Your message dated Sun, 13 Aug 2017 17:50:11 +0000
with message-id <[email protected]>
and subject line Bug#589415: fixed in libnids 1.24-1
has caused the Debian Bug report #589415,
regarding libnids: New version 1.24 released (security & enhancements)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
589415: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=589415
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libnids
Version: 1.23
Severity: important
Tags: patch
A new version of libnids has been released, v1.24. This fixes a security
issue, reported in bug 576281. This was fixed but only in unstable.
A patch against the current libnids is available at
http://edeca.net/temp/libnids_1.24-1.diff.gz - this applies cleanly to the
current source which
is available from
http://sourceforge.net/projects/libnids/files/libnids/1.24/libnids-1.24.tar.gz/download
I have signed the changelog as "A. N. Other" as I am not a Debian maintainer.
All previous Debian changes that are not obsoleted by v1.24 are
included.
I have reduced optimization from -O2 to -O1 as testing using Debian lenny in a
VM shows that -O2 breaks tests on AMD64 (fine on 32-bit). Tests
included dsniff, programs from the samples/ directory in the original build and
the Perl module Net::LibNIDS (which I maintain). Apart from this,
the package works fine on AMD64 and x86.
I feel it is important that the security issue is fixed in lenny also. The
newer version also incorporates a number of fixes for bugs which cause
the package to segfault in normal use. My testing with the packages I have
created seem to suggest they are all fixed by v1.24.
You will see from bug 574042 that I have tried to contact the maintainer and
been unsuccessful.
-- System Information:
Debian Release: 5.0.5
APT prefers stable
APT policy: (700, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32.15-kvm-i386-20100622 (SMP w/1 CPU core)
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash
--- End Message ---
--- Begin Message ---
Source: libnids
Source-Version: 1.24-1
We believe that the bug you reported is fixed in the latest version of
libnids, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Marcos Fouces <[email protected]> (supplier of updated libnids package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 27 Mar 2017 23:15:13 +0200
Source: libnids
Binary: libnids-dev libnids1.21
Architecture: source
Version: 1.24-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Security Tools Packaging Team
<[email protected]>
Changed-By: Marcos Fouces <[email protected]>
Description:
libnids-dev - IP defragmentation TCP segment reassembly library (development)
libnids1.21 - IP defragmentation TCP segment reassembly library
Closes: 589415
Changes:
libnids (1.24-1) unstable; urgency=medium
.
* New upstream version 1.24 (Closes: #589415)
* d/copyright:
+ Make dep5 compliant
+ Update copyright holders
* d/rules
+ Revamp using dh sintax.
+ Add hardening flags.
* d/control
+ Delete duplicate field.
+ Bump to dh 10 compat level.
+ Cosmetic changes to description.
+ Delete explicit version of libnet1-dev.
It is present since Wheezy release.
+ Delete build-dependency on pkg-config
+ Bump to Standards-Version: 4.0.0
* Add multiarch paths
* Adjust files list on d/libnids-dev-docs.
* Polish, refresh, rename and fix dep3 issues in patch files.
* d/watch
+ Check gpg signature with uscan.
+ Add signing-key.asc file for watch file use.
* Add d/libnids.1.21.symbols file
.
[ Lukas Schwaighofer ]
* update config.{sub,guess} by enabling the dh autotool-dev sequence
* add CFLAGS using DEB_CFLAGS_MAINT_APPEND
* improve patches
+ patch Makefile.in to apply CPPFLAGS and LDFLAGS (needed for hardening)
+ introduce separate patch to keep soname
* add -Wl,--as-needed to LDFLAGS to avoid unnecessary linking
* drop modifications of the printall.c sample code
* mark binary packages as Multi-Arch: same
Checksums-Sha1:
ca9f3366e113986603c55fc9522b812075cd079c 2003 libnids_1.24-1.dsc
9a421df05cefdc4f5f7db95efc001b3c2b5249ce 151021 libnids_1.24.orig.tar.gz
d40bbab77f97b5025b08bc8f73cfff774f9ad525 8044 libnids_1.24-1.debian.tar.xz
Checksums-Sha256:
92d586190d8943a7463035d69498332f30424ba486b3d95b6130932025e3699c 2003
libnids_1.24-1.dsc
314b4793e0902fbf1fdb7fb659af37a3c1306ed1aad5d1c84de6c931b351d359 151021
libnids_1.24.orig.tar.gz
a4e35c65915889a86a2eb75966a37883d6024527d918a38f0ece9197820b0b62 8044
libnids_1.24-1.debian.tar.xz
Files:
d3dea6df5175656eb0a626d43f5820d6 2003 libdevel optional libnids_1.24-1.dsc
72d37c79c85615ffe158aa524d649610 151021 libdevel optional
libnids_1.24.orig.tar.gz
0024c64f99680c2203094e0f030fde24 8044 libdevel optional
libnids_1.24-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJZfLx+AAoJEPNPCXROn13ZRbMP+gN4oq4ExYOBxoIIcwYfztbV
lggmzdCq0jeftJF6BILYwDCkSNFXhu+GsZJtiFEJdxe5y6dLJ+okcpwU6RgRHy8v
YYm+aJ8qYhJzXUzlPj7Jx9naDXNEBmdR+DlwdzT4I2EnDVctxQJWGJpn7Dl9lVw9
lLiCrrBOZPEIkHdsaM3zcaaRoME5i7kixFWg+K448ESzX/cTjwNoZjAq/XMaeTV5
GwOE/dCkazSdMFumHTcViSs8oPoOqnlW7Fi1wR5CJdV1LGWTgrMz0xU9xEvkeHo8
K5rph+PlHTjJSXv3Q4f/QFnwZxD33uuTFw7f9yaQoKYjFU+vJTPuBC5bJXuHjt+j
1S93bwnVSZ+oG27Fk9C1KIAnC3yDARXr+n3yQlPFLXAUElhIST2gRysCUXnzyKG2
pUwZfWsIjqa0VA7oIInUanDFHdvsDWUuN3j7tnQGAIxLbGWA8lfmOzdOzAQSisLt
/zHnUROBfgq4Th4J0FTNP3LBhpkrAnv2G4WqqRBuRcmRD89XOxaeazJ3cNN+5uDe
iLvUgV55W1fezQJccR4DdKfehbfHpi1ouWhCMoXULNQzdS3xqGZyn5C8bzoIDCzl
IIiej8eiPBTupLGgTCnKgPfN5yHM1Lfv9FxqmpKjeuYn5HnJisnQOACcBuO04xsc
Cw22tTA7D+89kzu18il9
=cS6Z
-----END PGP SIGNATURE-----
--- End Message ---
