Bug#645377: marked as done (kfreebsd-8: Buffer overflow in handling of UNIX socket addresses)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sat, 15 Oct 2011 13:26:56 +0200
with message-id <CAOfDtXP+OEZWtZREug5ZeDHPHim4GTJ+LMaDm8hgPSS9bPKCbQ@mail.gmail.com>
and subject line Re: Bug#645377: kfreebsd-8: Buffer overflow in handling of UNIX socket addresses
has caused the Debian Bug report #645377,
regarding kfreebsd-8: Buffer overflow in handling of UNIX socket addresses
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
645377: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645377
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: kfreebsd-8: Buffer overflow in handling of UNIX socket addresses
• From: Michael Gilbert <michael.s.gilbert@gmail.com>
• Date: Sat, 15 Oct 2011 00:10:32 -0400
• Message-id: <[🔎] 20111015001032.019d32c30b117e74e4e4f5fa@gmail.com>

package: kfreebsd-8
version: 8.1
severity: serious
tag: security , patch

A buffer overflow issue in kfreebsd has been disclosed [0] along with a
poc [1]. patch is available [2].

I've only checked the kfreebsd-8 source, but the description says -7 is
affected, and 9- and higher may be as well; I haven't checked those.

Best wishes,
Mike

[0] http://www.securityfocus.com/archive/1/519864/30/0/threaded
[1] http://www.exploit-db.com/exploits/17908/
[2] http://security.freebsd.org/patches/SA-11:05/unix.patch

--- End Message ---

--- Begin Message ---

• To: Michael Gilbert <michael.s.gilbert@gmail.com>, 645377-done@bugs.debian.org
• Subject: Re: Bug#645377: kfreebsd-8: Buffer overflow in handling of UNIX socket addresses
• From: Robert Millan <rmh@debian.org>
• Date: Sat, 15 Oct 2011 13:26:56 +0200
• Message-id: <CAOfDtXP+OEZWtZREug5ZeDHPHim4GTJ+LMaDm8hgPSS9bPKCbQ@mail.gmail.com>
• In-reply-to: <[🔎] 20111015001032.019d32c30b117e74e4e4f5fa@gmail.com>
• References: <[🔎] 20111015001032.019d32c30b117e74e4e4f5fa@gmail.com>

Version: 9.0~svn225873-1

Fixed in kfreebsd-9.

2011/10/15 Michael Gilbert <michael.s.gilbert@gmail.com>:
> package: kfreebsd-8
> version: 8.1
> severity: serious
> tag: security , patch
>
> A buffer overflow issue in kfreebsd has been disclosed [0] along with a
> poc [1]. patch is available [2].
>
> I've only checked the kfreebsd-8 source, but the description says -7 is
> affected, and 9- and higher may be as well; I haven't checked those.
>
> Best wishes,
> Mike
>
> [0] http://www.securityfocus.com/archive/1/519864/30/0/threaded
> [1] http://www.exploit-db.com/exploits/17908/
> [2] http://security.freebsd.org/patches/SA-11:05/unix.patch
>
>
>
> --
> To UNSUBSCRIBE, email to debian-bsd-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: [🔎] 20111015001032.019d32c30b117e74e4e4f5fa@gmail.com">http://lists.debian.org/[🔎] 20111015001032.019d32c30b117e74e4e4f5fa@gmail.com
>
>



-- 
Robert Millan

--- End Message ---