Your message dated Mon, 29 May 2023 19:32:29 +0000 with message-id <e1q3ibv-006ou9...@fasolo.debian.org> and subject line Bug#1033752: fixed in sniproxy 0.6.0-2+deb11u1 has caused the Debian Bug report #1033752, regarding sniproxy: CVE-2023-25076 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1033752: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033752 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: sniproxy Version: 0.6.0-2 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for sniproxy. CVE-2023-25076[0]: | A buffer overflow vulnerability exists in the handling of wildcard | backend hosts of SNIProxy 0.6.0-2 and the master branch (commit: | 822bb80df9b7b345cc9eba55df74a07b498819ba). A specially crafted HTTP, | TLS or DTLS packet can lead to arbitrary code execution. An attacker | could send a malicious packet to trigger this vulnerability. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-25076 https://www.cve.org/CVERecord?id=CVE-2023-25076 [1] https://talosintelligence.com/vulnerability_reports/TALOS-2023-1731 [2] https://github.com/dlundquist/sniproxy/commit/f8d9a433fe22ab2fa15c00179048ab02ae23d583 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: sniproxy Source-Version: 0.6.0-2+deb11u1 Done: Thorsten Alteholz <deb...@alteholz.de> We believe that the bug you reported is fixed in the latest version of sniproxy, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1033...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thorsten Alteholz <deb...@alteholz.de> (supplier of updated sniproxy package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 29 Apr 2023 19:03:02 +0200 Source: sniproxy Architecture: source Version: 0.6.0-2+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Jan Dittberner <ja...@debian.org> Changed-By: Thorsten Alteholz <deb...@alteholz.de> Closes: 1033752 Changes: sniproxy (0.6.0-2+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2023-25076 (Closes: #1033752) fix buffer overflow while handling wildcard backend hosts Checksums-Sha1: d81905617e3a72442c5432e1722a82a401bbd3ba 2082 sniproxy_0.6.0-2+deb11u1.dsc 26ff187c46eb4f98f9f1731cd26f341383ea6454 78515 sniproxy_0.6.0.orig.tar.gz c1c82f4753c0b411b0efdb8e1f4c0e1935ad63e9 7360 sniproxy_0.6.0-2+deb11u1.debian.tar.xz 7efdb292214bde96a55cc9f535b50a489465f146 7293 sniproxy_0.6.0-2+deb11u1_amd64.buildinfo Checksums-Sha256: cf74b2dbd00c4f4d42f29b4cfa0397de103a0f0de455ce8a7b99db139c0aa0a8 2082 sniproxy_0.6.0-2+deb11u1.dsc d73c77a9fa8199ae7ac551c0332d3e0a3ff234623f53d65369a8fa560d9880e2 78515 sniproxy_0.6.0.orig.tar.gz f7f775f04f70678b582a1d286cdf1a18cd895b33a5961f65e19c06ffb9887101 7360 sniproxy_0.6.0-2+deb11u1.debian.tar.xz 2dbe5523248748d68eb1cb55500810cf3be03c5d1ed7b9e79a469c1472c82855 7293 sniproxy_0.6.0-2+deb11u1_amd64.buildinfo Files: d6fe81c74ada7adbcdb1c5cc17b04b25 2082 web optional sniproxy_0.6.0-2+deb11u1.dsc bcfb5d1efe045b8b356a4229f2339f02 78515 web optional sniproxy_0.6.0.orig.tar.gz 0d02cedd110faa719682d9f3799c8d25 7360 web optional sniproxy_0.6.0-2+deb11u1.debian.tar.xz ac85a1334e8d5b5cd1f05b14bebf7a36 7293 web optional sniproxy_0.6.0-2+deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmRvmOFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR2wpD/9zna8SFz9uJ+hXJwZ8RjE0fvnkyOO8 7JyvHE2N57mnmldWkNfxiprRlhFgtffO11Plh+uia18FjHdCjueHHKAa+Q5uDhzx pIyiwwqbB0pr7RjDTzwgTXtDKdeB/K/frxiwupXIWfpg+Xs4/CG8n7AXOvTxoaw3 ojkwrusqwDXBMgE0B2k3FHF/oU6V1dwRWRlJzuL4PTyYNT7q8C34epVfMMvP6kqW KU/CxxFZuR8YNmYIxjfhUMrVGvL4WzRcU03Ui9dU7mp11bvQglNCc9WARGhJac+K ReAB7zM/Ee7DEzlVwadA1z4l0HExm4gvFvwoJqvQsC/cR3kRlga0UhRzAHrKTsIb fkoraYM/JHp8q5bPVfVWZszarGzVnbdeVGLtPFnr5/uphPISDEv0m7ODpLj0OpoK bX+HulAxbnO60tucESNennHseZ1kHHE/U/5f3/osrKn8/Yn1OM6r2tULcMXbcBk2 fFeUe0qfDS0i7/iOLA11UdTzlNUEfroax8thFJsZOjgFtEDoIRkjbp6oGtohjYH2 G11dLSVWheHlsPabyP+ZmrVtw9XGq8QbrMtU/0dYsHBeq+op/3Kud+CV4F7UsFrz OM1uDc7Z7Fx9Grb6MTlNDOFTp4c+LlJlRVFmWBFjpTJzt0plQt8D9S1W1+mEpEqY HmtWq9M1lI8DEA== =YWdL -----END PGP SIGNATURE-----
--- End Message ---
