Your message dated Wed, 07 Feb 2024 02:36:12 +0000
with message-id <[email protected]>
and subject line Bug#1062663: fixed in rust-snow 0.9.6-1
has caused the Debian Bug report #1062663,
regarding rust-snow: Unauthenticated Nonce Increment in snow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1062663: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062663
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: rust-snow
Severity: important
X-Debbugs-Cc: [email protected]
Dear Maintainer,
There was a logic bug where unauthenticated payloads could still cause
a nonce increment in snow's internal state. For an attacker with the
ability to inject packets into the channel Noise is talking over, this
allows a denial-of-service type attack which could prevent
communication as it causes the sending and receiving side to be
expecting different nonce values than would arrive.
Note that this only affects those who are using the stateful
TransportState, not those using StatelessTransportState.
Patches
This has been patched in version 0.9.5, and all users are recommended to update.
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.6.11-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=locale: Cannot set
LC_ALL to default locale: No such file or directory
UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: rust-snow
Source-Version: 0.9.6-1
Done: Jonas Smedegaard <[email protected]>
We believe that the bug you reported is fixed in the latest version of
rust-snow, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonas Smedegaard <[email protected]> (supplier of updated rust-snow package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 07 Feb 2024 01:28:33 +0100
Source: rust-snow
Architecture: source
Version: 0.9.6-1
Distribution: unstable
Urgency: medium
Maintainer: Jonas Smedegaard <[email protected]>
Changed-By: Jonas Smedegaard <[email protected]>
Closes: 1062663
Changes:
rust-snow (0.9.6-1) unstable; urgency=medium
.
[ upstream ]
* new release(s)
+ stateful nonce desync fix;
closes: bug#1062663, thanks to Alexander Kjäll
.
[ Jonas Smedegaard ]
* bump project versions in virtual packages and autopkgtests
* update and unfuzz patches
* update TODOs
* update copyright info: update coverage
* drop patch 1001;
expand patch 2001;
revive patch 2002;
stop (build-)depend on packages
for crates aes-gcm blake2 chacha20poly1305 curve25519-dalek sha2;
stop build- and autopkgtest-depend
on package for crate x25519-dalek;
stop provide and autopkgtest features
default default-resolver ring-accelerated test-vectors xchachapoly
Checksums-Sha1:
a6c5d5f9f2ef12db4bf63fadeedec46e925223fe 2914 rust-snow_0.9.6-1.dsc
50ec2281351980ec04a19cc6360c7c8ffcb02e57 612345 rust-snow_0.9.6.orig.tar.gz
30ec3cd39e0f4aa7522a98b0f87f75eff81643f7 13776 rust-snow_0.9.6-1.debian.tar.xz
122c3e9a27142d99d4c639cb595ecaadaead326f 13349
rust-snow_0.9.6-1_amd64.buildinfo
Checksums-Sha256:
11e18c6405266b58f8755bb7e66cbe5d2af97d45592f343e4f8d084b4074aeb1 2914
rust-snow_0.9.6-1.dsc
6fbcbdb740b6ccc4bc4a4e799388eabd852554f93affc02604400caf5b45114a 612345
rust-snow_0.9.6.orig.tar.gz
5dbdd151fa746d54fdb2de5d40a629a51c442c3a4af1dbab057ab1bc46193df1 13776
rust-snow_0.9.6-1.debian.tar.xz
d85d971938d8f6b4147e0683e57e9b9ac20ea5faefdb96b3f03de7e20815bd36 13349
rust-snow_0.9.6-1_amd64.buildinfo
Files:
c46f4b59f6f8b5dd5efc4d2a0e2d07ec 2914 rust optional rust-snow_0.9.6-1.dsc
6c12116a3e4b6ff846fa9219b37ac6ad 612345 rust optional
rust-snow_0.9.6.orig.tar.gz
78533b181f6e77055d41e43bd627f839 13776 rust optional
rust-snow_0.9.6-1.debian.tar.xz
3b7beade0033048dd7d508299f94e45f 13349 rust optional
rust-snow_0.9.6-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmXC0o4ACgkQLHwxRsGg
ASHSdg/8DUU+o1ebno+YFeD5nEw6HWBP10UOIb4UziOgY9pkcl55AQEq9ie/235x
RuTZq4HWwDsBSN0lw5+evcp8Ihdox6ZHa9Jln+WqibcWhhoLzl52mxg9s96DtHDH
0yVRLLrXtlUhZP1/G/HdNwGtUH5RUaq3mCl89Rxqs0iLQl8rsTKIAJRDwTIYNriL
b3OVZi9A+bXn8nEbP0StekH3p16enLEueAE+E7yIdmuHCMgzttq8DDycuyPEGRFk
JSOMn75hMVL4M8rNUS+k79V7dKgXeswuMsA0sxTyjlVsmmJN/q3KWdmByqmLZMJm
DN/KyyzFV8DHCtigmxOUv9cVpMuciIkWou5nBmFbuhG5opO3zB2Wztccuqc//Q39
wQOlpDeSNVw4fYAb++2dNVtcMrJTggqeysm+02KmF+Ry6LtpVS1DVQxY1KQGCyiI
vzgdrhIHAgreC7n+DfVpHRFOqlKskVTVXnXAGwcf0CJsmcAg8Vk6cIU0XmqeAITn
dWFzhmgGIiEYzmsKxjjE6j89pIyFEv028PNIZ34dVVgh1Gc489CgxOZIXwMiU5ml
PxmFAaQVlLjV4DKBqYWR0ZuaUOCqTL/nepCshImWpIg8Hch9LwXDQZjDHiU91BSF
uKhFEpnedT5oSsbrDWh8aQgQj2CNBY3LPfpTSQ9mYMb3a1qNEgU=
=a42/
-----END PGP SIGNATURE-----
--- End Message ---
