Your message dated Fri, 01 Jan 2021 21:03:20 +0000
with message-id <e1kvrzw-000ier...@fasolo.debian.org>
and subject line Bug#970066: fixed in atftp 0.7.git20120829-3.2
has caused the Debian Bug report #970066,
regarding atftp: CVE-2020-6097
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
970066: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970066
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: atftp
Version: 0.7.git20120829-3.1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for atftp.
CVE-2020-6097[0]:
| An exploitable denial of service vulnerability exists in the atftpd
| daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially
| crafted sequence of RRQ-Multicast requests trigger an assert() call
| resulting in denial-of-service. An attacker can send a sequence of
| malicious packets to trigger this vulnerability.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-6097
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6097
[1] https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: atftp
Source-Version: 0.7.git20120829-3.2
Done: Salvatore Bonaccorso <car...@debian.org>
We believe that the bug you reported is fixed in the latest version of
atftp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 970...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated atftp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 27 Dec 2020 21:28:40 +0100
Source: atftp
Architecture: source
Version: 0.7.git20120829-3.2
Distribution: unstable
Urgency: medium
Maintainer: Ludovic Drolez <ldro...@debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 970066
Changes:
atftp (0.7.git20120829-3.2) unstable; urgency=medium
.
* Non-maintainer upload.
* Fix for DoS issue CVE-2020-6097 (Closes: #970066)
Checksums-Sha1:
5e9dc11e0cb90da13b3dcf58b63b3743c7a34a2e 1955 atftp_0.7.git20120829-3.2.dsc
f394a7342acf5904e9882d119560e2c7e0c94dde 37840
atftp_0.7.git20120829-3.2.diff.gz
Checksums-Sha256:
42457b62d8e9279d0ca119e33fb7f665fe37b407b3bcd4d3d997c46781f596e4 1955
atftp_0.7.git20120829-3.2.dsc
0971c5f6eb65d01609f48aa89909e42aee252f342dcffcf77976cadbcbbbe84b 37840
atftp_0.7.git20120829-3.2.diff.gz
Files:
0cf0a9000702deebb4480845a21d7a22 1955 net extra atftp_0.7.git20120829-3.2.dsc
d91412c62f86eeaa4a7b378a1347952c 37840 net extra
atftp_0.7.git20120829-3.2.diff.gz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl/o8ANfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89Eq9MQAI50FNXDh5qDKy2OHrUs/0y9kKpSbVMa
QwS1EII7EKpJOPowUwREOrLP6io270WRnEjWDIQq+YIrxtgQZ/5NJSCjMchOuS+A
QzxUoDz2tx+ve6SpJwrahQcaIZNLZYYXqE94Q4jBmeWaKWQXoxyHt//Dfu5GLra0
UmjV5nZVgfSfUMRkFE6MAIKZE9eAbVqA8X853NBlrpEaxQyWbTFQCiBo/T5QltMX
9OTMlD9uocSjy6lTXJErxEEK3skNb/wsEugYiq9h6lVZofjKzBTt1/g4+8GtC7LP
IlXXLxb+y41+1yyyT9xvIggweZeZQWC64JsQfAubZRAAGlJ9HR7rVPMhbAVZgbnM
rA1NR9gi5vqe5Vv4dtsxZpG9N7E3V/CJVErDFdkYhCGPfoKjs9OX3IK+W1BwyWbU
U1DDQbOZQSfwjWj3L2yUugF0Jqa40dAOp7xc287B5FJLhDU4r6wouYRql88J0Oqu
Lxhis31Fnqn/K8iIwA2RunBCu11FFAATEvZg1XZbek+kY7bjU/U2k+PNGeXTDQ5V
xq5RL23do0v9300FhKr4P+sCyeMv+g/LCkCUjw2SyNbcSgnBopyl3wM6vwiWkOe2
5oHJ5MWhkz1GgwaVPWed71/seShHiQmoc1CcUPb8TbPp7LL1FU7ImK1LqR/3ecKR
bF6/W9GKiSSl
=HpKI
-----END PGP SIGNATURE-----
--- End Message ---
