Bug#610960: marked as done (CVE-2010-4267: Buffer overflow)

To: Mark Purcell <msp@debian.org>
Subject: Bug#610960: marked as done (CVE-2010-4267: Buffer overflow)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Thu, 27 Jan 2011 00:21:15 +0000
Message-id: <[🔎] handler.610960.D610960.12960874428352.ackdone@bugs.debian.org>
References: <E1PiFY8-0007IW-CA@franck.debian.org> <[🔎] 20110124123219.8615.2818.reportbug@irma.knut.univention.de>

Your message dated Thu, 27 Jan 2011 00:17:20 +0000
with message-id <E1PiFY8-0007IW-CA@franck.debian.org>
and subject line Bug#610960: fixed in hplip 3.11.1-1
has caused the Debian Bug report #610960,
regarding CVE-2010-4267: Buffer overflow
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
610960: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610960
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2010-4267: Buffer overflow

From: Moritz Muehlenhoff <muehlenhoff@univention.de>

Date: Mon, 24 Jan 2011 13:32:19 +0100

Message-id: <[🔎] 20110124123219.8615.2818.reportbug@irma.knut.univention.de>
Package: hplip
Severity: grave
Tags: security

Hi,
please see https://bugzilla.redhat.com/show_bug.cgi?id=662740 for
the description and a patch by Sebastian Krahmer.

A DSA is in preparation, for Squeeze please upload the isolated
security fix with urgency=high and ask for an unblock on
debian-release@lists.debian.org

Cheers,
        Moritz
--- End Message ---

--- Begin Message ---

To: 610960-close@bugs.debian.org
Subject: Bug#610960: fixed in hplip 3.11.1-1
From: Mark Purcell <msp@debian.org>
Date: Thu, 27 Jan 2011 00:17:20 +0000
Message-id: <E1PiFY8-0007IW-CA@franck.debian.org>

Source: hplip
Source-Version: 3.11.1-1

We believe that the bug you reported is fixed in the latest version of
hplip, which is due to be installed in the Debian FTP archive:

hpijs-ppds_3.11.1-1_all.deb
  to main/h/hplip/hpijs-ppds_3.11.1-1_all.deb
hpijs_3.11.1-1_amd64.deb
  to main/h/hplip/hpijs_3.11.1-1_amd64.deb
hplip-cups_3.11.1-1_amd64.deb
  to main/h/hplip/hplip-cups_3.11.1-1_amd64.deb
hplip-data_3.11.1-1_all.deb
  to main/h/hplip/hplip-data_3.11.1-1_all.deb
hplip-dbg_3.11.1-1_amd64.deb
  to main/h/hplip/hplip-dbg_3.11.1-1_amd64.deb
hplip-doc_3.11.1-1_all.deb
  to main/h/hplip/hplip-doc_3.11.1-1_all.deb
hplip-gui_3.11.1-1_all.deb
  to main/h/hplip/hplip-gui_3.11.1-1_all.deb
hplip_3.11.1-1.diff.gz
  to main/h/hplip/hplip_3.11.1-1.diff.gz
hplip_3.11.1-1.dsc
  to main/h/hplip/hplip_3.11.1-1.dsc
hplip_3.11.1-1_amd64.deb
  to main/h/hplip/hplip_3.11.1-1_amd64.deb
hplip_3.11.1.orig.tar.gz
  to main/h/hplip/hplip_3.11.1.orig.tar.gz
libhpmud-dev_3.11.1-1_amd64.deb
  to main/h/hplip/libhpmud-dev_3.11.1-1_amd64.deb
libhpmud0_3.11.1-1_amd64.deb
  to main/h/hplip/libhpmud0_3.11.1-1_amd64.deb
libsane-hpaio_3.11.1-1_amd64.deb
  to main/h/hplip/libsane-hpaio_3.11.1-1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 610960@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mark Purcell <msp@debian.org> (supplier of updated hplip package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 27 Jan 2011 00:26:43 +1100
Source: hplip
Binary: hplip hplip-data hplip-gui hplip-dbg hplip-doc hpijs-ppds hpijs hplip-cups libhpmud0 libhpmud-dev libsane-hpaio
Architecture: source all amd64
Version: 3.11.1-1
Distribution: experimental
Urgency: low
Maintainer: Debian HPIJS and HPLIP maintainers <pkg-hpijs-devel@lists.alioth.debian.org>
Changed-By: Mark Purcell <msp@debian.org>
Description: 
 hpijs      - HP Linux Printing and Imaging - gs IJS driver (hpijs)
 hpijs-ppds - HP Linux Printing and Imaging - HPIJS PPD files
 hplip      - HP Linux Printing and Imaging System (HPLIP)
 hplip-cups - HP Linux Printing and Imaging - CUPS Raster driver (hpcups)
 hplip-data - HP Linux Printing and Imaging - data files
 hplip-dbg  - HP Linux Printing and Imaging - debugging information
 hplip-doc  - HP Linux Printing and Imaging - documentation
 hplip-gui  - HP Linux Printing and Imaging - GUI utilities (Qt-based)
 libhpmud-dev - HP Multi-Point Transport Driver (hpmud) development libraries
 libhpmud0  - HP Multi-Point Transport Driver (hpmud) run-time libraries
 libsane-hpaio - HP SANE backend for multi-function peripherals
Closes: 610960
Changes: 
 hplip (3.11.1-1) experimental; urgency=low
 .
   * New Upstream Release
     - Fixes "CVE-2010-4267: Buffer overflow" (Closes: #610960)
   * SECURITY UPDATE: denial of service and possible arbitrary code
     execution via long SNMP response
Checksums-Sha1: 
 cbdda3da6b0678510d75d8d717d08256fba8b0ce 1930 hplip_3.11.1-1.dsc
 6b06567373cadc7dff48134c6b58f90a4d72582a 22167916 hplip_3.11.1.orig.tar.gz
 5406cbb5ab6bc67ee4e72b998d2942eebe2c17c3 122397 hplip_3.11.1-1.diff.gz
 1290a9d8307c0f1ff9301633a384cc7e711bea1a 7580552 hplip-data_3.11.1-1_all.deb
 1416b3909777fc8bc4cc9da5114a4a2d77e0b665 81526 hplip-gui_3.11.1-1_all.deb
 c91ecb19b47562fb08b00d32312c92949c747cee 668030 hplip-doc_3.11.1-1_all.deb
 b1d8ee5da8dd4369626ddb6ec35d880d3cbb1a31 653790 hpijs-ppds_3.11.1-1_all.deb
 e82062bfe8c177670b753cde1cfd59d82c15c76b 148824 hplip_3.11.1-1_amd64.deb
 5dc2ed909c36d194237e2f423cf622aea4eb3aa6 1051468 hplip-dbg_3.11.1-1_amd64.deb
 c7013d95c73328de9e9fa92df9bc4ad6f18027c9 428948 hpijs_3.11.1-1_amd64.deb
 fc6d46f3ae23da67c5599c844b10ae7983ce3bac 360480 hplip-cups_3.11.1-1_amd64.deb
 fc2d07d5f6402f12ee24e7af909dc0feaebaa4c7 172934 libhpmud0_3.11.1-1_amd64.deb
 69fa12d9e2b58f5f45d87cab5a8ecfc8aa0cffba 72232 libhpmud-dev_3.11.1-1_amd64.deb
 f5e4be53562652cb70e688375b2ddb5530e90114 187804 libsane-hpaio_3.11.1-1_amd64.deb
Checksums-Sha256: 
 9d3e17fce00c3a3b89a9dc6e34727225d1476ccf05d9bf74ab079b8ee1f6bc22 1930 hplip_3.11.1-1.dsc
 2f5d988ce53c084556425ae6c5e56a9b5cfa3ac0381059eed913b4523bd1c878 22167916 hplip_3.11.1.orig.tar.gz
 af3724d0697e78f92263bd23a274b93826712fe5e66612c63f2792d9816d63db 122397 hplip_3.11.1-1.diff.gz
 1390a7d02323c34672167cc1760c49479f303fc31270061be41fddf9c408f74b 7580552 hplip-data_3.11.1-1_all.deb
 8ff74bb717104ddbb8b52f6ac5086f81fc630f97cd3af07409d6b8cf6bde39d1 81526 hplip-gui_3.11.1-1_all.deb
 0af3f91b6670b7c1a8c53d322ee71093cef4c6ecfd323ec091cfb65554ed588b 668030 hplip-doc_3.11.1-1_all.deb
 18c94563212a05c35fd2ec572db6240e804e882d4cb71f721d65c59ec7dd36f7 653790 hpijs-ppds_3.11.1-1_all.deb
 16e6adb3eba529c33c06667242c01142341a49e52f274eb542d1df09b80d53c6 148824 hplip_3.11.1-1_amd64.deb
 b858bc7fc353c0e3b90e3f050e985ee0a5cd098387f2793328789706bf1a00b9 1051468 hplip-dbg_3.11.1-1_amd64.deb
 6547ac00e39a17a8c27eb12903a66975e357d08635de4b4a73696762226e57d4 428948 hpijs_3.11.1-1_amd64.deb
 069b5274fd551099e5e1a9c815dd527634613db5302600ddb241b35802acd2f1 360480 hplip-cups_3.11.1-1_amd64.deb
 187b010896ca64c7f2ab31d5cb51f9f7cc3f5fd480474b71e1907b5d045896f9 172934 libhpmud0_3.11.1-1_amd64.deb
 2277ecb6bac859f51eac444bcfa618618d621222341f0b663f8d4ad584ce195c 72232 libhpmud-dev_3.11.1-1_amd64.deb
 0fd8d818d63d8a0f2a40421a28ddbc7ffbf000603bcbc2422681c7f4121bc899 187804 libsane-hpaio_3.11.1-1_amd64.deb
Files: 
 9258f780df036cbf0d1d1f5b031d140e 1930 utils optional hplip_3.11.1-1.dsc
 86f63a00c911313206fef6a147f7faad 22167916 utils optional hplip_3.11.1.orig.tar.gz
 d316b96d53ee0a1338ae4be82926ca32 122397 utils optional hplip_3.11.1-1.diff.gz
 085eee23bc76a0bab374a41e218fa2a9 7580552 utils optional hplip-data_3.11.1-1_all.deb
 1f940c33df7ffda470586906c89c25ae 81526 utils optional hplip-gui_3.11.1-1_all.deb
 e99b8419d872e474eee5b040231c24e7 668030 doc optional hplip-doc_3.11.1-1_all.deb
 bffe381b1f9360bfdedf05851cc1d450 653790 utils optional hpijs-ppds_3.11.1-1_all.deb
 6c579ff9ad024138baebccc0f13dc1e5 148824 utils optional hplip_3.11.1-1_amd64.deb
 d5c8d7a24809ef1dda2a59d000ea94d8 1051468 debug extra hplip-dbg_3.11.1-1_amd64.deb
 d12a58283e8c2b5cf9e5cd1b150a877b 428948 text optional hpijs_3.11.1-1_amd64.deb
 4cc188ad5540becd227705dbc0f95b69 360480 text optional hplip-cups_3.11.1-1_amd64.deb
 fa59a00fd627bf58e9f52ab9f810c299 172934 libs optional libhpmud0_3.11.1-1_amd64.deb
 598fe3db42ec4ae3e47d441fe795fe1b 72232 libdevel optional libhpmud-dev_3.11.1-1_amd64.deb
 7a4db5aba4f70061c9f9cd12ae4f42e4 187804 libs optional libsane-hpaio_3.11.1-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk1AtqkACgkQoCzanz0IthJwkACfZ+J6IYCQM6ZX3nTwsoDPM+nT
w6MAoITJA5VxBzUfjJhCbpvwQYLUJhAA
=gn3j
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#610960: CVE-2010-4267: Buffer overflow
  - From: Moritz Muehlenhoff <muehlenhoff@univention.de>

Prev by Date: Processed: Re: gs-esp: hangs at ~98% CPU with DEVICE=bbox reading a .ps from tiff2ps
Next by Date: Accepted hplip 3.11.1-1 (source all amd64)
Previous by thread: Processed: Re: Bug#610960: CVE-2010-4267: Buffer overflow
Next by thread: Bug#610960: marked as done (CVE-2010-4267: Buffer overflow)
Index(es):
- Date
- Thread