Bug#572811: marked as done (kfreebsd: CVE-2009-2649 denial-of-service)

To: Petr Salinger <Petr.Salinger@seznam.cz>
Subject: Bug#572811: marked as done (kfreebsd: CVE-2009-2649 denial-of-service)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Mon, 08 Mar 2010 01:48:20 +0000
Message-id: <handler.572811.D572811.126801267810644.ackdone@bugs.debian.org>
References: <Pine.LNX.4.62.1003080444340.4944@sci.felk.cvut.cz> <20100306152340.b70aa194.michael.s.gilbert@gmail.com>

Your message dated Mon, 8 Mar 2010 04:49:15 +0100 (CET)
with message-id <Pine.LNX.4.62.1003080444340.4944@sci.felk.cvut.cz>
and subject line kfreebsd: CVE-2009-2649 denial-of-service
has caused the Debian Bug report #572811,
regarding kfreebsd: CVE-2009-2649 denial-of-service
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
572811: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572811
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org
Subject: kfreebsd: CVE-2009-2650 potential code execution
From: Michael Gilbert <michael.s.gilbert@gmail.com>
Date: Sat, 6 Mar 2010 15:23:40 -0500
Message-id: <20100306152340.b70aa194.michael.s.gilbert@gmail.com>

Package: kfreebsd-8
Version: 8.0-4
Severity: important
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for kfreebsd-8.

CVE-2009-2650[0]:
| Heap-based buffer overflow in Sorcerer Software MultiMedia Jukebox 4.0
| Build 020124 allows remote attackers to cause a denial of service
| (application crash) or possibly execute arbitrary code via a crafted
| (1) .m3u or possibly (2) .pst file.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2650
    http://security-tracker.debian.org/tracker/CVE-2009-2650

--- End Message ---

--- Begin Message ---

To: 572811-done@bugs.debian.org

Subject: kfreebsd: CVE-2009-2649 denial-of-service

From: Petr Salinger <Petr.Salinger@seznam.cz>

Date: Mon, 8 Mar 2010 04:49:15 +0100 (CET)

Message-id: <Pine.LNX.4.62.1003080444340.4944@sci.felk.cvut.cz>

In-reply-to: <20100306162421.ea6adecf.michael.s.gilbert@gmail.com>

References: <20100306162421.ea6adecf.michael.s.gilbert@gmail.com>
Version: 8.0-1
CVE-2009-2649[0]:
| The IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access to /dev
| is available, allows local users to cause a denial of service (kernel
| panic) via a certain IOCTL request with a large count, which triggers
| a malloc call with a large value.

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2649
   http://security-tracker.debian.org/tracker/CVE-2009-2649
It have been fixed in

http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/dev/ata/ata-all.c#rev1.306

the 8.0 have been released with rev 1.308.2.2.2.1

Petr
--- End Message ---

Reply to:

References:
- Bug#572811: kfreebsd: CVE-2009-2650 potential code execution
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>

Prev by Date: Processed: Re: Bug#572811: 572811
Next by Date: Re: [PATCH] Switch grub-installer to grub-probe
Previous by thread: Bug#572811: kfreebsd: CVE-2009-2650 potential code execution
Next by thread: Bug#572813: kfreebsd: null ptr dereference
Index(es):
- Date
- Thread