Debian Bug report logs - #631344
opie: off by one in opiesu

version graph

Package: opie; Maintainer for opie is Michael Stone <>;

Reported by: Luciano Bello <>

Date: Thu, 23 Jun 2011 03:06:02 UTC

Severity: serious

Fixed in version opie/2.32.dfsg.1-0.2+squeeze1

Done: Steffen Joeris <>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to, Michael Stone <>:
Bug#631344; Package opie. (Thu, 23 Jun 2011 03:06:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Luciano Bello <>:
New Bug report received and forwarded. Copy sent to Michael Stone <>. (Thu, 23 Jun 2011 03:06:05 GMT) Full text and rfc822 format available.

Message #5 received at (full text, mbox):

From: Luciano Bello <>
Subject: opie: off by one in opiesu
Date: Thu, 23 Jun 2011 00:02:31 -0300
Package: opie
Severity: serious
Tags: important

  A security bug has been reported in opiesu[1]. A patch by Novell is can be 
found here:

Please, considerer port this patch for stable and oldstable.

Thanks a lot for all your help,



Reply sent to Steffen Joeris <>:
You have taken responsibility. (Fri, 22 Jul 2011 20:00:08 GMT) Full text and rfc822 format available.

Notification sent to Luciano Bello <>:
Bug acknowledged by developer. (Fri, 22 Jul 2011 20:00:08 GMT) Full text and rfc822 format available.

Message #10 received at (full text, mbox):

From: Steffen Joeris <>
Subject: Bug#631344: fixed in opie 2.32.dfsg.1-0.2+squeeze1
Date: Fri, 22 Jul 2011 19:56:49 +0000
Source: opie
Source-Version: 2.32.dfsg.1-0.2+squeeze1

We believe that the bug you reported is fixed in the latest version of
opie, which is due to be installed in the Debian FTP archive:

  to main/o/opie/libopie-dev_2.32.dfsg.1-0.2+squeeze1_amd64.deb
  to main/o/opie/opie-client_2.32.dfsg.1-0.2+squeeze1_amd64.deb
  to main/o/opie/opie-server_2.32.dfsg.1-0.2+squeeze1_amd64.deb
  to main/o/opie/opie_2.32.dfsg.1-0.2+squeeze1.diff.gz
  to main/o/opie/opie_2.32.dfsg.1-0.2+squeeze1.dsc

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Steffen Joeris <> (supplier of updated opie package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing

Hash: SHA1

Format: 1.8
Date: Tue, 19 Jul 2011 22:21:04 +1000
Source: opie
Binary: opie-client opie-server libopie-dev
Architecture: source amd64
Version: 2.32.dfsg.1-0.2+squeeze1
Distribution: stable-security
Urgency: high
Maintainer: Michael Stone <>
Changed-By: Steffen Joeris <>
 libopie-dev - OPIE library development files.
 opie-client - OPIE programs for generating OTPs on client machines
 opie-server - OPIE programs for maintaining an OTP key file
Closes: 631344 631345
 opie (2.32.dfsg.1-0.2+squeeze1) stable-security; urgency=high
   * Non-maintainer upload by the security team
   * Fix off-by-one and privilege escalation via missing check for
     setuid() (Closes: #631344, #631345)
     Fixes: CVE-2011-2489 CVE-2011-2490
 536316d93cd23eb3b508b11aeaeb689fe7cfe834 1060 opie_2.32.dfsg.1-0.2+squeeze1.dsc
 111e543d61c94c005b41283adbf3789053d98fce 158349 opie_2.32.dfsg.1.orig.tar.gz
 675cded4faa1136ec8ae6a1a9e7906d47de11cf3 14774 opie_2.32.dfsg.1-0.2+squeeze1.diff.gz
 6234370a18d1c6835b1de560cf423a14e7494dbe 43824 opie-client_2.32.dfsg.1-0.2+squeeze1_amd64.deb
 83a2bdd11c2cabaab59d618e2af6b3cb9f3c4137 46838 opie-server_2.32.dfsg.1-0.2+squeeze1_amd64.deb
 eea9aba861766325a2dfec78fc149218daf95782 31972 libopie-dev_2.32.dfsg.1-0.2+squeeze1_amd64.deb
 b8e48e63704c2e640748739373ed26365c5f727ffc23b82d5db3c9821bd9e93c 1060 opie_2.32.dfsg.1-0.2+squeeze1.dsc
 6472b5214a031330b933a2b2ffbdab08054093eb4ca283f97284b04319d1060b 158349 opie_2.32.dfsg.1.orig.tar.gz
 cd2816e294c666ea51f3b2a914916164c50cbaf4e4ec33c4c5aae1326f919e07 14774 opie_2.32.dfsg.1-0.2+squeeze1.diff.gz
 07f2f03cde1c8fe10f9a567c4a540d5cf81205b47a1b2beb02745437dcc5f59e 43824 opie-client_2.32.dfsg.1-0.2+squeeze1_amd64.deb
 acf66e0402b4fac480ead3fc02660881b548e392fde01c50d3f8703b2a576d53 46838 opie-server_2.32.dfsg.1-0.2+squeeze1_amd64.deb
 5143e7ea7550d2931d4827f4b9bff4e0b67141856b717bba301362534c2f9c7a 31972 libopie-dev_2.32.dfsg.1-0.2+squeeze1_amd64.deb
 654a8c11fecc0bacbf75305b51acf5c2 1060 admin optional opie_2.32.dfsg.1-0.2+squeeze1.dsc
 fc269281acbb567839589aa46bce3335 158349 admin optional opie_2.32.dfsg.1.orig.tar.gz
 fcb7224dc128e1e08073e19d12f878b2 14774 admin optional opie_2.32.dfsg.1-0.2+squeeze1.diff.gz
 3378dd8a9ebfeedf5884bf0ecb337013 43824 admin optional opie-client_2.32.dfsg.1-0.2+squeeze1_amd64.deb
 240843f4be99218e6b19c7061c60430c 46838 admin optional opie-server_2.32.dfsg.1-0.2+squeeze1_amd64.deb
 a970f8fa69eab2ea6501c82b7348d52f 31972 devel optional libopie-dev_2.32.dfsg.1-0.2+squeeze1_amd64.deb

Version: GnuPG v1.4.11 (GNU/Linux)


Bug archived. Request was from Debbugs Internal Request <> to (Sun, 06 Nov 2011 07:36:31 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.

Debian bug tracking system administrator <>. Last modified: Sun Apr 20 16:21:23 2014; Machine Name:

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.