Bug#439718: marked as done (CVE-2007-1047: DCC remote data manipulation vulnerability)

To: Marco Rodrigues <gothicx@sapo.pt>
Subject: Bug#439718: marked as done (CVE-2007-1047: DCC remote data manipulation vulnerability)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Mon, 05 May 2008 14:30:21 +0000
Message-id: <[🔎] handler.439718.D439718.120999774220920.ackdone@bugs.debian.org>
References: <200805051428.m45ESxYl019085@kmos.homeip.net> <20070826195833.26402.11714.reportbug@k.lan>

Your message dated Mon, 5 May 2008 15:28:59 +0100
with message-id <200805051428.m45ESxYl019085@kmos.homeip.net>
and subject line dcc has been removed from Debian, closing #439718
has caused the Debian Bug report #439718,
regarding CVE-2007-1047: DCC remote data manipulation vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
439718: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439718
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2007-1047: DCC remote data manipulation vulnerability

From: Stefan Fritsch <sf@sfritsch.de>

Date: Sun, 26 Aug 2007 21:58:33 +0200

Message-id: <20070826195833.26402.11714.reportbug@k.lan>
Package: dcc-common
Version: 1.3.42-4
Severity: grave
Tags: security
Justification: user security hole


A vulnerability has been reported in dcc. CVE-2007-1047:

"Unspecified vulnerability in Distributed Checksum Clearinghouse (DCC) before
1.3.51 allows remote attackers to delete or add hosts in /var/dcc/maps."


I am not sure about the severity since no information is available about the
attack vector. Feel free to adjust if you have more info.

Please mention the CVE id in the changelog.
--- End Message ---

--- Begin Message ---

To: 439718-done@bugs.debian.org

Subject: dcc has been removed from Debian, closing #439718

From: Marco Rodrigues <gothicx@sapo.pt>

Date: Mon, 5 May 2008 15:28:59 +0100

Message-id: <200805051428.m45ESxYl019085@kmos.homeip.net>
Version: 1.3.42-5+rm

The dcc package has been removed from Debian testing, unstable and
experimental, so I am now closing the bugs that were still opened
against it.

For more information about this package's removal, read
http://bugs.debian.org/464161 . That bug might give the reasons why
this package was removed, and suggestions of possible replacements.

Don't hesitate to reply to this mail if you have any question.

Thank you for your contribution to Debian.

--
Marco Rodrigues
http://Marco.Tondela.org
--- End Message ---

Reply to:

Prev by Date: Bug#379678: marked as done (sub-makes not passed -O2/etc flags)
Next by Date: Reward is negotiable
Previous by thread: Bug#379678: marked as done (sub-makes not passed -O2/etc flags)
Next by thread: Reward is negotiable
Index(es):
- Date
- Thread