Your message dated Mon, 10 Jun 2024 07:02:27 +0000
with message-id <e1sgz2x-00fkry...@fasolo.debian.org>
and subject line Bug#1072366: fixed in libndp 1.8-2
has caused the Debian Bug report #1072366,
regarding libndp: CVE-2024-5564
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1072366: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072366
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libndp
Version: 1.8-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 1.6-1
Hi,
The following vulnerability was published for libndp.
CVE-2024-5564[0]:
| A vulnerability was found in libndp. This flaw allows a local
| malicious user to cause a buffer overflow in NetworkManager,
| triggered by sending a malformed IPv6 router advertisement packet.
| This issue occurred as libndp was not correctly validating the route
| length information.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-5564
https://www.cve.org/CVERecord?id=CVE-2024-5564
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libndp
Source-Version: 1.8-2
Done: Florian Ernst <flor...@debian.org>
We believe that the bug you reported is fixed in the latest version of
libndp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1072...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Florian Ernst <flor...@debian.org> (supplier of updated libndp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 10 Jun 2024 08:11:09 +0200
Source: libndp
Architecture: source
Version: 1.8-2
Distribution: unstable
Urgency: high
Maintainer: Florian Ernst <flor...@debian.org>
Changed-By: Florian Ernst <flor...@debian.org>
Closes: 1072366
Changes:
libndp (1.8-2) unstable; urgency=high
.
* [a6136d6] add debian/patches/CVE-2024-5564.patch from upstream fixing
CVE-2024-5564 (Closes: #1072366)
* [5119f5e] debian/rules: drop now-complete dh_strip --dbgsym-migration
* [4d590c2] debian/copyright: update debian/ copyright years
* [3d049d7] debian/control: Standards-Version 4.7.0 (no further changes
required)
Checksums-Sha1:
53da38f54a87fbb6acd3ee721436a46a265c9359 2027 libndp_1.8-2.dsc
ec694003b9b75d7249e3c0654bf2c34b0db57d38 5236 libndp_1.8-2.debian.tar.xz
5480c76493d639d1bc7f7d81e50cfafe8b0fdbf2 7272 libndp_1.8-2_amd64.buildinfo
Checksums-Sha256:
47cd371905286c289ed59678278ae434404a5b7869c4c50c82f58fc356e881b6 2027
libndp_1.8-2.dsc
c2d3bb63291ff62a0368dcc23383018f18dce8aa873d478606676a50b19d0acb 5236
libndp_1.8-2.debian.tar.xz
a54a0f9548ec007cbebcfba42dfa764c683017debc1a754d8bac3b5ef00afb61 7272
libndp_1.8-2_amd64.buildinfo
Files:
c6990674ad79a5ef8b725b8e112012d9 2027 net optional libndp_1.8-2.dsc
bcfd4e207c3247dd18d4553db3e0e0d6 5236 net optional libndp_1.8-2.debian.tar.xz
180539840fff884bdcf4817f45bf4e99 7272 net optional libndp_1.8-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEBn03XtJwVyplJ26xBjdBuvXdHs4FAmZmmhgACgkQBjdBuvXd
Hs5A0w//QGxcT2M9burngsEeVrMlswBGRvYECJKqWiAIL2kJlXwaBWyR7zQ5YY3N
ox/n55qciX/P6jmmjoZlxxt4xS0nYe8znV7nPVSGjzLuR+YTWdGDifLXDYrN8HGY
ZHR+Ty15xVJEFUJa+F6Kx/IVATfDOFb3326idv6S39rOFUVdtKjtwN3PjzZhDAMS
33qFYTB+L4ahjq7i2Y/oTfEsbPSSq28qRwilDwyTXGVN+rnU7Cc6F0O8P6QRW74y
6xN5Mju8hnIKSf14Cv90HPVh0vlDq7DCLd/3Z+LABxMaTTi5xd44rWhCJm2xBaLm
9soQDOuf8O8hwpZGicgfryIun8UTidI16zgpzBvl1rIsHS2R/E4snPYOnDXnJ2DU
W1N1TUGz388mOE1id43LZb62+aZ+LZr81O4wvfw2rVZbCq29yZ3uJeEb6ecSouxj
TIWBCxIMT7w6fBmzeWCeBNjATRLW9lcpbSa1U9HxQX2lJtfrI7Jgj32KzMjxchhX
Nn7oRYEsnGZawB8MQWB7a/Pu9AMrxPqWyqEhupE+4ivyKAdQbJCRrUvO9pLKnMFF
ub8yTpeck19Iq5bYHXHyDn2nkmr3MW0zysUjwHcrvgjMNBgjh6lmUmsyGHHrhcDz
ZZVtHOjCJMPT5byhgLvoA2luun3Bs/ESVOpinkORGU+U7sO/SA8=
=mR6v
-----END PGP SIGNATURE-----
pgpUH8QsjY2h6.pgp
Description: PGP signature
--- End Message ---
