Your message dated Thu, 29 Feb 2024 17:11:06 +0000
with message-id <e1rfjw2-00c6ba...@fasolo.debian.org>
and subject line Bug#1063492: fixed in openvswitch 3.3.0-1
has caused the Debian Bug report #1063492,
regarding openvswitch: CVE-2023-3966: Invalid memory access in Geneve with HW
offload
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1063492: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063492
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: openvswitch
Version: 3.3.0~git20240118.e802fe7-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 3.1.0-2
Hi,
The following vulnerability was published for openvswitch.
CVE-2023-3966[0]:
| Invalid memory access in Geneve with HW offload
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-3966
https://www.cve.org/CVERecord?id=CVE-2023-3966
[1] https://www.openwall.com/lists/oss-security/2024/02/08/3
[2] https://mail.openvswitch.org/pipermail/ovs-dev/2024-February/411702.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: openvswitch
Source-Version: 3.3.0-1
Done: Frode Nordahl <frode.nord...@canonical.com>
We believe that the bug you reported is fixed in the latest version of
openvswitch, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1063...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Frode Nordahl <frode.nord...@canonical.com> (supplier of updated openvswitch
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 29 Feb 2024 14:25:30 +0100
Source: openvswitch
Architecture: source
Version: 3.3.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenStack <team+openst...@tracker.debian.org>
Changed-By: Frode Nordahl <frode.nord...@canonical.com>
Closes: 1063492
Changes:
openvswitch (3.3.0-1) unstable; urgency=medium
.
* Team upload.
* Update upstream source from tag 'upstream/3.3.0'.
* d/p/dp-packet-Reset-offload_offsets-when-clearing-a-packet.patch:
Drop, included in new upstream version.
* d/p/0001-tests-ovsdb-server-Fix-config-file-same-schema-test.patch:
Drop, included in new upstream version.
* d/openvswitch-switch.lintian-overrides: Remove obsolete tag "package-
supports-alternative-init-but-no-init.d-script".
* d/control: Replace pkg-config with pkgconf as build dependency.
* CVE-2023-3966: Fix invalid memory access in Geneve with HW offload
(Closes: #1063492).
Checksums-Sha1:
2d82db086164bf0ce85dcbffc551b0715a79307c 3660 openvswitch_3.3.0-1.dsc
a9e9cdfa883927566c084a7703d975c3ebef89e2 5381744 openvswitch_3.3.0.orig.tar.xz
9980479030be02941456beb7c2147919c2e90435 69136
openvswitch_3.3.0-1.debian.tar.xz
e053ea2076509ef36c765671bfce894dcb28e4d6 11648
openvswitch_3.3.0-1_source.buildinfo
Checksums-Sha256:
1c6a47c2937af72d6e31a8a6113b5f453bb2bce7903b22398e480c5ee96811c5 3660
openvswitch_3.3.0-1.dsc
413c89d4108e2f78008930ae905023b29a22ca5476ac3c0725107ac713d6e78e 5381744
openvswitch_3.3.0.orig.tar.xz
b5f087c1a473d693d74098876fbc2831bface0644e127d5de25eb65cc9ff90d3 69136
openvswitch_3.3.0-1.debian.tar.xz
5174db6120f4ad4f93a20807611d62173c6caa7fc6ff194fa6948256501b57eb 11648
openvswitch_3.3.0-1_source.buildinfo
Files:
65e43b45310bd6763539cd0fe69b82d2 3660 net optional openvswitch_3.3.0-1.dsc
28140ad77f523eed57ec076ecf2853d1 5381744 net optional
openvswitch_3.3.0.orig.tar.xz
fc4197ea3b333b6dc0cbee3f0f3b9660 69136 net optional
openvswitch_3.3.0-1.debian.tar.xz
b885299209bfd05e7a6b91d178781522 11648 net optional
openvswitch_3.3.0-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEErCSqx93EIPGOymuRKGv37813JB4FAmXgsj8ACgkQKGv37813
JB7Y/BAA0/TBAyfsNm/Q65okABRVp3ylqM619vRnoKs+zNqN7aydtcR5TL65rxfk
r8glhhraybZVCPktslmVKG6s36YSrqZ+cYCmpA6fyHLG7pXC5S1H+kcwR8R1rS7t
Q1PI4FTjVHyn567CumE/GA5aUOe6X/EPJcGJPyLTGFeOAZfo4+o8ZoG4KV7OY/Zd
f+/m5Pdi1F6XbAgZ1oW2zW4K5Coyl87GFwzrMCIEigDMXAAPHp0yXjsqOBMWXsdW
uGpVVR1JKZNowv/68EHGbzBjFH1rCbM/BAmRlkVOEAEt4lPeIwCuK0fUQfMTQpXi
dqvG8DiLnufhzcs0tQa4PRzR0+CiCVkM9vASDbA4K27WMD9gc8l7pLUb8XPju/xh
N5nOw+45u9LVovBs9ygmc9dZZ/dthCoz+ZWX45py2B5/zCGl0J0qH8hyGBRF+Jls
TqaAtO7jDiut+B3UWY7xzueRyGkxZnJE1osLevblceewifTr4dtvlBILjrSBKc/b
t3S0bsWq/hhLaQfMcI4VJxVFnx9n/FAeB8xguC1fAF70UpNyhCDpz/GhbvNH1tbZ
FHvW5qV9QPZWMey8GzPWx60oKfmiHfngXuXofD5VPfbYDCADpGSzbX0FDt7WhmWn
jMqpPKQlF+GvqzIwDIX03Zp4t7oNl3qEc4g3mML5f2i2BFFJ8Go=
=isFi
-----END PGP SIGNATURE-----
pgpa15F7JOc07.pgp
Description: PGP signature
--- End Message ---
