Your message dated Mon, 23 Dec 2024 09:19:03 +0000
with message-id <[email protected]>
and subject line Bug#1090387: fixed in fastnetmon 1.2.8-1
has caused the Debian Bug report #1090387,
regarding fastnetmon: CVE-2024-56073
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1090387: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1090387
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: fastnetmon
Version: 1.2.7-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for fastnetmon.
CVE-2024-56073[0]:
| An issue was discovered in FastNetMon Community Edition through
| 1.2.7. Zero-length templates for Netflow v9 allow remote attackers
| to cause a denial of service (divide-by-zero error and application
| crash).
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-56073
https://www.cve.org/CVERecord?id=CVE-2024-56073
[1]
https://github.com/pavel-odintsov/fastnetmon/commit/a36718525e08ad0f2a809363001bf105efc5fe1c
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: fastnetmon
Source-Version: 1.2.8-1
Done: Patrick Matthäi <[email protected]>
We believe that the bug you reported is fixed in the latest version of
fastnetmon, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Patrick Matthäi <[email protected]> (supplier of updated fastnetmon package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 23 Dec 2024 09:51:10 +0100
Source: fastnetmon
Architecture: source
Version: 1.2.8-1
Distribution: unstable
Urgency: high
Maintainer: Patrick Matthäi <[email protected]>
Changed-By: Patrick Matthäi <[email protected]>
Closes: 1090387 1090388
Changes:
fastnetmon (1.2.8-1) unstable; urgency=high
.
* New upstream release.
- Fixes CVE-2024-56073: Zero-length templates for Netflow v9 allow remote
attackers to cause a denial of service (divide-by-zero error and
application crash).
Closes: #1090387
- Fixes CVE-2024-56072: The sFlow v5 plugin allows remote attackers to
cause
a denial of service (application crash) via a crafted packet that
specifies many sFlow samples.
Closes: #1090388
* Use pkgconf build dependency.
* Add patch 01-spelling-error.
* Adjust lintian overrides.
Checksums-Sha1:
10d7f9c272b9d21072ebb08eb21a98926652058a 2306 fastnetmon_1.2.8-1.dsc
8b831fb68f206523767330c3809feebf59cd3b5e 1476794 fastnetmon_1.2.8.orig.tar.gz
af25fb6ca2e7f77a5b1dc0dda1f5a93ad9917fd8 5308 fastnetmon_1.2.8-1.debian.tar.xz
90934848c327dbf632090ebfccf8298590880196 7183
fastnetmon_1.2.8-1_source.buildinfo
Checksums-Sha256:
a9af16a54f8ad0d7c45bd09870db0ddb581fc953681a787055693a5bebc948db 2306
fastnetmon_1.2.8-1.dsc
d16901b00963f395241c818d02ad2751f14e33fd32ed3cb3011641ab680e0d01 1476794
fastnetmon_1.2.8.orig.tar.gz
54c1c26c6624e92a4dd669bfd4a4d0b7111c16ffd0a88382db609b8cc41fd5fd 5308
fastnetmon_1.2.8-1.debian.tar.xz
7d0c8d76f3b231073eb26c769e47fde30efb9fe81a15a7baf123432004eebf44 7183
fastnetmon_1.2.8-1_source.buildinfo
Files:
65f18c85261e617af6e7f89b946f4289 2306 net optional fastnetmon_1.2.8-1.dsc
93fc9e0105e8b26954b8b2c0cc06cf68 1476794 net optional
fastnetmon_1.2.8.orig.tar.gz
5a6b21ba14f0c405b3f8c25e7b4a379f 5308 net optional
fastnetmon_1.2.8-1.debian.tar.xz
ef018966a9e59c1c95c806f45f89eaf0 7183 net optional
fastnetmon_1.2.8-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAmdpJ24ACgkQEtmwSpDL
2OT8mg//VTyEdM7+oaX1SoXJ0yNIfqz+SFcrToAQKKL8aVPj+S4wxlwVllcAXdWW
VdZA21aQ6jslhkmnpURDV5t6Kb42n+D+SmFU/vXlE6FvOrmfxLUgiLYxjndST6D4
KQ7MW4kejD3eA2d4Dj5oicuZ5259AFGyxQ9uHxlzkUeET4BJnrKPOmkKVUGFB4RQ
t47fa8As2lCjtCdNiAVkLvrfVw/C/T8SeV2m8Xc61YwaVHSveMphliOuUJvilXlS
r4bbq5T9+46Q8PqsbiwI4OPRzaWA4MBaWesrB+gpPV0k4PINIPTa4kUPrcKXZCNF
as6NGybvGQPiwXhFdmBXwukDWmtFFR1Zytkxt9pVnumIpCEsWCg9/Tt/bqqMpxG9
oR4wDHaH/jOxKKNL7annxmeY8T7NC7HTCbLy6ye2igjdoPvfLqeEpvym2hhA4gDF
wCZqeZp+hahdeUt0y6ErOsF3EBRPwVQcmTd91NssBhTwsuYKfkXSdzUVzFpW0E0b
Kghrj+lFlhYReOhIr62e57B8cbiobPSwGumA1ApnCqOk3VWA/EP/wfMRG85VneHF
+ju9pE5xCZw275XMpS0KQnNsVQZbE6DFvvBnMUUzuf5GKpSH8Thbl5RmrFdlKaNR
Bi0gDCkarEyKCAoyi/JiThCcKFS3T6h7fA7kJPRmJOMm73f0mqc=
=3XP+
-----END PGP SIGNATURE-----
pgp9irVsAG8Hz.pgp
Description: PGP signature
--- End Message ---
