Your message dated Sun, 29 May 2022 08:35:32 +0000
with message-id <[email protected]>
and subject line Bug#1003190: fixed in tcpslice 1.5-1
has caused the Debian Bug report #1003190,
regarding tcpslice: CVE-2021-41043: use-after-free in extract_slice()
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1003190: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003190
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: tcpslice
Version: 1.3-2
Severity: grave
Tags: security upstream
Forwarded: https://github.com/the-tcpdump-group/tcpslice/issues/11
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for tcpslice.

CVE-2021-41043[0]:
| Use after free in tcpslice triggers AddressSanitizer, no other
| confirmed impact.

The impact is not confirmed to be exploitable TTBOMK so far, but the
severity is choosen as better safe than sorry afterwards. Can you
update tcpslice first in unstable? Possibly ideally directly to 1.5
containing other fixes.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-41043
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41043
[1] https://github.com/the-tcpdump-group/tcpslice/issues/11
[2] 
https://github.com/the-tcpdump-group/tcpslice/commit/030859fce9c77417de657b9bb29c0f78c2d68f4a

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: tcpslice
Source-Version: 1.5-1
Done: Bruno Naibert de Campos <[email protected]>

We believe that the bug you reported is fixed in the latest version of
tcpslice, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bruno Naibert de Campos <[email protected]> (supplier of updated tcpslice 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 28 May 2022 20:56:55 -0300
Source: tcpslice
Architecture: source
Version: 1.5-1
Distribution: unstable
Urgency: medium
Maintainer: Bruno Naibert de Campos <[email protected]>
Changed-By: Bruno Naibert de Campos <[email protected]>
Closes: 1003190
Changes:
 tcpslice (1.5-1) unstable; urgency=medium
 .
   * New upstream version 1.5. (includes a fix for CVE-2021-41043)
     (Closes: #1003190)
   * Enable GPG-checking of orig tarball.
     - debian/upstream/signing-key.asc: upstream public key.
     - debian/watch:
         ~ Add "pgpmode=auto" as an option.
         ~ Changed the URL.
   * debian/control:
       - Added libnids-dev and libosip2-dev to Build-Depends field.
       - Bumped Standards-Version to 4.6.0.
   * debian/copyright:
       - Added licensing for diag-control.h file.
       - Updated the packaging and upstream copyright years.
   * debian/docs: changed from README to README.md.
   * debian/patches: removed. The upstream fixed the source code. Thanks.
   * debian/upstream/metadata: fixed spelling error.
Checksums-Sha1:
 5e316072ff73c389f7232a5f46d3806360f2ca9c 1992 tcpslice_1.5-1.dsc
 37573df884edbd9c8bc123124f3ef1ea874d6d16 136597 tcpslice_1.5.orig.tar.gz
 56f9a573fa908d4db4c098fae9bf9fab6ad347b8 667 tcpslice_1.5.orig.tar.gz.asc
 f926a0a7ad314e751dcdb8effcf0fa0ce11dc772 6108 tcpslice_1.5-1.debian.tar.xz
 1ef0a653b9bfdf1def40bda92a9a348975208928 5413 tcpslice_1.5-1_source.buildinfo
Checksums-Sha256:
 cdbb7e4c130ee88042d088b972a9899101ee491cce9cf08ef1cf7aa4d9ed9a03 1992 
tcpslice_1.5-1.dsc
 f6935e3e7ca00ef50c515d062fddd410868467ec5b6d8f2eca12066f8d91dda2 136597 
tcpslice_1.5.orig.tar.gz
 b3568bd486c89f6c334f0139170e9ffa25995d6a923fe9c77aa71b0b43c52438 667 
tcpslice_1.5.orig.tar.gz.asc
 12bc9a0f38a601dba96f5feecbc9a3345611348ed0cebc740d747cc63ef1344e 6108 
tcpslice_1.5-1.debian.tar.xz
 4039af3ff1c6903781108dceabaa746b7018626780613bc65cc29a197eb6c9ce 5413 
tcpslice_1.5-1_source.buildinfo
Files:
 bc03c2d1f5ed5875731225605d9249ea 1992 net optional tcpslice_1.5-1.dsc
 8907e60376e629f6e6ce2255988aaf47 136597 net optional tcpslice_1.5.orig.tar.gz
 01f66966d2afa86774c7ef983a3a93a4 667 net optional tcpslice_1.5.orig.tar.gz.asc
 fb7bca07b1d6cac91544b204bd9fe76b 6108 net optional tcpslice_1.5-1.debian.tar.xz
 510c5c7a5ae0c59fb82e01ef4cd80b82 5413 net optional 
tcpslice_1.5-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmKTLEYQHGJhZ2VAZGVi
aWFuLm9yZwAKCRAfXHqLRVZDFKTVDADVVMoc4AOPKYmv7txTRY4xHi8/6OZIfsT0
WgVy3eZdJTsjHeoBNKtpWDPFjQwr3t3NqZ4Fa+egyPiUnlyW1wmIspaElZkGi1bM
lXeMEGNaumzOcM9T5BKxJQ+JAqYc8PjBEBS8w2Ie11faDDEi5lTtPBWKhYSLinmM
RdTiYsyPfDlQvx9HKNSBjD3q0J2QYipjphZBbLMkJJUCHmcxrfLc03WzJE+8pbru
VeDlgsnt5dMXooS95sUA0LU/fDLgfQuu/SrDH386HGSUdz0X+CodfiJsenyaqrdb
7PcyNpi4DITvuzS/VJCp0PGwnScnohyGEZK5fswiBkdPEHUwRjJZICxBo2wLSXuU
3f6+YjbX36R7nAFh7eoQ8G+BKGr/LmS19j9xzYzMEacc4pEXucC7PV5tk5Ji72kV
/I7gTgZE+7QtZHrl0ndrlN7wy6GcHE/yvVimSrirLvu8z3IxM57XvbcaW3yCKZWk
Cb40ql1Gr/yE+Bw0gR91NBD+h9ucCRs=
=l0I9
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to