Your message dated Thu, 07 May 2026 10:04:34 +0000
with message-id <[email protected]>
and subject line Bug#1123741: fixed in igmpproxy 0.3-2
has caused the Debian Bug report #1123741,
regarding igmpproxy: CVE-2025-50681
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1123741: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123741
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: igmpproxy
Version: 0.3-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/pali/igmpproxy/issues/97
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for igmpproxy.
CVE-2025-50681[0]:
| igmpproxy 0.4 before commit 2b30c36 allows remote attackers to cause
| a denial of service (application crash) via a crafted IGMPv3
| membership report packet with a malicious source address. Due to
| insufficient validation in the `recv_igmp()` function in
| src/igmpproxy.c, an invalid group record type can trigger a NULL
| pointer dereference when logging the address using `inet_fmtsrc()`.
| This vulnerability can be exploited by sending malformed multicast
| traffic to a host running igmpproxy, leading to a crash. igmpproxy
| is used in various embedded networking environments and consumer-
| grade IoT devices (such as home routers and media gateways) to
| handle multicast traffic for IPTV and other streaming services.
| Affected devices that rely on unpatched versions of igmpproxy may be
| vulnerable to remote denial-of-service attacks across a LAN .
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-50681
https://www.cve.org/CVERecord?id=CVE-2025-50681
[1] https://github.com/pali/igmpproxy/issues/97
[2]
https://github.com/younix/igmpproxy/commit/2b30c36e6ab5b21defb76ec6458ab7687984484c
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: igmpproxy
Source-Version: 0.3-2
Done: Pali Rohár <[email protected]>
We believe that the bug you reported is fixed in the latest version of
igmpproxy, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Pali Rohár <[email protected]> (supplier of updated igmpproxy package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 28 Dec 2025 12:52:57 +0100
Source: igmpproxy
Architecture: source
Version: 0.3-2
Distribution: unstable
Urgency: medium
Maintainer: Pali Rohár <[email protected]>
Changed-By: Pali Rohár <[email protected]>
Closes: 1123741
Changes:
igmpproxy (0.3-2) unstable; urgency=medium
.
* CVE-2025-50681: sprintf buffer overflow in igmpPacketKind() (Closes:
#1123741)
Checksums-Sha1:
d1bfda37d3233e96597499a5efad189cc526d246 1713 igmpproxy_0.3-2.dsc
531e5b96ba1dbc2f8fa9c892fcf42883246fc4df 7064 igmpproxy_0.3-2.debian.tar.xz
Checksums-Sha256:
b2b9cd78a70fdc025f8f7a845ffc8edefa6963aa16abb9a098bc78b2d20c8355 1713
igmpproxy_0.3-2.dsc
ddfad1c1993d3d60c8a638375b907c04b94ebf279372d41ed65b8afe0141521c 7064
igmpproxy_0.3-2.debian.tar.xz
Files:
aa46bbffa9a618c79a3a7b22f37b5b16 1713 net optional igmpproxy_0.3-2.dsc
4f7175c7c65793773b2cb37cc2bfd7d4 7064 net optional
igmpproxy_0.3-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmn8X4UACgkQiNJCh6LY
mLERLhAAlcYnKhemFvncoBUwYFTOHzxXpB1/SHdui38hkZx3qQ3bSfPCbYSpHQMw
xF2iyMANOtMnKUJmDE9+zQ1FqgA68K6ayDViAmiHI7r1qTD6lMOypqkfW+w0qPpD
csGPxwWxNrJxJkzM1dIyngjnqK8NR5UUjPIm+F/IqlD6Z3LVuM9E5vBLayuizQgV
iKU1wffsJGtfnelo27Xn+CkrFI3fFMDt9Yb31W3CuTWvxMH6v/xXwDByJmETMdqN
CfKsbWQvuf78KLFsFOTJMo3/66MvPGeS7W6ySRmKCQ4TenfPsf1FCwM8vzuAFnjj
++db+Ti7MfHZDrwQkugyEakPI+R2FtOJiR4aqrtSEmbbSSdBuyJClnfTW839m8aQ
dWmO9o3gi9QwB1au2F0i2/K1O6bEhRhvz0LWbq2tn6RVZMOW20jReWXW0ibdHcyx
fAlwAGlQZNd2blrn038Km30SyI8M2PjgrXDbARLHgD7zp9d9i8bvQtOn81r6HM5F
YsVzEPhgHQyiSRqJx6s+8TQbQPe3bVfCWzyBYKKkRvt1TBAgcTykOdgngSiNDP8Z
707aJzm1qJAbdMxghnbSVzsq30axqHYkFh/2D1DkO1T4azzEUqsM/wl0KLqiSLbx
Q21hzBXzF+qKxSHdgF4kAfq2w9ZsVNuIcRHb9WEKPGJrQu1TBWM=
=81bR
-----END PGP SIGNATURE-----
pgpOXy2DJBKBB.pgp
Description: PGP signature
--- End Message ---
