Bug#610960: marked as done (CVE-2010-4267: Buffer overflow)
Your message dated Thu, 27 Jan 2011 05:47:20 +0000
with message-id <E1PiKhU-0005HB-L0@franck.debian.org>
and subject line Bug#610960: fixed in hplip 3.10.6-2
has caused the Debian Bug report #610960,
regarding CVE-2010-4267: Buffer overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
610960: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610960
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: hplip
Severity: grave
Tags: security
Hi,
please see https://bugzilla.redhat.com/show_bug.cgi?id=662740 for
the description and a patch by Sebastian Krahmer.
A DSA is in preparation, for Squeeze please upload the isolated
security fix with urgency=high and ask for an unblock on
debian-release@lists.debian.org
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: hplip
Source-Version: 3.10.6-2
We believe that the bug you reported is fixed in the latest version of
hplip, which is due to be installed in the Debian FTP archive:
hpijs-ppds_3.10.6-2_all.deb
to main/h/hplip/hpijs-ppds_3.10.6-2_all.deb
hpijs_3.10.6-2_amd64.deb
to main/h/hplip/hpijs_3.10.6-2_amd64.deb
hplip-cups_3.10.6-2_amd64.deb
to main/h/hplip/hplip-cups_3.10.6-2_amd64.deb
hplip-data_3.10.6-2_all.deb
to main/h/hplip/hplip-data_3.10.6-2_all.deb
hplip-dbg_3.10.6-2_amd64.deb
to main/h/hplip/hplip-dbg_3.10.6-2_amd64.deb
hplip-doc_3.10.6-2_all.deb
to main/h/hplip/hplip-doc_3.10.6-2_all.deb
hplip-gui_3.10.6-2_all.deb
to main/h/hplip/hplip-gui_3.10.6-2_all.deb
hplip_3.10.6-2.diff.gz
to main/h/hplip/hplip_3.10.6-2.diff.gz
hplip_3.10.6-2.dsc
to main/h/hplip/hplip_3.10.6-2.dsc
hplip_3.10.6-2_amd64.deb
to main/h/hplip/hplip_3.10.6-2_amd64.deb
libhpmud-dev_3.10.6-2_amd64.deb
to main/h/hplip/libhpmud-dev_3.10.6-2_amd64.deb
libhpmud0_3.10.6-2_amd64.deb
to main/h/hplip/libhpmud0_3.10.6-2_amd64.deb
libsane-hpaio_3.10.6-2_amd64.deb
to main/h/hplip/libsane-hpaio_3.10.6-2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 610960@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mark Purcell <msp@debian.org> (supplier of updated hplip package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 27 Jan 2011 00:48:24 +1100
Source: hplip
Binary: hplip hplip-data hplip-gui hplip-dbg hplip-doc hpijs-ppds hpijs hplip-cups libhpmud0 libhpmud-dev libsane-hpaio
Architecture: source all amd64
Version: 3.10.6-2
Distribution: unstable
Urgency: high
Maintainer: Debian HPIJS and HPLIP maintainers <pkg-hpijs-devel@lists.alioth.debian.org>
Changed-By: Mark Purcell <msp@debian.org>
Description:
hpijs - HP Linux Printing and Imaging - gs IJS driver (hpijs)
hpijs-ppds - HP Linux Printing and Imaging - HPIJS PPD files
hplip - HP Linux Printing and Imaging System (HPLIP)
hplip-cups - HP Linux Printing and Imaging - CUPS Raster driver (hpcups)
hplip-data - HP Linux Printing and Imaging - data files
hplip-dbg - HP Linux Printing and Imaging - debugging information
hplip-doc - HP Linux Printing and Imaging - documentation
hplip-gui - HP Linux Printing and Imaging - GUI utilities
libhpmud-dev - HP Multi-Point Transport Driver (hpmud) development libraries
libhpmud0 - HP Multi-Point Transport Driver (hpmud) run-time libraries
libsane-hpaio - HP SANE backend for multi-function peripherals
Closes: 610960
Changes:
hplip (3.10.6-2) unstable; urgency=high
.
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via long SNMP response - Thanks Till
- debian/patches/CVE-2010-4267.dpatch: validate dLen in io/hpmud/pml.c.
- Fixes "CVE-2010-4267: Buffer overflow" (Closes: #610960)
* Ack NMU - Thanks Evgeni
Checksums-Sha1:
8452c7789b2701c67b45066043ce6026a59df005 1901 hplip_3.10.6-2.dsc
2ed536c2d2c2e6eb82a8bd446129c15b4ba612d7 92828 hplip_3.10.6-2.diff.gz
b235f4c26a0967397aa64b5d929d9cbc81d4b3b9 11794584 hplip-data_3.10.6-2_all.deb
17a0ce1954058e84227910e51e2e1243b1a6c1da 78886 hplip-gui_3.10.6-2_all.deb
3865d755827680bddf8999eaaf2e5540630b1c0d 665500 hplip-doc_3.10.6-2_all.deb
891fc2d9c570e7c9ba6cff5b97412113ee900a6a 611956 hpijs-ppds_3.10.6-2_all.deb
1a71433e494e3f2f604baf49a72221218f6eb8f2 146766 hplip_3.10.6-2_amd64.deb
1a297256da73416fa7d06132c847db8c6b428159 1028230 hplip-dbg_3.10.6-2_amd64.deb
7704bfa3b3c8f17defd7cb30e0abeba1b4c3e4bf 422178 hpijs_3.10.6-2_amd64.deb
8973318faf80d3d7907159e3283b0f88d6f7c682 350648 hplip-cups_3.10.6-2_amd64.deb
3ab5b7a0d7e89ab6b7038a0ec992026eb2f66714 170316 libhpmud0_3.10.6-2_amd64.deb
7018bfaf9353d19529eae03a5d6ed1ae8357d030 70396 libhpmud-dev_3.10.6-2_amd64.deb
35a59ef11059b8d01e7369ab898c86a57544aaec 171246 libsane-hpaio_3.10.6-2_amd64.deb
Checksums-Sha256:
81cbcfbb6521e1b19f3befe149df9bf84b7a008466a7ca4c72fd45a32155120d 1901 hplip_3.10.6-2.dsc
e3d75fdbd5756e5cdc82c515f11457a826aa87859abe1d4709c74acf1073f2ca 92828 hplip_3.10.6-2.diff.gz
ae62378e9c3ca4f3e2b006023a26f71220614f9cd179d635911e751864130c7c 11794584 hplip-data_3.10.6-2_all.deb
9eaceeeea67738c936b402fbf70010bc47e2087a583298b4adfee46c238978db 78886 hplip-gui_3.10.6-2_all.deb
b3c8c3e44969f671cc938b0f310311d5a075c6577a5b7757bf3e4ecc5105a6d9 665500 hplip-doc_3.10.6-2_all.deb
e0bfadd41ac2cf86d981353993c3b5263e1e491244f0eb64de9057d03188436b 611956 hpijs-ppds_3.10.6-2_all.deb
954ab802bf1058c580fed96669615d9195b2e05aad4fafe1871976555c206d04 146766 hplip_3.10.6-2_amd64.deb
202e584c3b6c683e143e4f6dcc44939f5b7dfd9ff9b086c537976a68557a6603 1028230 hplip-dbg_3.10.6-2_amd64.deb
40b6845b88677c73b95bc0ce943c5ab81ce7286b58914980b9f8f16a746e0acf 422178 hpijs_3.10.6-2_amd64.deb
f6404999acbcfa147903ed7430f1e667be6ac3a2cda0fa4640ba4da9b273153e 350648 hplip-cups_3.10.6-2_amd64.deb
3cc6a3a9ebf7d662878ad2d82e36cf23b0e9c7be60c0d3abcf837492fd0882ca 170316 libhpmud0_3.10.6-2_amd64.deb
32ef14f68d3328d58b7955f9a253a70b69ef1c65d7e4bb4d3ed4e52b371b2263 70396 libhpmud-dev_3.10.6-2_amd64.deb
86b270eb796a69fa1e3d22b4f2fe886eb21bec4b07c63ca583178de4e6e7d8b7 171246 libsane-hpaio_3.10.6-2_amd64.deb
Files:
e009e44f598387d75aeadbf1e843ebd8 1901 utils optional hplip_3.10.6-2.dsc
d213c6c22c498a50c349151c6a39de93 92828 utils optional hplip_3.10.6-2.diff.gz
12b64b4012db37f42dc5e9d4f59208ee 11794584 utils optional hplip-data_3.10.6-2_all.deb
73e10e3d7a3b4ca4f9a996d127009dc8 78886 utils optional hplip-gui_3.10.6-2_all.deb
3c6ff453b4965791097c120eedefc491 665500 doc optional hplip-doc_3.10.6-2_all.deb
a6c7cdb0b92ec3c8e8f65ca39464b0c5 611956 utils optional hpijs-ppds_3.10.6-2_all.deb
5fae94ef3ba726b0269a240221a91f8c 146766 utils optional hplip_3.10.6-2_amd64.deb
61f3bf6f8f2addf85a698c4fcac5d2c6 1028230 debug extra hplip-dbg_3.10.6-2_amd64.deb
2262583a5f6523fc3011a00ce0123ec0 422178 text optional hpijs_3.10.6-2_amd64.deb
c0d5beca586a136754595192a4907f73 350648 text optional hplip-cups_3.10.6-2_amd64.deb
413614b807dd9c277c6b443fc611efbe 170316 libs optional libhpmud0_3.10.6-2_amd64.deb
b7206875b492c454bb780f9c8572e754 70396 libdevel optional libhpmud-dev_3.10.6-2_amd64.deb
51482aa47b7229b151253cd14d2eba17 171246 libs optional libsane-hpaio_3.10.6-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk1BAQIACgkQoCzanz0IthJUGwCeODk1xaYOl+conyvk1sjuKmEO
CggAn3LOmoBjQSGKGfRDS48zeKtnWpkj
=zBGf
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: