Bug#523365: marked as done (linux-source-2.6.26: CIFS Buffer Overflow as Reported on Full Disclosure)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Fri, 10 Jul 2009 05:13:53 +0100
with message-id <1247199233.21924.139.camel@deadeye>
and subject line Re: linux-source-2.6.26: CIFS Buffer Overflow as Reported on Full Disclosure
has caused the Debian Bug report #523365,
regarding linux-source-2.6.26: CIFS Buffer Overflow as Reported on Full Disclosure
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
523365: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523365
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: linux-source-2.6.26: CIFS Buffer Overflow as Reported on Full Disclosure
• From: Tim <tim-debian@sentinelchicken.org>
• Date: Thu, 09 Apr 2009 09:11:50 -0700
• Message-id: <20090409161150.18617.44170.reportbug@pascal.sentinelchicken.org>

Package: linux-source-2.6.26
Version: 2.6.26-13
Severity: critical
Tags: security
Justification: root security hole


I don't know if this has already been reported or if you guys are already working 
on a fix, but I thought I should be extra sure you all heard about it:

  http://seclists.org/fulldisclosure/2009/Apr/0080.html

If this is as serious as it is advertised to be, it would be nice to see
a back patch ASAP.

thanks,
tim


-- System Information:
Debian Release: 5.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.18
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

Versions of packages linux-source-2.6.26 depends on:
ii  binutils                      2.19.1-1   The GNU assembler, linker and bina
ii  bzip2                         1.0.5-1    high-quality block-sorting file co

Versions of packages linux-source-2.6.26 recommends:
pn  gcc                           <none>     (no description available)
ii  libc6-dev [libc-dev]          2.7-18     GNU C Library: Development Librari
ii  make                          3.81-5     The GNU version of the "make" util

Versions of packages linux-source-2.6.26 suggests:
ii  kernel-package                11.017     A utility for building Linux kerne
pn  libncurses-dev | ncurses-dev  <none>     (no description available)
pn  libqt3-mt-dev                 <none>     (no description available)

-- no debconf information

--- End Message ---

--- Begin Message ---

• To: 523365-done@bugs.debian.org
• Subject: Re: linux-source-2.6.26: CIFS Buffer Overflow as Reported on Full Disclosure
• From: Ben Hutchings <ben@decadent.org.uk>
• Date: Fri, 10 Jul 2009 05:13:53 +0100
• Message-id: <1247199233.21924.139.camel@deadeye>

This appears to be fixed in etch, lenny, squeeze and sid.

Ben.

-- 
Ben Hutchings
No political challenge can be met by shopping. - George Monbiot

Attachment: signature.asc
Description: This is a digitally signed message part

--- End Message ---