Bug#856649: marked as done (suricata: CVE-2017-7177: IPv4 defrag evasion issue)

Mon, 10 Apr 2023 21:57:16 -0700 

Your message dated Tue, 11 Apr 2023 06:55:07 +0200
with message-id <[email protected]>
and subject line Re: Bug#856649: suricata: IPv4 defrag evasion issue
has caused the Debian Bug report #856649,
regarding suricata: CVE-2017-7177: IPv4 defrag evasion issue
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
856649: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856649
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: suricata
Version: 2.0.7-2
Severity: important
Tags: patch upstream security
Forwarded: https://redmine.openinfosecfoundation.org/issues/2019

Details:

https://redmine.openinfosecfoundation.org/issues/2019
Fixed by:
https://github.com/inliniac/suricata/commit/4a04f814b15762eb446a5ead4d69d021512df6f8
(3.2.1)

No CVE assigned yet. Can you please update the bug once known.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: suricata
Source-Version: 3.2.1-1~exp1

Hi Sascha,

On Mon, Apr 10, 2023 at 11:11:12PM +0200, Sascha Steinbiss wrote:
> Hi Salvatore,
> 
> > > (re: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856649)
> > > 
> > > Can we just close this bug? This has been addressed for years, and I am 
> > > not
> > > sure we need to keep these open forever.
> > 
> > Can you pin point the upstream version where this was fixed?
> 
> Sure, you did so yourself in your original bug report from 2017 [1] :)
> It's upstream version 3.2.1, which is confirmed by the tags listed in the
> commit on GitHub and the target version of the fix in upstream's Redmine.
> That version was uploaded to unstable later in March 2017 [2].

Wow that is embarassing :-(. Yes let's close this bug. Metadata was
already tracking it correctly, but there is no point in keeping the
bug open.

Thanks for prodding again.

Regards,
Salvatore

--- End Message ---

Reply via email to