[Sync request] Sync nas (1.8-4) from Debian unstable (main)

Bug #96723 reported by Michael Bienia on 2007-03-26
256
Affects Status Importance Assigned to Milestone
nas (Ubuntu)
Low
Unassigned
Breezy
Low
Kees Cook
Dapper
Low
Kees Cook
Edgy
Low
Kees Cook
Feisty
Low
Unassigned

Bug Description

Binary package hint: nas

Please sync nas (1.8-4) from Debian unstable (main).

The Ubuntu package has no changes.

The package builds cleanly in a feisty pbuilder.

Thanks.

Changelog:

nas (1.8-4) unstable; urgency=high

   * High-urgency upload to fix multiple security holes (CVE-2007-1543,
     CVE-2007-1544, CVE-2007-1545, CVE-2007-1546 and CVE-2007-1547):
    + accept_att_local buffer overflow through USL connection
    + server termination through unexistent ID in AddResource
    + bcopy crash caused by integer overflow in ProcAuWriteElement
    + invalid memory pointer caused by big num_actions in
      ProcAuSetElements
    + another invalid memory pointer caused by big num_actions in
      ProcAuSetElements
    + invalid memory pointer in compileInputs
    + exploits bug 3 in read mode (requires something playing on
      the server)
    + NULL pointer caused by too much connections
    + Closes: #416038

 -- Steve McIntyre <email address hidden> Mon, 26 Mar 2007 00:29:10 +0100

nas (1.8-3) unstable; urgency=medium

  * Added Portuguese debconf translation, thanks to Miguel Figueiredo.
    Closes: #408181.
  * Added Spanish debconf translation, thanks to Steve Lord Flaubert.
    Closes: #409805.

 -- Steve McIntyre <email address hidden> Thu, 8 Feb 2007 00:23:46 +0000

Kees Cook (kees) wrote :

I'm going to be doing a full security update for nas on breezy through edgy, and feisty will need it too. Debian's changes are entirely the security fix AFAICT.

Changed in nas:
status: Unconfirmed → Confirmed
assignee: nobody → keescook
importance: Undecided → Medium
status: Unconfirmed → In Progress
assignee: nobody → keescook
status: Unconfirmed → In Progress
assignee: nobody → keescook
status: Unconfirmed → In Progress
Kees Cook (kees) on 2007-03-27
Changed in nas:
importance: Undecided → Medium
importance: Undecided → Medium
importance: Medium → Low
importance: Medium → Low
importance: Medium → Low
Kees Cook (kees) wrote :

Published in USN-446-1.

Changed in nas:
status: In Progress → Fix Released
status: In Progress → Fix Released
status: In Progress → Fix Released
importance: Undecided → Low
Sebastien Bacher (seb128) wrote :

[Updating] nas (1.8-2 [Ubuntu] < 1.8-4 [Debian])
 * Trying to add nas...
  - <nas_1.8.orig.tar.gz: already in distro - downloading from librarian>
  - <nas_1.8-4.diff.gz: downloading from http://ftp.debian.org/debian/>
  - <nas_1.8-4.dsc: downloading from http://ftp.debian.org/debian/>
I: nas [main] -> libaudio2_1.8-2 [main].
I: nas [main] -> nas-bin_1.8-2 [universe].
I: nas [main] -> nas_1.8-2 [universe].
I: nas [main] -> nas-doc_1.8-2 [main].
I: nas [main] -> libaudio-dev_1.8-2 [main].

Changed in nas:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers