Your message dated Wed, 25 Aug 2021 09:06:26 +0000
with message-id <[email protected]>
and subject line Bug#972890: fixed in tcpreplay 4.3.4-1
has caused the Debian Bug report #972890,
regarding tcpreplay: CVE-2020-24265
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
972890: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972890
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: tcpreplay
Version: 4.3.3-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/appneta/tcpreplay/issues/616
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for tcpreplay.
CVE-2020-24265[0]:
| An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap
| buffer overflow vulnerability in MemcmpInterceptorCommon() that can
| make tcpprep crash and cause a denial of service.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-24265
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24265
[1] https://github.com/appneta/tcpreplay/issues/616
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: tcpreplay
Source-Version: 4.3.4-1
Done: Christoph Biedl <[email protected]>
We believe that the bug you reported is fixed in the latest version of
tcpreplay, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christoph Biedl <[email protected]> (supplier of updated tcpreplay
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 25 Aug 2021 10:00:26 +0200
Source: tcpreplay
Architecture: source
Version: 4.3.4-1
Distribution: unstable
Urgency: medium
Maintainer: Christoph Biedl <[email protected]>
Changed-By: Christoph Biedl <[email protected]>
Closes: 972889 972890
Changes:
tcpreplay (4.3.4-1) unstable; urgency=medium
.
* New upstream version 4.3.4
Closes: #972889 [CVE-2020-24266]
Closes: #972890 [CVE-2020-24265]
Checksums-Sha1:
7036fa96b1ab7061321a3cc039d1052706b126df 2119 tcpreplay_4.3.4-1.dsc
c3b965369c4a17e0b0fd6b10658abf41938263cd 739280 tcpreplay_4.3.4.orig.tar.xz
ef92efc24e82cc7c0c1e1c09e37d5327dee77b15 516 tcpreplay_4.3.4.orig.tar.xz.asc
682aafcf371e6ba0fa21303a40c720d9b364fb0f 7992 tcpreplay_4.3.4-1.debian.tar.xz
a3083d49bbdbecdd7be4b48588edfa94a42c2023 6375
tcpreplay_4.3.4-1_powerpc.buildinfo
Checksums-Sha256:
20b698c3d25c302e6fc5a97146d490816fb205603125978275d1031490f25ee5 2119
tcpreplay_4.3.4-1.dsc
42c055106e55852c29d94bb6e1b9e001a0723349f2985eb893a47d384c85002b 739280
tcpreplay_4.3.4.orig.tar.xz
dc83e5461703c6a9a71a84c34325ee32a47d38e9a65eaf8e359dedf07523bd44 516
tcpreplay_4.3.4.orig.tar.xz.asc
c72bcd1c2793036415de7dfc07e708b6ef6c0ae9b1308d46086c4c9e8ba19345 7992
tcpreplay_4.3.4-1.debian.tar.xz
b8f4d1a5e404d7c9a773f530d6af3405130a408899785a8bd989de68e06c546e 6375
tcpreplay_4.3.4-1_powerpc.buildinfo
Files:
f928792fafb67b7ebebdf311e8b605c7 2119 net optional tcpreplay_4.3.4-1.dsc
d11673863c88a1f4607a9a8761c8e6e8 739280 net optional
tcpreplay_4.3.4.orig.tar.xz
0faaf342994c7620986bed45a726ecc4 516 net optional
tcpreplay_4.3.4.orig.tar.xz.asc
d488d9f3321c419829c9c8085da36a27 7992 net optional
tcpreplay_4.3.4-1.debian.tar.xz
c7f05cbfbaa88c9213f01f25ab451951 6375 net optional
tcpreplay_4.3.4-1_powerpc.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEWXMI+726A12MfJXdxCxY61kUkv0FAmEl/wAACgkQxCxY61kU
kv3sXA//VDLFze6ZNKxaoMujAffzLrnfhiUGaruUInoX28YsYoFb77eHTQRHsG7k
GJeht7d7uuV6cbzwJtE07Ib5E7w8MUGegvuBs5EY3qk6pncrielrtgFWk5j9oqur
uwqjd4mxVz2KuBYpiGFRH9S3M4zys5w1DsduuScFVaiUR89FgMCDigjFK0yq0i6z
6RW46wo5fph+d3XUOEQfP+xvxFbY3/0k0BLIIfu+USAeogGc/M/nJ31Zi4k0qANC
+M1NGpgJHLQv7UQORkqeFeFxUflw2WlF00YXpEeoLF/FRFRqwF6AykP5T0PCxzw/
PkjqRjFN2fFwY/kouk1GTaCFXfoCEKyYTp6zj3Z382KLZxDsCE73BoVtCtxopB+Z
lNPhMwtYgKu8qgJzLKIlHZKKj+Cfo++z5/RPMsCKyHx7+e+KBy6y1BnwX2g28U+X
0VXB175iUR+RrEZ7BqZkde3QcJ4YqoxtrL65RK07K3Q0L0YP+ukzXON5hyXQTH/T
e84EGcxj+6pF9aOmH2cD77YYpf1u4WtV6AIsXuKtaGH5O0ghBK+Hvy7KycM+1tay
+tGbKxILbe6xD3HCXSw25hZsMGysU7eewz8OoIvfYh78JJJnkZatzWSZ0GWz11jV
VskcuUX7WhJiGf2jC1hedQTjBsoVK4Izr2CUYhTTiDl+n1SHeLo=
=4EEt
-----END PGP SIGNATURE-----
--- End Message ---
