/8.2-3

Done: Petr Salinger <Petr.Salinger@seznam.cz>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>:
Bug#631161; Package kfreebsd-8. (Mon, 20 Jun 2011 21:51:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
New Bug report received and forwarded. Copy sent to GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>. (Mon, 20 Jun 2011 21:51:08 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Michael Gilbert <michael.s.gilbert@gmail.com>
To: submit@bugs.debian.org
Subject: kfreebsd-8: cve-2011-2480 info disclosure
Date: Mon, 20 Jun 2011 17:49:59 -0400
package: kfreebsd-8
version: 8.1
severity: important
tags: security

a vulnerability has been disclosed for freebsd.  the affected code is
present in the kfreebsd-8 package:
http://openwall.com/lists/oss-security/2011/06/16/1




Information forwarded to debian-bugs-dist@lists.debian.org, GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>:
Bug#631161; Package kfreebsd-8. (Mon, 20 Jun 2011 23:06:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Robert Millan <rmh@debian.org>:
Extra info received and forwarded to list. Copy sent to GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>. (Mon, 20 Jun 2011 23:06:03 GMT) Full text and rfc822 format available.

Message #10 received at 631161@bugs.debian.org (full text, mbox):

From: Robert Millan <rmh@debian.org>
To: Michael Gilbert <michael.s.gilbert@gmail.com>, 631161@bugs.debian.org
Subject: Re: Bug#631161: kfreebsd-8: cve-2011-2480 info disclosure
Date: Tue, 21 Jun 2011 01:01:59 +0200
2011/6/20 Michael Gilbert <michael.s.gilbert@gmail.com>:
> http://openwall.com/lists/oss-security/2011/06/16/1

"The issue only affects certain non-x86 architectures,
such as SPARC."

-- 
Robert Millan




Information forwarded to debian-bugs-dist@lists.debian.org, GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>:
Bug#631161; Package kfreebsd-8. (Mon, 20 Jun 2011 23:24:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
Extra info received and forwarded to list. Copy sent to GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>. (Mon, 20 Jun 2011 23:24:07 GMT) Full text and rfc822 format available.

Message #15 received at 631161@bugs.debian.org (full text, mbox):

From: Michael Gilbert <michael.s.gilbert@gmail.com>
To: 631161@bugs.debian.org
Subject: Re: Bug#631161: kfreebsd-8: cve-2011-2480 info disclosure
Date: Mon, 20 Jun 2011 19:24:06 -0400
Robert Millan wrote:

> 2011/6/20 Michael Gilbert <michael.s.gilbert@gmail.com>:
> > http://openwall.com/lists/oss-security/2011/06/16/1
> 
> "The issue only affects certain non-x86 architectures,
> such as SPARC."

looking at the commit itself [0], i find Dan's conclusion rather
surprising. the affected code is in the 802.11 stack, so it seems like
it should be platform-independent.  i doubt x86 is any better at
handling signedness issues, but i suppose i could be missing something.

best wishes,
mike

[0] http://svnweb.freebsd.org/base?view=revision&revision=223145




Information forwarded to debian-bugs-dist@lists.debian.org, GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>:
Bug#631161; Package kfreebsd-8. (Sat, 25 Jun 2011 11:58:17 GMT) Full text and rfc822 format available.

Acknowledgement sent to Robert Millan <rmh@debian.org>:
Extra info received and forwarded to list. Copy sent to GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>. (Sat, 25 Jun 2011 11:58:17 GMT) Full text and rfc822 format available.

Message #20 received at 631161@bugs.debian.org (full text, mbox):

From: Robert Millan <rmh@debian.org>
To: Michael Gilbert <michael.s.gilbert@gmail.com>, 631161@bugs.debian.org
Cc: debian-security@lists.debian.org
Subject: Re: Bug#631161: kfreebsd-8: cve-2011-2480 info disclosure
Date: Sat, 25 Jun 2011 13:32:42 +0200
[Message part 1 (text/plain, inline)]
2011/6/21 Michael Gilbert <michael.s.gilbert@gmail.com>:
> looking at the commit itself [0], i find Dan's conclusion rather
> surprising. the affected code is in the 802.11 stack, so it seems like
> it should be platform-independent.  i doubt x86 is any better at
> handling signedness issues, but i suppose i could be missing something.

Fix uploaded to unstable and experimental.

debian-security: Patch is available in r3480 in glibc-bsd SVN (attached
for your convenience).

-- 
Robert Millan
[r3480.diff (text/plain, attachment)]

Reply sent to Robert Millan <rmh@debian.org>:
You have taken responsibility. (Sun, 18 Sep 2011 08:40:38 GMT) Full text and rfc822 format available.

Notification sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer. (Sun, 18 Sep 2011 08:40:39 GMT) Full text and rfc822 format available.

Message #25 received at 631161-done@bugs.debian.org (full text, mbox):

From: Robert Millan <rmh@debian.org>
To: 631161-done@bugs.debian.org
Subject: this was fixed in June
Date: Sun, 18 Sep 2011 10:37:57 +0200
Fixed: 8.2-3

-- 
Robert Millan




Reply sent to Petr Salinger <Petr.Salinger@seznam.cz>:
You have taken responsibility. (Sun, 18 Sep 2011 09:28:24 GMT) Full text and rfc822 format available.

Notification sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer. (Sun, 18 Sep 2011 09:28:25 GMT) Full text and rfc822 format available.

Message #30 received at 631161-close@bugs.debian.org (full text, mbox):

From: Petr Salinger <Petr.Salinger@seznam.cz>
To: 631161-close@bugs.debian.org
Subject: Re: Bug#631161: marked as done
Date: Sun, 18 Sep 2011 11:36:35 +0200 (CEST)
Source: kfreebsd-8
Source-Version: 8.2-3
Version: 8.2-3

kfreebsd-8 (8.2-3) unstable; urgency=medium
 .
   * Fix net802.11 stack kernel memory disclosure (CVE-2011-2480).
     (Closes: #631160)
     - 000_net80211_disclosure.diff

The 631160 have been reported against kfreebsd-9
and 631161 have been reported against kfreebsd-8,
both are CVE-2011-2480.

Petr





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 17 Nov 2011 07:36:22 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 25 08:03:43 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.