Bug#396256: marked as done (CVE-2006-4513: wvWare Multiple Integer Overflow Vulnerabilities)

To: Matej Vela <vela@debian.org>
Subject: Bug#396256: marked as done (CVE-2006-4513: wvWare Multiple Integer Overflow Vulnerabilities)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sun, 05 Nov 2006 04:03:47 -0800
Message-id: <[🔎] handler.396256.D396256.116272751020376.ackdone@bugs.debian.org>
References: <E1GggN6-0002jF-Ki@spohr.debian.org> <200610302129.31995.sf@sfritsch.de>

Your message dated Sun, 05 Nov 2006 03:41:04 -0800
with message-id <E1GggN6-0002jF-Ki@spohr.debian.org>
and subject line Bug#396256: fixed in wv 1.2.4-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

To: submit@bugs.debian.org

Subject: CVE-2006-4513: wvWare Multiple Integer Overflow Vulnerabilities

From: Stefan Fritsch <sf@sfritsch.de>

Date: Mon, 30 Oct 2006 21:29:31 +0100

Message-id: <200610302129.31995.sf@sfritsch.de>
package: wv
severity: grave
tags: security

Some vulnerabilities have been found in wvware and are fixed in 1.2.3

See

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=434
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=433

for details.

Please mention the CVE id in the changelog.
--- End Message ---

--- Begin Message ---

To: 396256-close@bugs.debian.org
Subject: Bug#396256: fixed in wv 1.2.4-1
From: Matej Vela <vela@debian.org>
Date: Sun, 05 Nov 2006 03:41:04 -0800
Message-id: <E1GggN6-0002jF-Ki@spohr.debian.org>

Source: wv
Source-Version: 1.2.4-1

We believe that the bug you reported is fixed in the latest version of
wv, which is due to be installed in the Debian FTP archive:

libwv-1.2-3_1.2.4-1_i386.deb
  to pool/main/w/wv/libwv-1.2-3_1.2.4-1_i386.deb
libwv-dev_1.2.4-1_i386.deb
  to pool/main/w/wv/libwv-dev_1.2.4-1_i386.deb
wv_1.2.4-1.diff.gz
  to pool/main/w/wv/wv_1.2.4-1.diff.gz
wv_1.2.4-1.dsc
  to pool/main/w/wv/wv_1.2.4-1.dsc
wv_1.2.4-1_i386.deb
  to pool/main/w/wv/wv_1.2.4-1_i386.deb
wv_1.2.4.orig.tar.gz
  to pool/main/w/wv/wv_1.2.4.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 396256@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matej Vela <vela@debian.org> (supplier of updated wv package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 31 Oct 2006 08:00:15 +0100
Source: wv
Binary: libwv-dev wv libwv-1.2-3
Architecture: source i386
Version: 1.2.4-1
Distribution: unstable
Urgency: high
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Matej Vela <vela@debian.org>
Description: 
 libwv-1.2-3 - Library for accessing Microsoft Word documents
 libwv-dev  - Development files for the wvWare library
 wv         - Programs for accessing Microsoft Word documents
Closes: 396256
Changes: 
 wv (1.2.4-1) unstable; urgency=high
 .
   * QA upload.
   * New upstream release.
     - Version 1.2.3 fixes multiple integer overflows.  [CVE-2006-4513]
       Closes: #396256.
     - Version 1.2.4 fixes unfiltered input in wvHandleCommandField(), and
       potential segfaults in wvBeginDocument() and wvEndDocument().
       There's no CVE, and no mention of security implications, but this
       still might be worth backporting to stable.
     - SONAME changed to libwv-1.2-3, though there have been no changes to
       the ABI.  Dumbass upstream.
Files: 
 6627be7ec32a3e9111317997bdf88427 698 text optional wv_1.2.4-1.dsc
 c1861c560491f121e12917fa76970ac5 629554 text optional wv_1.2.4.orig.tar.gz
 b961cbf57db4f9fa73769529d1b1813f 10930 text optional wv_1.2.4-1.diff.gz
 c9c7dadce2a42f718694336f6392458f 88136 text optional wv_1.2.4-1_i386.deb
 ec557afe69e96f854a9a38297482f7c8 138874 libs optional libwv-1.2-3_1.2.4-1_i386.deb
 067e609d22da24d57158369a5dc07e1b 181498 libdevel optional libwv-dev_1.2.4-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFRvTwxBYivKllgY8RAioPAJ4/E8uEdYM0t1jG5epx3oiITZTpMgCgk69h
3PbObRUApy1NvIziPB0p+aA=
=iecF
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: wv_1.2.4-1_i386.changes ACCEPTED
Next by Date: Bug#373106: marked as done (sctplib: FTBFS: bashisms in debian/rules)
Previous by thread: wv_1.2.4-1_i386.changes ACCEPTED
Next by thread: Bug#373106: marked as done (sctplib: FTBFS: bashisms in debian/rules)
Index(es):
- Date
- Thread