[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#439718: marked as done (CVE-2007-1047: DCC remote data manipulation vulnerability)

Your message dated Mon, 5 May 2008 15:28:59 +0100
with message-id <200805051428.m45ESxYl019085@kmos.homeip.net>
and subject line dcc has been removed from Debian, closing #439718
has caused the Debian Bug report #439718,
regarding CVE-2007-1047: DCC remote data manipulation vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

439718: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439718
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: dcc-common
Version: 1.3.42-4
Severity: grave
Tags: security
Justification: user security hole

A vulnerability has been reported in dcc. CVE-2007-1047:

"Unspecified vulnerability in Distributed Checksum Clearinghouse (DCC) before
1.3.51 allows remote attackers to delete or add hosts in /var/dcc/maps."

I am not sure about the severity since no information is available about the
attack vector. Feel free to adjust if you have more info.

Please mention the CVE id in the changelog.

--- End Message ---
--- Begin Message ---
Version: 1.3.42-5+rm

The dcc package has been removed from Debian testing, unstable and
experimental, so I am now closing the bugs that were still opened
against it.

For more information about this package's removal, read
http://bugs.debian.org/464161 . That bug might give the reasons why
this package was removed, and suggestions of possible replacements.

Don't hesitate to reply to this mail if you have any question.

Thank you for your contribution to Debian.

Marco Rodrigues

--- End Message ---

Reply to: