Your message dated Sat, 30 Aug 2025 13:17:08 +0000
with message-id <[email protected]>
and subject line Bug#1070362: fixed in libcoap3 4.3.4-1.1+deb13u1
has caused the Debian Bug report #1070362,
regarding libcoap3: CVE-2024-31031
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1070362: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070362
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libcoap3
Version: 4.3.1-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/obgm/libcoap/issues/1351
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for libcoap3.
CVE-2024-31031[0]:
| An issue in `coap_pdu.c` in libcoap 4.3.4 allows attackers to cause
| undefined behavior via a sequence of messages leading to unsigned
| integer overflow.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-31031
https://www.cve.org/CVERecord?id=CVE-2024-31031
[1] https://github.com/obgm/libcoap/issues/1351
[2]
https://github.com/obgm/libcoap/commit/214665ac4b44b1b6a7e38d4d6907ee835a174928
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libcoap3
Source-Version: 4.3.4-1.1+deb13u1
Done: Thorsten Alteholz <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libcoap3, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thorsten Alteholz <[email protected]> (supplier of updated libcoap3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 27 Aug 2025 08:03:02 +0200
Source: libcoap3
Architecture: source
Version: 4.3.4-1.1+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian IoT Maintainers
<[email protected]>
Changed-By: Thorsten Alteholz <[email protected]>
Closes: 1061704 1070362
Changes:
libcoap3 (4.3.4-1.1+deb13u1) trixie; urgency=medium
.
* Non-maintainer upload by the LTS Team.
* CVE-2024-0962 (Closes: #1061704)
fix stacked-based buffer overflow
* CVE-2024-31031 (Closes: #1070362)
fix unsigned integer overflow
Checksums-Sha1:
80faec6aa8055b0ee138dac844ca20de8d6023cb 2418 libcoap3_4.3.4-1.1+deb13u1.dsc
b013aae51d438d6c79773a324dd6c66bc8fa8614 528071 libcoap3_4.3.4.orig.tar.bz2
85cab4d7e1792a0d9dcb697baa16cebe074087f9 7924
libcoap3_4.3.4-1.1+deb13u1.debian.tar.xz
3eccaf0bdb232e41ed68cf03e138d4f548b853fd 11033
libcoap3_4.3.4-1.1+deb13u1_amd64.buildinfo
Checksums-Sha256:
4b3b6073b3eaec8e8abdc0c88f592dad59ef38c144fe12097ef004726aa8de78 2418
libcoap3_4.3.4-1.1+deb13u1.dsc
a5abadd4b1e9a97c46197451326aa206c035362f0f15e7f4bb8846d7b8fcfb65 528071
libcoap3_4.3.4.orig.tar.bz2
c189918a9be8aca4a842180b60aae66fb95a20d38d68595cb06e6bf1e00e7121 7924
libcoap3_4.3.4-1.1+deb13u1.debian.tar.xz
ff3d384ca1469e3b6e9f3baf6b43610fb07d4ad29561734c8ac7f8a14c66fc4b 11033
libcoap3_4.3.4-1.1+deb13u1_amd64.buildinfo
Files:
fc0598e27f9f40829d0a8a6c4a0d2c11 2418 libs optional
libcoap3_4.3.4-1.1+deb13u1.dsc
69a0afa3a2af381a45af7ea379220468 528071 libs optional
libcoap3_4.3.4.orig.tar.bz2
5371424a72375c1e6490380ef8c2e6aa 7924 libs optional
libcoap3_4.3.4-1.1+deb13u1.debian.tar.xz
0802f2d022b278adf842574fb5887df5 11033 libs optional
libcoap3_4.3.4-1.1+deb13u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmiy3LVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR1rSD/wL4yxY0Atp4VpWMTgpUwX+zzjhoQzS
gwuPjvZbktVToKWhBLv2rHe9ApLVJ9eo5xBXfSAs10nFgF6EgClbNQLBTe6bhUMQ
aMIH6ltsEmfGE0TBWHMpD76zC4uZjNXs/i4xFmYK0yqBnfEO9haM3d261njdfLEq
CYAzXnNzW+c/wvxOx/d/G26tmRgLSYWSIKy8sv9JJZN0bf2TNe3xl+NqEfr08HsC
UU96YUU91kTQ0GYZhPb/SMQjy2WetBcaABZeEWqa8tp6BFdbsSVKWK+pCWe4EnGP
oz383DwmEPfMbS47xAf+Rlo5qtA4kBh9nhSDHuSIuD55Tw/k2VgL4waSwldE0aUg
xtseesIklOxFdPVurucwyjVIJWxWNeN0kk3FRmq/Nl6eYiIo006x3XGnIK6huzFP
bWgI/XJvNPN6jx6yXKMBHsl6LoJQyn1CB5lOgITUX06YlenswTaGvLnUQiE3TRTA
Zz/Ty8ePtG1SB/sdN5Qk8giU0J4IOe4Ff1mthZW8jI6k16eQXaQBRJvl89RBzFGs
fkEUiQRuPlV1Ir2C7ykAc5lUPkM2j3fyqrplGG2EvE44LN0/ZX4hTHGOGWIDo6rC
XCyKfB7cF3K81NnbAEcZZDz1IYMzEdxvmJlR/XJiVSkrUPVE/SKxWAZtv/oVXB+a
IKuaRX7Fy2hvlw==
=qhXF
-----END PGP SIGNATURE-----
pgp2futqpPFCj.pgp
Description: PGP signature
--- End Message ---
