2013-11-04 16:16:02 |
Dave Chiluk |
bug |
|
|
added bug |
2013-11-04 16:16:11 |
Dave Chiluk |
bip (Ubuntu): assignee |
|
Dave Chiluk (chiluk) |
|
2013-11-04 16:16:16 |
Dave Chiluk |
bip (Ubuntu): status |
New |
In Progress |
|
2013-11-04 16:36:22 |
Dave Chiluk |
attachment added |
|
lp1247888.precise.debdiff https://bugs.launchpad.net/ubuntu/+source/bip/+bug/1247888/+attachment/3899962/+files/lp1247888.precise.debdiff |
|
2013-11-04 17:11:51 |
Dave Chiluk |
description |
Last error before bip crashes in bip.log is
02-11-2013 02:42:18 FATAL: Failed assetion in src/irc.c(2447): n
This is the same bug as upstream bip bug
https://bugs.mageia.org/show_bug.cgi?id=4319
Which is resolved
https://projects.duckcorp.org/attachments/56?type=sbs
This was resolved in quantal and newer by
Fix CVE-2012-0806: buffer overflow.
http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/quantal/bip/quantal/view/head:/debian/patches/CVE-2012-0806.patch
This fix needs to be backported into precise.
I'm not exactly sure why bip is failing for me all of a sudden, but I did recently go through some major upgrades of both software and hardware on my bip server. I'll be posting debdiffs as soon as I have tested them.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: bip 0.8.8-1build1
ProcVersionSignature: Ubuntu 3.8.0-32.47~precise1-generic 3.8.13.10
Uname: Linux 3.8.0-32-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.0.1-0ubuntu17.6
Architecture: amd64
Date: Mon Nov 4 10:08:02 2013
InstallationMedia: Mythbuntu 12.04.1 "Precise Pangolin" - Release amd64 (20120818.1)
MarkForUpload: True
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: bip
UpgradeStatus: No upgrade log present (probably fresh install) |
[Impact]
* Bip crashes with "FATAL: Failed assetion in src/irc.c(2447): n" in log
* Current version of bip in precise is vulnerable to the following CVE http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0806
[Test Case]
* I did not come up with a good test case.
[Regression Potential]
* Regression potential is minimal as this brings bip up to the same level of code as quantal
* I am currently running this patch on my bip server, and it currently has not had a recurrence of the crash
[Other Info]
* Patch is already included in quantal and newer as well as upstream.
___________________________________________________________________________________
Last error before bip crashes in bip.log is
02-11-2013 02:42:18 FATAL: Failed assetion in src/irc.c(2447): n
This is the same bug as upstream bip bug
https://bugs.mageia.org/show_bug.cgi?id=4319
Which is resolved
https://projects.duckcorp.org/attachments/56?type=sbs
This was resolved in quantal and newer by
Fix CVE-2012-0806: buffer overflow.
http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/quantal/bip/quantal/view/head:/debian/patches/CVE-2012-0806.patch
This fix needs to be backported into precise.
I'm not exactly sure why bip is failing for me all of a sudden, but I did recently go through some major upgrades of both software and hardware on my bip server. I'll be posting debdiffs as soon as I have tested them.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: bip 0.8.8-1build1
ProcVersionSignature: Ubuntu 3.8.0-32.47~precise1-generic 3.8.13.10
Uname: Linux 3.8.0-32-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.0.1-0ubuntu17.6
Architecture: amd64
Date: Mon Nov 4 10:08:02 2013
InstallationMedia: Mythbuntu 12.04.1 "Precise Pangolin" - Release amd64 (20120818.1)
MarkForUpload: True
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: bip
UpgradeStatus: No upgrade log present (probably fresh install) |
|
2013-11-04 17:12:06 |
Dave Chiluk |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2013-11-04 17:14:12 |
Dave Chiluk |
bug |
|
|
added subscriber Ubuntu Security Team |
2013-11-04 17:14:32 |
Dave Chiluk |
bug |
|
|
added subscriber Ubuntu Security Sponsors Team |
2013-11-04 20:59:24 |
Chris J Arges |
nominated for series |
|
Ubuntu Precise |
|
2013-11-04 20:59:24 |
Chris J Arges |
bug task added |
|
bip (Ubuntu Precise) |
|
2013-11-04 20:59:36 |
Chris J Arges |
bip (Ubuntu Precise): assignee |
|
Dave Chiluk (chiluk) |
|
2013-11-04 20:59:40 |
Chris J Arges |
bip (Ubuntu Precise): status |
New |
In Progress |
|
2013-11-04 20:59:42 |
Chris J Arges |
bip (Ubuntu Precise): importance |
Undecided |
Medium |
|
2013-11-04 20:59:45 |
Chris J Arges |
bip (Ubuntu): assignee |
Dave Chiluk (chiluk) |
|
|
2013-11-04 20:59:47 |
Chris J Arges |
bip (Ubuntu): status |
In Progress |
Fix Released |
|
2013-11-04 21:02:31 |
Chris J Arges |
description |
[Impact]
* Bip crashes with "FATAL: Failed assetion in src/irc.c(2447): n" in log
* Current version of bip in precise is vulnerable to the following CVE http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0806
[Test Case]
* I did not come up with a good test case.
[Regression Potential]
* Regression potential is minimal as this brings bip up to the same level of code as quantal
* I am currently running this patch on my bip server, and it currently has not had a recurrence of the crash
[Other Info]
* Patch is already included in quantal and newer as well as upstream.
___________________________________________________________________________________
Last error before bip crashes in bip.log is
02-11-2013 02:42:18 FATAL: Failed assetion in src/irc.c(2447): n
This is the same bug as upstream bip bug
https://bugs.mageia.org/show_bug.cgi?id=4319
Which is resolved
https://projects.duckcorp.org/attachments/56?type=sbs
This was resolved in quantal and newer by
Fix CVE-2012-0806: buffer overflow.
http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/quantal/bip/quantal/view/head:/debian/patches/CVE-2012-0806.patch
This fix needs to be backported into precise.
I'm not exactly sure why bip is failing for me all of a sudden, but I did recently go through some major upgrades of both software and hardware on my bip server. I'll be posting debdiffs as soon as I have tested them.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: bip 0.8.8-1build1
ProcVersionSignature: Ubuntu 3.8.0-32.47~precise1-generic 3.8.13.10
Uname: Linux 3.8.0-32-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.0.1-0ubuntu17.6
Architecture: amd64
Date: Mon Nov 4 10:08:02 2013
InstallationMedia: Mythbuntu 12.04.1 "Precise Pangolin" - Release amd64 (20120818.1)
MarkForUpload: True
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: bip
UpgradeStatus: No upgrade log present (probably fresh install) |
[Impact]
* Affects Precise versions and earlier.
* Bip crashes with "FATAL: Failed assetion in src/irc.c(2447): n" in log
* Current version of bip in precise is vulnerable to the following CVE http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0806
[Test Case]
* Run BIP server for an extended period of time.
[Regression Potential]
* Regression potential is minimal as this brings bip up to the same level of code as quantal
* I am currently running this patch on my bip server, and it currently has not had a recurrence of the crash
[Other Info]
* Patch is already included in quantal and newer as well as upstream.
___________________________________________________________________________________
Last error before bip crashes in bip.log is
02-11-2013 02:42:18 FATAL: Failed assetion in src/irc.c(2447): n
This is the same bug as upstream bip bug
https://bugs.mageia.org/show_bug.cgi?id=4319
Which is resolved
https://projects.duckcorp.org/attachments/56?type=sbs
This was resolved in quantal and newer by
Fix CVE-2012-0806: buffer overflow.
http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/quantal/bip/quantal/view/head:/debian/patches/CVE-2012-0806.patch
This fix needs to be backported into precise.
I'm not exactly sure why bip is failing for me all of a sudden, but I did recently go through some major upgrades of both software and hardware on my bip server. I'll be posting debdiffs as soon as I have tested them.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: bip 0.8.8-1build1
ProcVersionSignature: Ubuntu 3.8.0-32.47~precise1-generic 3.8.13.10
Uname: Linux 3.8.0-32-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.0.1-0ubuntu17.6
Architecture: amd64
Date: Mon Nov 4 10:08:02 2013
InstallationMedia: Mythbuntu 12.04.1 "Precise Pangolin" - Release amd64 (20120818.1)
MarkForUpload: True
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: bip
UpgradeStatus: No upgrade log present (probably fresh install) |
|
2013-11-05 01:51:29 |
Chris J Arges |
attachment added |
|
lp1247888.precise.debdiff https://bugs.launchpad.net/ubuntu/+source/bip/+bug/1247888/+attachment/3900269/+files/lp1247888.precise.debdiff |
|
2013-11-05 14:53:38 |
Stéphane Graber |
bip (Ubuntu Precise): status |
In Progress |
Fix Committed |
|
2013-11-05 14:53:41 |
Stéphane Graber |
bug |
|
|
added subscriber SRU Verification |
2013-11-05 14:53:51 |
Stéphane Graber |
tags |
amd64 apport-bug precise |
amd64 apport-bug precise verification-needed |
|
2013-11-05 15:05:55 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/precise/bip/precise-proposed |
|
2013-11-06 13:35:24 |
Marc Deslauriers |
removed subscriber Ubuntu Security Sponsors Team |
|
|
|
2013-11-06 13:35:54 |
Marc Deslauriers |
cve linked |
|
2012-0806 |
|
2013-11-08 16:43:07 |
Dave Chiluk |
attachment added |
|
lp1247888.precise.debdiff https://bugs.launchpad.net/ubuntu/precise/+source/bip/+bug/1247888/+attachment/3903366/+files/lp1247888.precise.debdiff |
|
2013-11-08 16:49:09 |
Dave Chiluk |
bip (Ubuntu): assignee |
|
Dave Chiluk (chiluk) |
|
2013-11-08 17:11:27 |
Dave Chiluk |
attachment added |
|
lp1247888.quantal.debdiff https://bugs.launchpad.net/ubuntu/precise/+source/bip/+bug/1247888/+attachment/3903372/+files/lp1247888.quantal.debdiff |
|
2013-11-08 17:12:01 |
Dave Chiluk |
attachment added |
|
lp1247888.raring.debdiff https://bugs.launchpad.net/ubuntu/precise/+source/bip/+bug/1247888/+attachment/3903373/+files/lp1247888.raring.debdiff |
|
2013-11-08 17:12:27 |
Dave Chiluk |
attachment added |
|
lp1247888.saucy.debdiff https://bugs.launchpad.net/ubuntu/precise/+source/bip/+bug/1247888/+attachment/3903375/+files/lp1247888.saucy.debdiff |
|
2013-11-08 18:23:50 |
Marc Deslauriers |
nominated for series |
|
Ubuntu Quantal |
|
2013-11-08 18:23:50 |
Marc Deslauriers |
bug task added |
|
bip (Ubuntu Quantal) |
|
2013-11-08 18:23:50 |
Marc Deslauriers |
nominated for series |
|
Ubuntu Raring |
|
2013-11-08 18:23:50 |
Marc Deslauriers |
bug task added |
|
bip (Ubuntu Raring) |
|
2013-11-08 18:23:50 |
Marc Deslauriers |
nominated for series |
|
Ubuntu Saucy |
|
2013-11-08 18:23:50 |
Marc Deslauriers |
bug task added |
|
bip (Ubuntu Saucy) |
|
2013-11-08 18:23:50 |
Marc Deslauriers |
nominated for series |
|
Ubuntu Trusty |
|
2013-11-08 18:23:50 |
Marc Deslauriers |
bug task added |
|
bip (Ubuntu Trusty) |
|
2013-11-08 18:24:17 |
Marc Deslauriers |
bip (Ubuntu Quantal): status |
New |
Confirmed |
|
2013-11-08 18:24:19 |
Marc Deslauriers |
bip (Ubuntu Raring): status |
New |
Confirmed |
|
2013-11-08 18:24:24 |
Marc Deslauriers |
bip (Ubuntu Saucy): status |
New |
Confirmed |
|
2013-11-08 18:24:26 |
Marc Deslauriers |
bip (Ubuntu Precise): status |
Fix Committed |
Confirmed |
|
2013-11-08 20:08:09 |
Jamie Strandboge |
cve linked |
|
2013-4550 |
|
2013-11-08 20:10:16 |
Launchpad Janitor |
bip (Ubuntu Precise): status |
Confirmed |
Fix Released |
|
2013-11-08 20:10:21 |
Launchpad Janitor |
bip (Ubuntu Raring): status |
Confirmed |
Fix Released |
|
2013-11-08 20:15:22 |
Launchpad Janitor |
bip (Ubuntu Saucy): status |
Confirmed |
Fix Released |
|
2013-11-08 20:15:26 |
Launchpad Janitor |
bip (Ubuntu Quantal): status |
Confirmed |
Fix Released |
|
2013-11-08 20:33:09 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/precise-security/bip |
|
2013-11-08 20:33:19 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/quantal/bip/quantal-security |
|
2013-11-08 20:33:32 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/raring/bip/raring-security |
|
2013-11-08 20:33:46 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/saucy/bip/saucy-security |
|
2014-11-03 20:47:37 |
Mathew Hodson |
branch unlinked |
lp:ubuntu/precise-proposed/bip |
|
|
2014-11-03 20:48:02 |
Mathew Hodson |
tags |
amd64 apport-bug precise verification-needed |
amd64 apport-bug precise |
|
2015-10-27 20:35:38 |
Dave Chiluk |
tags |
amd64 apport-bug precise |
amd64 apport-bug precise verification-done |
|