Your message dated Fri, 24 Jan 2020 20:43:07 +0000
with message-id <e1iv5nh-000dxc...@fasolo.debian.org>
and subject line Bug#949085: fixed in slirp 1:1.0.17-10
has caused the Debian Bug report #949085,
regarding slirp: CVE-2020-7039
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
949085: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949085
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libslirp
Version: 4.1.0-1
Severity: grave
Tags: security upstream
Justification: user security hole
Hi,
The following vulnerability was published for libslirp.
CVE-2020-7039[0]:
| OOB buffer access while emulating tcp protocols in tcp_emu()
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-7039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7039
[1] https://www.openwall.com/lists/oss-security/2020/01/16/2
[2]
https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289
https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9
https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: slirp
Source-Version: 1:1.0.17-10
We believe that the bug you reported is fixed in the latest version of
slirp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 949...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Roberto Lumbreras <ro...@debian.org> (supplier of updated slirp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 24 Jan 2020 20:12:54 +0100
Source: slirp
Architecture: source
Version: 1:1.0.17-10
Distribution: unstable
Urgency: high
Maintainer: Roberto Lumbreras <ro...@debian.org>
Changed-By: Roberto Lumbreras <ro...@debian.org>
Closes: 949085
Changes:
slirp (1:1.0.17-10) unstable; urgency=high
.
* Fix for CVE-2020-7039 (Closes: #949085)
* Make it compile on GNU Hurd, really.
Checksums-Sha1:
318e92945defe83b52dfb43ce2d7f82c65002b9f 1737 slirp_1.0.17-10.dsc
95b1ea5be5291a86d46a8948cb644d8db0acea04 16148 slirp_1.0.17-10.debian.tar.xz
4c080c25ce38d9ec169645231f9133456760ac43 6443 slirp_1.0.17-10_amd64.buildinfo
Checksums-Sha256:
3d468c649b60472b3bbebffc97b880759a0dec6bcd48cf2686ef5f990d11914a 1737
slirp_1.0.17-10.dsc
b48acd79fed656e67890318014ac9867b741c4927fe32be3bf4bcd7997046abc 16148
slirp_1.0.17-10.debian.tar.xz
b8cfb2d6cfe25ea4f918327721ab6a7d2f17f217a478253428312018026c1ed7 6443
slirp_1.0.17-10_amd64.buildinfo
Files:
4c898e71f5da127e1e72390fbdc4f293 1737 net optional slirp_1.0.17-10.dsc
61b1c842e6caa11544ae1ce4aa986cc8 16148 net optional
slirp_1.0.17-10.debian.tar.xz
9f35d208b4a857047cd2e229e36b4f79 6443 net optional
slirp_1.0.17-10_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCAAvFiEE0P8TF3YtXzyApcdAtn7iEBIpC00FAl4rSxoRHHJvdmVyQGRl
Ymlhbi5vcmcACgkQtn7iEBIpC01+WxAAizBsiaf4BEUD6/0kHscokfdWeuc8uuhQ
2H6Xoub8MURq5P0h17FIqFvuUFPJfNHFivXV/G0XkhY7l6IjcpV8xhuuF8r6v3Pw
U9q+b6JyNsbl6Htmbp3JkYYGeRaVpe/D30vmjVonFInGwk0my6IpgtlBZXqkazo1
5LNXFEPFdig14nKZGy7cuws2LNX4lQSZwl12c//OnFKK9hLz7qqM/Aj/5J7xeUVm
Z2gEa7n7fDkiJjGm/KDKx20r7fZQ73NvRF3Se06eP8xMyVkBIOUt9CHq61F/BkcI
azVML3mk01ZIZ/WG+RwdTGcmRY7cXJnowENU3jeP8UXjHLhI/8ZhtbVKc1FMOC5q
tSLJeZvNTCWJBtTMJiTOHvajYNp3dl4GliKErTjmcEmXgnvKUNM6u6jOi0aIuhtj
R1RyFDsI5dDy/UIQ3YKDUaOic+oICwZu78pxGTbbdaJc/ZpCX0+lUPm+VoJ/xmJy
BgtnnaiVuyIYq0Q21FJPmbPmsXkSz8uL+DtDYGJuX+uYuYHoCCmA1o6Y3o1I44Go
a69KnIx1JDRQ0vmfbWkTVGTyO6vsFKakUy8pnyaarmaFCQnBbuszgkx3hxupDsPq
1hyaO9k/bKxzkcYaZrnuCfiRrJ2u1BZQeBdGXSpYPoZTD6cNOYE7IjPr+/Y9jyIq
vEvMWcOwGc0=
=bddE
-----END PGP SIGNATURE-----
--- End Message ---
