Debian Bug report logs - #654785
CVE-2011-4620: Buffer overflow

version graph

Package: src:plib; Maintainer for src:plib is Debian QA Group <packages@qa.debian.org>;

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Thu, 5 Jan 2012 18:51:24 UTC

Severity: grave

Tags: security

Found in version 1.8.5-5

Fixed in versions plib/1.8.5-5.1, plib/1.8.5-5+squeeze1

Done: Aron Xu <aron@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Bradley Smith <bradsmith@debian.org>:
Bug#654785; Package src:plib. (Thu, 05 Jan 2012 18:51:26 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Bradley Smith <bradsmith@debian.org>. (Thu, 05 Jan 2012 18:51:26 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2011-4620: Buffer overflow
Date: Thu, 05 Jan 2012 19:52:31 +0100
Source: plib
Severity: grave
Tags: security

Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4620 
for references.

Cheers,
        Moritz




Information forwarded to debian-bugs-dist@lists.debian.org, Bradley Smith <bradsmith@debian.org>:
Bug#654785; Package src:plib. (Sun, 15 Jan 2012 19:27:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to Luk Claes <luk@debian.org>:
Extra info received and forwarded to list. Copy sent to Bradley Smith <bradsmith@debian.org>. (Sun, 15 Jan 2012 19:27:09 GMT) Full text and rfc822 format available.

Message #10 received at 654785@bugs.debian.org (full text, mbox):

From: Luk Claes <luk@debian.org>
To: 654785@bugs.debian.org
Subject: plib: diff for NMU version 1.8.5-5.1
Date: Sun, 15 Jan 2012 20:24:06 +0100
[Message part 1 (text/plain, inline)]
Package: plib
Version: 1.8.5-5
Severity: normal
Tags: patch pending

Dear maintainer,

I've prepared an NMU for plib (versioned as 1.8.5-5.1) and
uploaded it to DELAYED/02. Please feel free to tell me if I
should delay it longer.

Cheers

Luk
[plib-1.8.5-5.1-nmu.diff (text/x-diff, attachment)]

Reply sent to Luk Claes <luk@debian.org>:
You have taken responsibility. (Tue, 17 Jan 2012 19:51:13 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Tue, 17 Jan 2012 19:51:14 GMT) Full text and rfc822 format available.

Message #15 received at 654785-close@bugs.debian.org (full text, mbox):

From: Luk Claes <luk@debian.org>
To: 654785-close@bugs.debian.org
Subject: Bug#654785: fixed in plib 1.8.5-5.1
Date: Tue, 17 Jan 2012 19:49:16 +0000
Source: plib
Source-Version: 1.8.5-5.1

We believe that the bug you reported is fixed in the latest version of
plib, which is due to be installed in the Debian FTP archive:

libplib-dev_1.8.5-5.1_i386.deb
  to main/p/plib/libplib-dev_1.8.5-5.1_i386.deb
libplib1_1.8.5-5.1_i386.deb
  to main/p/plib/libplib1_1.8.5-5.1_i386.deb
plib_1.8.5-5.1.diff.gz
  to main/p/plib/plib_1.8.5-5.1.diff.gz
plib_1.8.5-5.1.dsc
  to main/p/plib/plib_1.8.5-5.1.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 654785@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luk Claes <luk@debian.org> (supplier of updated plib package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 15 Jan 2012 20:13:07 +0100
Source: plib
Binary: libplib1 libplib-dev
Architecture: source i386
Version: 1.8.5-5.1
Distribution: unstable
Urgency: high
Maintainer: Bradley Smith <bradsmith@debian.org>
Changed-By: Luk Claes <luk@debian.org>
Description: 
 libplib-dev - Portability Libraries: Development package
 libplib1   - Portability Libraries: Run-time package
Closes: 633178 654785
Changes: 
 plib (1.8.5-5.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Use vsnprintf to fix buffer overflow CVE-2011-4620 (Closes: #654785).
   * Don't install .la file anymore (Closes: #633178).
Checksums-Sha1: 
 9ea096a2000ad951a9791c1025d3f802d81ba645 1297 plib_1.8.5-5.1.dsc
 952a3ecd049ec7e1aa021f5d726ea61281eb9b94 9855 plib_1.8.5-5.1.diff.gz
 dc3fc234ee21a29f683eb24b402d530713bd8ae5 645804 libplib1_1.8.5-5.1_i386.deb
 63bc5eca85da452934896a25055fc43828c350d2 857360 libplib-dev_1.8.5-5.1_i386.deb
Checksums-Sha256: 
 c8b8199d4dedb03326f2c7c0ab8c659bf9f475aaea0f6c4c447e93edef43ead3 1297 plib_1.8.5-5.1.dsc
 ad93f34e86b8dd02be59a7105b77d7262a970b766e65b83b808c5f559189f0a0 9855 plib_1.8.5-5.1.diff.gz
 7d2ff84baf78518720040c7ca8a2818775bbe6cd92cfc8bdee5db1dbad99859b 645804 libplib1_1.8.5-5.1_i386.deb
 4b764bc560cf82ae6d3df7d1e897730ce9a32f62cc2b5c8b62de10471d67af6d 857360 libplib-dev_1.8.5-5.1_i386.deb
Files: 
 bcf9575cc57083216f698469bc750169 1297 devel extra plib_1.8.5-5.1.dsc
 348d9d4163b23efb1ef0e229bfb6b12d 9855 devel extra plib_1.8.5-5.1.diff.gz
 90fd46c7b0a0340f0aae6fca07aff64c 645804 libs extra libplib1_1.8.5-5.1_i386.deb
 03b08ecef3e41e29454ced24a967af3b 857360 libdevel extra libplib-dev_1.8.5-5.1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk8TJ+IACgkQ5UTeB5t8Mo1B6gCeLGC89+yca1WpudNs8+W/0OL1
H6oAn2ngBp7UaODPDc9KNyZuLBWh+TDF
=xkrE
-----END PGP SIGNATURE-----





Reply sent to Aron Xu <aron@debian.org>:
You have taken responsibility. (Sun, 04 Mar 2012 22:51:07 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Sun, 04 Mar 2012 22:51:07 GMT) Full text and rfc822 format available.

Message #20 received at 654785-close@bugs.debian.org (full text, mbox):

From: Aron Xu <aron@debian.org>
To: 654785-close@bugs.debian.org
Subject: Bug#654785: fixed in plib 1.8.5-5+squeeze1
Date: Sun, 04 Mar 2012 22:47:09 +0000
Source: plib
Source-Version: 1.8.5-5+squeeze1

We believe that the bug you reported is fixed in the latest version of
plib, which is due to be installed in the Debian FTP archive:

libplib-dev_1.8.5-5+squeeze1_amd64.deb
  to main/p/plib/libplib-dev_1.8.5-5+squeeze1_amd64.deb
libplib1_1.8.5-5+squeeze1_amd64.deb
  to main/p/plib/libplib1_1.8.5-5+squeeze1_amd64.deb
plib_1.8.5-5+squeeze1.diff.gz
  to main/p/plib/plib_1.8.5-5+squeeze1.diff.gz
plib_1.8.5-5+squeeze1.dsc
  to main/p/plib/plib_1.8.5-5+squeeze1.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 654785@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aron Xu <aron@debian.org> (supplier of updated plib package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 01 Mar 2012 20:39:21 +0800
Source: plib
Binary: libplib1 libplib-dev
Architecture: source amd64
Version: 1.8.5-5+squeeze1
Distribution: stable-security
Urgency: high
Maintainer: Bradley Smith <bradsmith@debian.org>
Changed-By: Aron Xu <aron@debian.org>
Description: 
 libplib-dev - Portability Libraries: Development package
 libplib1   - Portability Libraries: Run-time package
Closes: 654785
Changes: 
 plib (1.8.5-5+squeeze1) stable-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Use vsnprintf to fix buffer overflow CVE-2011-4620 (Closes: #654785).
Checksums-Sha1: 
 f973bdd0d171298153245dd2e6a6abd62b81f827 1550 plib_1.8.5-5+squeeze1.dsc
 c2cf7e3e1e58f7b63dae4bb21e4fa82c3e4d4cfc 779133 plib_1.8.5.orig.tar.gz
 5fce9466c9208783c91c83017a478fc65526ca65 10028 plib_1.8.5-5+squeeze1.diff.gz
 74351f525659e9f5cc582907c04bcb7bcd6850ba 643686 libplib1_1.8.5-5+squeeze1_amd64.deb
 abf94656310d647b739d8c3a9a9ee56c3e640eee 933860 libplib-dev_1.8.5-5+squeeze1_amd64.deb
Checksums-Sha256: 
 2d42d73c94dbef8ef49fef597ef3971d265741b1d04b4c7bdac3925c6f31a307 1550 plib_1.8.5-5+squeeze1.dsc
 485b22bf6fdc0da067e34ead5e26f002b76326f6371e2ae006415dea6a380a32 779133 plib_1.8.5.orig.tar.gz
 88d5d67f9bb5f1628536dd1264614b1ab737db7af7c711746565ac6ff1e3377b 10028 plib_1.8.5-5+squeeze1.diff.gz
 cf7a5dc153d65edf02b2db6460a0a940951bb49e95c553055135d59b74ea58d4 643686 libplib1_1.8.5-5+squeeze1_amd64.deb
 6a3f5bda4a35d788415f18807ceab8486697c3430b3d676e01d74b219306c67c 933860 libplib-dev_1.8.5-5+squeeze1_amd64.deb
Files: 
 ae02ad1184ace2a0fd417df32d586556 1550 devel extra plib_1.8.5-5+squeeze1.dsc
 47a6fbf63668c1eed631024038b2ea90 779133 devel extra plib_1.8.5.orig.tar.gz
 30d96b19bc1fe7f5d790c30778d9a5af 10028 devel extra plib_1.8.5-5+squeeze1.diff.gz
 37c392a09e57d454a86780fe3241d662 643686 libs extra libplib1_1.8.5-5+squeeze1_amd64.deb
 cdcf7d0fccc79cc44b2b386c7a53431e 933860 libdevel extra libplib-dev_1.8.5-5+squeeze1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBCgAGBQJPU6Z8AAoJEIAhAkTu07wNdQwIANQFZFO79oXqwtQcLtF0EEb8
XqZLG3lbVDX2pBaVhRm2o350gm40Qd5gT6L0xLu7r2n9kt5h0hEEIqETyyW7wnV2
DE7dSWVZHDo+vXFghBH+5pV3PQiYagF/g4+5Oii46tHyWO3N94Sw1XQ1vjLoHj1H
aEl/dkzReYq6g6sBKwjwacQoNCsLDuOKvHTRpqJfAtR5+DpbDwk4wptw7rtrYgO3
NoOKZ1yb4M+lMz5ScIiGHja8PEdzzZdNeiy4vDI3T5ZDLo7lmSXxN72RUoV+xG0t
f1Hd1kqGS4V96Jg1+iZBhbOn6Xcp/R/W69aeNBpdBMHg/jiI25h7e9QjKaKfHQE=
=ojp/
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 13 May 2012 07:49:48 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 13:58:55 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.