Your message dated Sun, 20 Oct 2024 22:26:20 +0000
with message-id <[email protected]>
and subject line Bug#1081792: fixed in opennds 10.3.0+dfsg-0.1
has caused the Debian Bug report #1081792,
regarding opennds: CVE-2024-25763
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1081792: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081792
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: opennds
Version: 10.2.0+dfsg-1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/openNDS/openNDS/issues/571
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for opennds.
CVE-2024-25763[0]:
| openNDS 10.2.0 is vulnerable to Use-After-Free via
| /openNDS/src/auth.c.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-25763
https://www.cve.org/CVERecord?id=CVE-2024-25763
[1] https://github.com/openNDS/openNDS/issues/571
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: opennds
Source-Version: 10.3.0+dfsg-0.1
Done: Chris Hofstaedtler <[email protected]>
We believe that the bug you reported is fixed in the latest version of
opennds, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Hofstaedtler <[email protected]> (supplier of updated opennds package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 20 Oct 2024 22:34:03 +0200
Source: opennds
Architecture: source
Version: 10.3.0+dfsg-0.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Edu Packaging Team
<[email protected]>
Changed-By: Chris Hofstaedtler <[email protected]>
Closes: 1073664 1081792
Changes:
opennds (10.3.0+dfsg-0.1) unstable; urgency=medium
.
* Non-maintainer upload.
* New upstream release. (Closes: #1081792)
Fixes CVE-2024-25763
* Move aliased files from / to /usr (DEP17) (Closes: #1073664)
Checksums-Sha1:
6ca0bf91adb6235a8e03d9e471b9670a79405a87 2217 opennds_10.3.0+dfsg-0.1.dsc
272a11e2695bcbd3431b6c24873f7113d6f6eea5 659888 opennds_10.3.0+dfsg.orig.tar.xz
f33e0f7ed96ea2213a4d83dcb1996dc6b32984ff 7488
opennds_10.3.0+dfsg-0.1.debian.tar.xz
825d80d08143a98149a6f14587884ec1179843f6 6599
opennds_10.3.0+dfsg-0.1_arm64.buildinfo
Checksums-Sha256:
398ff24ee1ca3a3a3655f7512190fc1b61f6aeaf2207288731efda38892490ae 2217
opennds_10.3.0+dfsg-0.1.dsc
709f49b64abf2b342e54250aab9f1834c120e740ab3ee75d9ef923df62cea86c 659888
opennds_10.3.0+dfsg.orig.tar.xz
49acd37e78ddf1a2e9032898047b4cc0bdddc17841c03721dfee2e0a1d92cf71 7488
opennds_10.3.0+dfsg-0.1.debian.tar.xz
399823ff3541caad1c8c0a2bd46d4914e0491debe5ea2858f57b357c160c9c6c 6599
opennds_10.3.0+dfsg-0.1_arm64.buildinfo
Files:
a9070b7e25bc1d80b24f9887862feb67 2217 net optional opennds_10.3.0+dfsg-0.1.dsc
cd1c9902b53590ea716d13c4d16e6567 659888 net optional
opennds_10.3.0+dfsg.orig.tar.xz
b6810841767460b7794ebc51bdad315f 7488 net optional
opennds_10.3.0+dfsg-0.1.debian.tar.xz
2fa8d6e0ba4c704592ab28d3ef5ba42f 6599 net optional
opennds_10.3.0+dfsg-0.1_arm64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfRrP+tnggGycTNOSXBPW25MFLgMFAmcVdkkACgkQXBPW25MF
LgNoNQ//Q7H2zFrGj8T4cEWRxgatNhBueYSbL9+iXItYQiggnVOptQdOKjlnXFTr
cbG1co+uv3mWVGshlw0EM2dGwyfDsqaIivI5zp475WCYZWIJX33NXaV9gfVd90Io
KSCx7dlMgyqbGdWGGr5hw7rlz9egyVRweIiqqFNLumulXYw1jWRXJjoXQlnwKjom
Gae5L8H2+SrffKnHBcObcst+2Z+0o8kkLDVSvB25IrkTRU9O71m0Y0tD7sE8wHRR
uERqe/gwBfD1Z1+Bui/ZjdgBMCQCpOjlI/ijvACbgTsh/2zRekOdhFnsjg9nqRfQ
WlOcE8qai95xrIAmnC57/vMGGXPmnKVTV9PpKgoUg/JqRmfoZlVkggYzx3ccaczb
d49Vv8Yr8xZxtTL+pAoTT6rwV2miFfdDWG/0mhP2PpI5gGYdTz+2JFHe/iCxVBrI
Q2LW1pF+yGj8+p0QTNMtNjwJyvbnrPrfDDMic5qHIyz02j+ES/aOB1+yofIrjbWJ
4S6YgepsaOvdNuh62IEKT0UlbQDfuY7Db+djiWMJdo7zKEFrnTisDoNaB2oXxCE8
uVZlXyb9Q3I/lO0QsqVyplxb7Go3lZdDCI/0QU4xbKBytaJukzmgEohk3fNW1og+
O2Bjng4wUnNfypbR8iucE4Ei4rHKBulYymTNr6isB9Nf6qD5LpY=
=K4aJ
-----END PGP SIGNATURE-----
pgpyi5GJRUZUw.pgp
Description: PGP signature
--- End Message ---
