Debian Bug report logs - #657217
bip: buffer overflow (CVE-2012-0806)

version graph

Package: bip; Maintainer for bip is Pierre-Louis Bonicoli <pierre-louis.bonicoli@gmx.fr>; Source for bip is src:bip.

Reported by: Luciano Bello <luciano@debian.org>

Date: Tue, 24 Jan 2012 21:54:02 UTC

Severity: grave

Tags: patch, security

Fixed in versions 0.8.8-2, 0.8.2-1squeeze4

Done: Simon McVittie <smcv@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Pierre-Louis Bonicoli <pierre-louis.bonicoli@gmx.fr>:
Bug#657217; Package bip. (Tue, 24 Jan 2012 21:54:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Luciano Bello <luciano@debian.org>:
New Bug report received and forwarded. Copy sent to Pierre-Louis Bonicoli <pierre-louis.bonicoli@gmx.fr>. (Tue, 24 Jan 2012 21:54:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Luciano Bello <luciano@debian.org>
To: submit@bugs.debian.org
Subject: bip: buffer overflow (CVE-2012-0806)
Date: Tue, 24 Jan 2012 22:45:42 +0100
Package: bip
Severity: grave
Tags: security patch

The following vulnerability had been reported against bip: 
https://projects.duckcorp.org/issues/269

The patch can be found here: 
https://projects.duckcorp.org/projects/bip/repository/revisions/222a33cb84a2e52ad55a88900b7895bf9dd0262c

This bug is present in 0.8.8 and previous versions and, according to reporter, 
remote execution of code should be possible.

Please use CVE-2012-0806 for this issue.

/luciano




Reply sent to Simon McVittie <smcv@debian.org>:
You have taken responsibility. (Sat, 03 Mar 2012 13:45:09 GMT) Full text and rfc822 format available.

Notification sent to Luciano Bello <luciano@debian.org>:
Bug acknowledged by developer. (Sat, 03 Mar 2012 13:45:09 GMT) Full text and rfc822 format available.

Message #10 received at 657217-done@bugs.debian.org (full text, mbox):

From: Simon McVittie <smcv@debian.org>
To: Luciano Bello <luciano@debian.org>, 657217-done@bugs.debian.org
Subject: Re: Bug#657217: bip: buffer overflow (CVE-2012-0806)
Date: Sat, 3 Mar 2012 13:42:59 +0000
Version: 0.8.8-2

On Tue, 24 Jan 2012 at 22:45:42 +0100, Luciano Bello wrote:
> Please use CVE-2012-0806 for this issue.

The maintainer appears to have fixed this in 0.8.8-2 before this bug
was opened, so I'm closing the bug with version-tracking.

Thanks,
    S




Reply sent to Simon McVittie <smcv@debian.org>:
You have taken responsibility. (Sat, 03 Mar 2012 13:45:13 GMT) Full text and rfc822 format available.

Notification sent to Luciano Bello <luciano@debian.org>:
Bug acknowledged by developer. (Sat, 03 Mar 2012 13:45:13 GMT) Full text and rfc822 format available.

Message #15 received at 657217-done@bugs.debian.org (full text, mbox):

From: Simon McVittie <smcv@debian.org>
To: Luciano Bello <luciano@debian.org>, 657217-done@bugs.debian.org
Subject: Re: Bug#657217: bip: buffer overflow (CVE-2012-0806)
Date: Sat, 3 Mar 2012 13:44:15 +0000
Version: 0.8.2-1squeeze4

I wrote:
> On Tue, 24 Jan 2012 at 22:45:42 +0100, Luciano Bello wrote:
> > Please use CVE-2012-0806 for this issue.
>
> The maintainer appears to have fixed this in 0.8.8-2 before this bug
> was opened, so I'm closing the bug with version-tracking.

Likewise, but for stable-security.

Thanks,
    S




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 01 Apr 2012 07:37:03 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 23 14:56:04 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.