Your message dated Thu, 29 Feb 2024 17:11:06 +0000 with message-id <e1rfjw2-00c6ba...@fasolo.debian.org> and subject line Bug#1063492: fixed in openvswitch 3.3.0-1 has caused the Debian Bug report #1063492, regarding openvswitch: CVE-2023-3966: Invalid memory access in Geneve with HW offload to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1063492: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063492 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: openvswitch Version: 3.3.0~git20240118.e802fe7-3 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 3.1.0-2 Hi, The following vulnerability was published for openvswitch. CVE-2023-3966[0]: | Invalid memory access in Geneve with HW offload If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-3966 https://www.cve.org/CVERecord?id=CVE-2023-3966 [1] https://www.openwall.com/lists/oss-security/2024/02/08/3 [2] https://mail.openvswitch.org/pipermail/ovs-dev/2024-February/411702.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: openvswitch Source-Version: 3.3.0-1 Done: Frode Nordahl <frode.nord...@canonical.com> We believe that the bug you reported is fixed in the latest version of openvswitch, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1063...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Frode Nordahl <frode.nord...@canonical.com> (supplier of updated openvswitch package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 29 Feb 2024 14:25:30 +0100 Source: openvswitch Architecture: source Version: 3.3.0-1 Distribution: unstable Urgency: medium Maintainer: Debian OpenStack <team+openst...@tracker.debian.org> Changed-By: Frode Nordahl <frode.nord...@canonical.com> Closes: 1063492 Changes: openvswitch (3.3.0-1) unstable; urgency=medium . * Team upload. * Update upstream source from tag 'upstream/3.3.0'. * d/p/dp-packet-Reset-offload_offsets-when-clearing-a-packet.patch: Drop, included in new upstream version. * d/p/0001-tests-ovsdb-server-Fix-config-file-same-schema-test.patch: Drop, included in new upstream version. * d/openvswitch-switch.lintian-overrides: Remove obsolete tag "package- supports-alternative-init-but-no-init.d-script". * d/control: Replace pkg-config with pkgconf as build dependency. * CVE-2023-3966: Fix invalid memory access in Geneve with HW offload (Closes: #1063492). Checksums-Sha1: 2d82db086164bf0ce85dcbffc551b0715a79307c 3660 openvswitch_3.3.0-1.dsc a9e9cdfa883927566c084a7703d975c3ebef89e2 5381744 openvswitch_3.3.0.orig.tar.xz 9980479030be02941456beb7c2147919c2e90435 69136 openvswitch_3.3.0-1.debian.tar.xz e053ea2076509ef36c765671bfce894dcb28e4d6 11648 openvswitch_3.3.0-1_source.buildinfo Checksums-Sha256: 1c6a47c2937af72d6e31a8a6113b5f453bb2bce7903b22398e480c5ee96811c5 3660 openvswitch_3.3.0-1.dsc 413c89d4108e2f78008930ae905023b29a22ca5476ac3c0725107ac713d6e78e 5381744 openvswitch_3.3.0.orig.tar.xz b5f087c1a473d693d74098876fbc2831bface0644e127d5de25eb65cc9ff90d3 69136 openvswitch_3.3.0-1.debian.tar.xz 5174db6120f4ad4f93a20807611d62173c6caa7fc6ff194fa6948256501b57eb 11648 openvswitch_3.3.0-1_source.buildinfo Files: 65e43b45310bd6763539cd0fe69b82d2 3660 net optional openvswitch_3.3.0-1.dsc 28140ad77f523eed57ec076ecf2853d1 5381744 net optional openvswitch_3.3.0.orig.tar.xz fc4197ea3b333b6dc0cbee3f0f3b9660 69136 net optional openvswitch_3.3.0-1.debian.tar.xz b885299209bfd05e7a6b91d178781522 11648 net optional openvswitch_3.3.0-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErCSqx93EIPGOymuRKGv37813JB4FAmXgsj8ACgkQKGv37813 JB7Y/BAA0/TBAyfsNm/Q65okABRVp3ylqM619vRnoKs+zNqN7aydtcR5TL65rxfk r8glhhraybZVCPktslmVKG6s36YSrqZ+cYCmpA6fyHLG7pXC5S1H+kcwR8R1rS7t Q1PI4FTjVHyn567CumE/GA5aUOe6X/EPJcGJPyLTGFeOAZfo4+o8ZoG4KV7OY/Zd f+/m5Pdi1F6XbAgZ1oW2zW4K5Coyl87GFwzrMCIEigDMXAAPHp0yXjsqOBMWXsdW uGpVVR1JKZNowv/68EHGbzBjFH1rCbM/BAmRlkVOEAEt4lPeIwCuK0fUQfMTQpXi dqvG8DiLnufhzcs0tQa4PRzR0+CiCVkM9vASDbA4K27WMD9gc8l7pLUb8XPju/xh N5nOw+45u9LVovBs9ygmc9dZZ/dthCoz+ZWX45py2B5/zCGl0J0qH8hyGBRF+Jls TqaAtO7jDiut+B3UWY7xzueRyGkxZnJE1osLevblceewifTr4dtvlBILjrSBKc/b t3S0bsWq/hhLaQfMcI4VJxVFnx9n/FAeB8xguC1fAF70UpNyhCDpz/GhbvNH1tbZ FHvW5qV9QPZWMey8GzPWx60oKfmiHfngXuXofD5VPfbYDCADpGSzbX0FDt7WhmWn jMqpPKQlF+GvqzIwDIX03Zp4t7oNl3qEc4g3mML5f2i2BFFJ8Go= =isFi -----END PGP SIGNATURE-----pgpa15F7JOc07.pgp
Description: PGP signature
--- End Message ---