Bug#1035542: marked as done (libreswan: CVE-2023-30570: Incorrect aggressive mode interaction causes the pluto daemon to crash)
Your message dated Fri, 16 Jun 2023 19:47:23 + with message-id and subject line Bug#1035542: fixed in libreswan 4.3-1+deb11u4 has caused the Debian Bug report #1035542, regarding libreswan: CVE-2023-30570: Incorrect aggressive mode interaction causes the pluto daemon to crash to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1035542: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035542 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: libreswan Version: 4.10-2 Severity: important Tags: security upstream Forwarded: https://github.com/libreswan/libreswan/issues/1039 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for libreswan. CVE-2023-30570[0]: | Incorrect aggressive mode interaction causes the pluto daemon to | crash If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-30570 https://www.cve.org/CVERecord?id=CVE-2023-30570 [1] https://github.com/libreswan/libreswan/issues/1039 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: libreswan Source-Version: 4.3-1+deb11u4 Done: Daniel Kahn Gillmor We believe that the bug you reported is fixed in the latest version of libreswan, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1035...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Daniel Kahn Gillmor (supplier of updated libreswan package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 01 Jun 2023 16:14:59 -0400 Source: libreswan Architecture: source Version: 4.3-1+deb11u4 Distribution: bullseye Urgency: medium Maintainer: Daniel Kahn Gillmor Changed-By: Daniel Kahn Gillmor Closes: 1035542 Changes: libreswan (4.3-1+deb11u4) bullseye; urgency=medium . * Resolve CVE-2023-30570 (Closes: #1035542) Checksums-Sha1: e26eaec2ae5daf13378bda01cc90d5850685cb50 2069 libreswan_4.3-1+deb11u4.dsc c6041326f03891b659e182029bf2c8d92ce08de1 15944 libreswan_4.3-1+deb11u4.debian.tar.xz 24fd9237b4e5f4aa2613a5fa2ffd6ebc43efbca6 10659 libreswan_4.3-1+deb11u4_source.buildinfo Checksums-Sha256: 8e7184198f21c5f3d026828baa362704dd765f6009199e069e328c6399af7dbf 2069 libreswan_4.3-1+deb11u4.dsc 8e3e6b40999a1937d1d21de8bf72a8de8a9782e2b7904df0079c7e2a28c3e764 15944 libreswan_4.3-1+deb11u4.debian.tar.xz 06a7db6125203f6b81dc6698e1d94ec04df3dd4691b3d11300695087785321ae 10659 libreswan_4.3-1+deb11u4_source.buildinfo Files: 5cbf9044c976299e7e97532b126ff7b3 2069 net optional libreswan_4.3-1+deb11u4.dsc 4aa9c5a051da6648dd8af4b95ad5fa59 15944 net optional libreswan_4.3-1+deb11u4.debian.tar.xz 7893ae7cf2e73eb06a64745fbf746233 10659 net optional libreswan_4.3-1+deb11u4_source.buildinfo -BEGIN PGP SIGNATURE- iHUEARYIAB0WIQQttUkcnfDcj0MoY88+nXFzcd5WXAUCZHpJIQAKCRA+nXFzcd5W XMXWAP4yM52/rwoTBoJKIqF3AQDSHcbEeYM1SZYQY8ZDROR48gD+MOO37yB1g9Cg ML7UlNVanqldDGHJrV23GWuRc2BgmwU= =sMW5 -END PGP SIGNATURE End Message ---
Bug#1035542: marked as done (libreswan: CVE-2023-30570: Incorrect aggressive mode interaction causes the pluto daemon to crash)
Your message dated Fri, 02 Jun 2023 23:04:29 + with message-id and subject line Bug#1035542: fixed in libreswan 4.10-2+deb12u1 has caused the Debian Bug report #1035542, regarding libreswan: CVE-2023-30570: Incorrect aggressive mode interaction causes the pluto daemon to crash to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1035542: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035542 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: libreswan Version: 4.10-2 Severity: important Tags: security upstream Forwarded: https://github.com/libreswan/libreswan/issues/1039 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for libreswan. CVE-2023-30570[0]: | Incorrect aggressive mode interaction causes the pluto daemon to | crash If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-30570 https://www.cve.org/CVERecord?id=CVE-2023-30570 [1] https://github.com/libreswan/libreswan/issues/1039 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: libreswan Source-Version: 4.10-2+deb12u1 Done: Daniel Kahn Gillmor We believe that the bug you reported is fixed in the latest version of libreswan, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1035...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Daniel Kahn Gillmor (supplier of updated libreswan package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 02 Jun 2023 18:15:28 -0400 Source: libreswan Architecture: source Version: 4.10-2+deb12u1 Distribution: bookworm Urgency: medium Maintainer: Daniel Kahn Gillmor Changed-By: Daniel Kahn Gillmor Closes: 1035542 Changes: libreswan (4.10-2+deb12u1) bookworm; urgency=medium . * Fix CVE-2023-30570 (Closes: #1035542) Checksums-Sha1: 54c49e3096cbe059265bc664a6a0aafe176c45ad 2079 libreswan_4.10-2+deb12u1.dsc d588b3f3088a90b73ea94e908f1630ebab162319 17496 libreswan_4.10-2+deb12u1.debian.tar.xz 8eb33a453e45901e39433db13e22c1e3bb7de54f 11267 libreswan_4.10-2+deb12u1_amd64.buildinfo Checksums-Sha256: e62a43e675bff3fd107b497ad87b5754b26d8f978c4330be456c8a1eb679c52c 2079 libreswan_4.10-2+deb12u1.dsc cd143808f2a6495fd413479ae4dabfa97a8188d609c9462f0808728ca2ca1c2c 17496 libreswan_4.10-2+deb12u1.debian.tar.xz 172ee1fa13c04aa7933383256d08bcef9ab0ca3eec0438dd4541b955ea462c61 11267 libreswan_4.10-2+deb12u1_amd64.buildinfo Files: b5f3081895fd13e7b125ce5008618afa 2079 net optional libreswan_4.10-2+deb12u1.dsc 97a925f517ddc4d45216cb4c83a0e43b 17496 net optional libreswan_4.10-2+deb12u1.debian.tar.xz e9b26ec85d74df114173b9f164e4d1ed 11267 net optional libreswan_4.10-2+deb12u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iHUEARYIAB0WIQQttUkcnfDcj0MoY88+nXFzcd5WXAUCZHpyUQAKCRA+nXFzcd5W XAnXAP9fWuZynlrT3eICdXgs1Lq7wUgYSBs7E1pQfOZp025vFwD+OgteH3lQuDZ6 pbmCuUkxVSgawWz8IdrqNNH9ZLzKLAg= =saAl -END PGP SIGNATURE End Message ---
Bug#1035542: marked as done (libreswan: CVE-2023-30570: Incorrect aggressive mode interaction causes the pluto daemon to crash)
Your message dated Fri, 02 Jun 2023 22:22:12 + with message-id and subject line Bug#1035542: fixed in libreswan 4.11-1 has caused the Debian Bug report #1035542, regarding libreswan: CVE-2023-30570: Incorrect aggressive mode interaction causes the pluto daemon to crash to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1035542: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035542 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: libreswan Version: 4.10-2 Severity: important Tags: security upstream Forwarded: https://github.com/libreswan/libreswan/issues/1039 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for libreswan. CVE-2023-30570[0]: | Incorrect aggressive mode interaction causes the pluto daemon to | crash If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-30570 https://www.cve.org/CVERecord?id=CVE-2023-30570 [1] https://github.com/libreswan/libreswan/issues/1039 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: libreswan Source-Version: 4.11-1 Done: Daniel Kahn Gillmor We believe that the bug you reported is fixed in the latest version of libreswan, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1035...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Daniel Kahn Gillmor (supplier of updated libreswan package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 02 Jun 2023 17:53:00 -0400 Source: libreswan Architecture: source Version: 4.11-1 Distribution: unstable Urgency: medium Maintainer: Daniel Kahn Gillmor Changed-By: Daniel Kahn Gillmor Closes: 1035542 Changes: libreswan (4.11-1) unstable; urgency=medium . * New upstream version - fixes CVE-2023-30570 (Closes: #1035542) Checksums-Sha1: 62267893a5e960e8d9e72d44bf6168198a5c228e 2028 libreswan_4.11-1.dsc d0ae16c8d96928be8865bd6c066e0e3922d25ee0 3711304 libreswan_4.11.orig.tar.gz a3ef5531fc8f709bab2147dcd51247c9333bff8c 862 libreswan_4.11.orig.tar.gz.asc e505b0c50d39c3c1488c0b4368292d9fdf92f410 15932 libreswan_4.11-1.debian.tar.xz 70bf9d544ce4acc2bd2893469c077871499c301e 11187 libreswan_4.11-1_amd64.buildinfo Checksums-Sha256: 3317a848b085a66a4263a69836527521172266427343254435f01984e9498b43 2028 libreswan_4.11-1.dsc 429a917fe4a55260f152cfb3188a587e5b12e94a14e240ac125319ff14b8c83d 3711304 libreswan_4.11.orig.tar.gz ea82e85c96d5838033d70d331f7644dd125e994cef66dd21d28a0481b91deb18 862 libreswan_4.11.orig.tar.gz.asc 04422a32e9dcea17bd2765f7c20c5a4eb9ab6e289baeb17081f4e9a410d4e27c 15932 libreswan_4.11-1.debian.tar.xz af2b6e4f3f973e9d5bb3f04704633506b3365caac1babc685ce5ccf580dfa2b0 11187 libreswan_4.11-1_amd64.buildinfo Files: 0ba635a448a866493d237072caf5b605 2028 net optional libreswan_4.11-1.dsc 1dc16f224c1664ae84574adede2d9507 3711304 net optional libreswan_4.11.orig.tar.gz efe269028801c5536172d11fc022ff43 862 net optional libreswan_4.11.orig.tar.gz.asc 5c59d76cd47d94f35358b6b5afbd63ab 15932 net optional libreswan_4.11-1.debian.tar.xz 7a9914091ee61c6af0039bafd0a56852 11187 net optional libreswan_4.11-1_amd64.buildinfo -BEGIN PGP SIGNATURE- iHUEARYIAB0WIQQttUkcnfDcj0MoY88+nXFzcd5WXAUCZHpnwwAKCRA+nXFzcd5W XMRqAQDN5rRa2xFY+YMMt9kMUh1JK17qC7jpHVZFF/4SHGn9WQEA2t+l9BAPJG2N ge/3ELkzylMUKbqDAUwVQLyLwn21BwU= =QQ5c -END PGP SIGNATURE End Message ---
