Your message dated Sat, 30 Jan 2021 21:47:07 +0000
with message-id <e1l5y5d-0002wg...@fasolo.debian.org>
and subject line Bug#970066: fixed in atftp 0.7.git20120829-3.2~deb10u1
has caused the Debian Bug report #970066,
regarding atftp: CVE-2020-6097
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
970066: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970066
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: atftp
Version: 0.7.git20120829-3.1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for atftp.
CVE-2020-6097[0]:
| An exploitable denial of service vulnerability exists in the atftpd
| daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially
| crafted sequence of RRQ-Multicast requests trigger an assert() call
| resulting in denial-of-service. An attacker can send a sequence of
| malicious packets to trigger this vulnerability.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-6097
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6097
[1] https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: atftp
Source-Version: 0.7.git20120829-3.2~deb10u1
Done: Salvatore Bonaccorso <car...@debian.org>
We believe that the bug you reported is fixed in the latest version of
atftp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 970...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated atftp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 24 Jan 2021 17:22:14 +0100
Source: atftp
Architecture: source
Version: 0.7.git20120829-3.2~deb10u1
Distribution: buster
Urgency: medium
Maintainer: Ludovic Drolez <ldro...@debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 970066
Changes:
atftp (0.7.git20120829-3.2~deb10u1) buster; urgency=medium
.
* Non-maintainer upload.
* Rebuild for buster.
.
atftp (0.7.git20120829-3.2) unstable; urgency=medium
.
* Non-maintainer upload.
* Fix for DoS issue CVE-2020-6097 (Closes: #970066)
Checksums-Sha1:
44016a76c8426ac2895d2af2c2192bd92106ed63 1987
atftp_0.7.git20120829-3.2~deb10u1.dsc
98d20e122ca46885dc2b51a4405c3f3f7ea90965 37882
atftp_0.7.git20120829-3.2~deb10u1.diff.gz
b88c039282c742ee6f98fb69834e44fffbc017d6 6864
atftp_0.7.git20120829-3.2~deb10u1_amd64.buildinfo
Checksums-Sha256:
7118bc54843512e5e861c543ecc4f3eed331e9a31c416f32d44814f06083bd47 1987
atftp_0.7.git20120829-3.2~deb10u1.dsc
c2f613bfe28b7cf8ed041156dae4bf7048e85d99ab606dedb64bbf456ab19429 37882
atftp_0.7.git20120829-3.2~deb10u1.diff.gz
bfd233ab47f23b3021211e9c52ec22a1a5aeb1373d98ae788b6e7420b2b65c8d 6864
atftp_0.7.git20120829-3.2~deb10u1_amd64.buildinfo
Files:
fabaebbd9253b374f0db2d8b2d48a22c 1987 net extra
atftp_0.7.git20120829-3.2~deb10u1.dsc
061112053e3281ce5bd7b55f3f41c9e4 37882 net extra
atftp_0.7.git20120829-3.2~deb10u1.diff.gz
ef8eb9f99a382d2762c22c35438aeba6 6864 net extra
atftp_0.7.git20120829-3.2~deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmANoDNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EgEwP+gMv1qaQlbPqTTiEPocRlka+IitVhYZ+
UAajBahlGaQ99Rxqd61HzKOD9ZGIvg9dnbGlRTIF70EaQH6D0049Cyp31D3+/ca7
hDZTH4Yq8YM4m/AjZeNo6bwPmPdQpwRzLGhvo5PPJI8oKA6YOq9KL/ubqb4t+NK9
O4EbHfGHYiBViBZfG6V8bN8OYuxPDBWEOMdBbh2quq/NGoxD0ERMLHfcRrjp56AE
wQJ1PskmXKEBIa+Ceco+6tNCNoR9BTJ1q9rQH5rwkLiRGPPpAtwKU+sb66fwDGum
gFt4AcXvCfwNuHeClQcxpIBxsmaLXE0LhhKG90igasMnBLpp9i8WZ0K9H0G9A5ka
1YrKUaB0bix7OKsZZEeTgGjPNNfMisytATbKGQbHTTGwFQNadKRn/6DvNkr9ZktB
JkmtPq8Nux8QSjrrA0DIm4CuhybBvM6n6ZteXq4WcQPdkfakrzdi05F3OyvVPl8v
q0RFxh+oB8t0cF3cMBfdq9xsgUNShKgnzvXJptZ/ThPst+dmoNDK8vFJ1Qo+UhIc
30UxeX99H+DMMymr88KdwrE6ffznxBO6fo2DFOnVgq6BtyDlGG4iEnho84gyxeSO
tozbqLYgdNElZcjj5447DTbhClU38drR8zxjFddjhA6yt2D/JLkhjCYXrPPkJHMc
mEG2Q/WwnYtk
=P0+Z
-----END PGP SIGNATURE-----
--- End Message ---
