Your message dated Tue, 29 Sep 2009 05:47:18 +0000
with message-id <e1msvyu-0005wi...@ries.debian.org>
and subject line Bug#543312: fixed in ntop 3:3.3-12
has caused the Debian Bug report #543312,
regarding CVE-2009-2732: Basic Authentication Null Pointer Denial of Service
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
543312: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543312
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ntop
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ntop.
CVE-2009-2732[0]:
| The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier
| allows remote attackers to cause a denial of service (NULL pointer
| dereference and daemon crash) via an Authorization HTTP header that
| lacks a : (colon) character in the base64-decoded string.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2732
http://security-tracker.debian.net/tracker/CVE-2009-2732
Cheers,
Giuseppe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqSNzUACgkQNxpp46476aqaRwCePEnRlTpotXKtcCnxSRnqbSoX
imEAnRKiKt/JAzk57KKzHsAMFEo/v66K
=DhPT
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: ntop
Source-Version: 3:3.3-12
We believe that the bug you reported is fixed in the latest version of
ntop, which is due to be installed in the Debian FTP archive:
ntop_3.3-12.diff.gz
to pool/main/n/ntop/ntop_3.3-12.diff.gz
ntop_3.3-12.dsc
to pool/main/n/ntop/ntop_3.3-12.dsc
ntop_3.3-12_i386.deb
to pool/main/n/ntop/ntop_3.3-12_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 543...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ola Lundqvist <o...@debian.org> (supplier of updated ntop package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 27 Sep 2009 09:20:27 +0200
Source: ntop
Binary: ntop
Architecture: source i386
Version: 3:3.3-12
Distribution: unstable
Urgency: low
Maintainer: Ola Lundqvist <o...@debian.org>
Changed-By: Ola Lundqvist <o...@debian.org>
Description:
ntop - display network usage in web browser
Closes: 501754 527757 534779 543312
Changes:
ntop (3:3.3-12) unstable; urgency=low
.
* Correction for CVE-2009-2732. Closes: #543312.
* Brazilian translation added. Closes: #501754.
* Russian translation added. Closes: #534779.
* Added autogen.sh -p to the clean target to make sure that the
build works fine. Closes: #527757.
Checksums-Sha1:
10dd6694592090dc5c80fadb57a55d1ee9d9a594 1097 ntop_3.3-12.dsc
6be06339b6b90c75e0c8e6867218fda594ef5376 227781 ntop_3.3-12.diff.gz
4f6d8291c223a438a22ada6fd5ce27e3f1450630 2640516 ntop_3.3-12_i386.deb
Checksums-Sha256:
f30d555cf87a545bc3679a39b51859a51294c29fac68f439d25d1a1dce9a3b3a 1097
ntop_3.3-12.dsc
dc3e1fc035e788ccb242ed9e859bf90ca2b3fa89dc3f6a3226c13366a11c964a 227781
ntop_3.3-12.diff.gz
ab91aa73d8fc987c4d9249ce38c7ec5d17356fe928652407c6e2e0f13df1b6b4 2640516
ntop_3.3-12_i386.deb
Files:
f8fc0e5b124dedeb5fbb0a7bb7e4079b 1097 net optional ntop_3.3-12.dsc
d0ac9d0b5836534a515024cd335e56de 227781 net optional ntop_3.3-12.diff.gz
a3ea60cbdd3e2561405ebb131c0036a6 2640516 net optional ntop_3.3-12_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkrBnhoACgkQGKGxzw/lPdkD8gCfXC0uvL8g5cxZYNo6RG+lH4jI
xhAAnjJEnysjaFBhTH/EhcbBXqtyy938
=r24m
-----END PGP SIGNATURE-----
--- End Message ---
