Bug#694716: marked as done (firmware-nonfree: CVE-2012-2619)

To: Ben Hutchings <ben@decadent.org.uk>
Subject: Bug#694716: marked as done (firmware-nonfree: CVE-2012-2619)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Thu, 29 Nov 2012 14:54:03 +0000
Message-id: <[🔎] handler.694716.D694716.135420071124816.ackdone@bugs.debian.org>
References: <1354200703.7995.18.camel@deadeye.wl.decadent.org.uk> <[🔎] 20121129112927.20976.64697.reportbug@m25s06.vlinux.de>

Your message dated Thu, 29 Nov 2012 14:51:43 +0000
with message-id <1354200703.7995.18.camel@deadeye.wl.decadent.org.uk>
and subject line Re: Bug#694716: firmware-nonfree: CVE-2012-2619
has caused the Debian Bug report #694716,
regarding firmware-nonfree: CVE-2012-2619
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
694716: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694716
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: firmware-nonfree: CVE-2012-2619

From: Moritz Muehlenhoff <jmm@inutil.org>

Date: Thu, 29 Nov 2012 12:29:27 +0100

Message-id: <[🔎] 20121129112927.20976.64697.reportbug@m25s06.vlinux.de>
Package: firmware-nonfree
Severity: important
Tags: security

This seems to affect the firmware-brcm80211 package AFAICS:
http://www.coresecurity.com/content/broadcom-input-validation-BCM4325-BCM4329

Cheers,
        Moritz
--- End Message ---

--- Begin Message ---

To: 694716-done@bugs.debian.org

Subject: Re: Bug#694716: firmware-nonfree: CVE-2012-2619

From: Ben Hutchings <ben@decadent.org.uk>

Date: Thu, 29 Nov 2012 14:51:43 +0000

Message-id: <1354200703.7995.18.camel@deadeye.wl.decadent.org.uk>

In-reply-to: <[🔎] 20121129112927.20976.64697.reportbug@m25s06.vlinux.de>

References: <[🔎] 20121129112927.20976.64697.reportbug@m25s06.vlinux.de>
On Thu, 2012-11-29 at 12:29 +0100, Moritz Muehlenhoff wrote:
> Package: firmware-nonfree
> Severity: important
> Tags: security
> 
> This seems to affect the firmware-brcm80211 package AFAICS:
> http://www.coresecurity.com/content/broadcom-input-validation-BCM4325-BCM4329

The vulnerable firmware is for combo wifi+bluetooth devices.

The brcm80211 driver and firmware are for wifi-only devices: BCM4313,
BCM43224 and BCM43225 (*not* BCM4325).  The first two of these are
explicitly listed as not vulnerable and since there's only a single
firmware image I doubt that it is vulnerable on only a single chip.  The
quoted code bytes are also not present.

Ben.

-- 
Ben Hutchings
Never attribute to conspiracy what can adequately be explained by stupidity.
Attachment: signature.asc
Description: This is a digitally signed message part

--- End Message ---

Reply to:

References:
- Bug#694716: firmware-nonfree: CVE-2012-2619
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: Bug#684666: R: Re: Bug#684666: R: Bug#684666: R: Bug#684666: AMI BIOS detected: BIOS may corrupt low RAM, working around it.
Next by Date: Bug#539201: (no subject)
Previous by thread: Bug#694716: firmware-nonfree: CVE-2012-2619
Next by thread: Bug#694720: linux-image-3.2.0-4-686-pae: tty buffer flush NULL pointer dereference
Index(es):
- Date
- Thread