Your message dated Mon, 17 Jun 2024 14:47:08 +0000
with message-id <e1sjddu-00hmfn...@fasolo.debian.org>
and subject line Bug#1072366: fixed in libndp 1.8-1+deb12u1
has caused the Debian Bug report #1072366,
regarding libndp: CVE-2024-5564
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1072366: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072366
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libndp
Version: 1.8-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 1.6-1
Hi,
The following vulnerability was published for libndp.
CVE-2024-5564[0]:
| A vulnerability was found in libndp. This flaw allows a local
| malicious user to cause a buffer overflow in NetworkManager,
| triggered by sending a malformed IPv6 router advertisement packet.
| This issue occurred as libndp was not correctly validating the route
| length information.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-5564
https://www.cve.org/CVERecord?id=CVE-2024-5564
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libndp
Source-Version: 1.8-1+deb12u1
Done: Florian Ernst <flor...@debian.org>
We believe that the bug you reported is fixed in the latest version of
libndp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1072...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Florian Ernst <flor...@debian.org> (supplier of updated libndp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 11 Jun 2024 07:34:43 +0200
Source: libndp
Architecture: source
Version: 1.8-1+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Florian Ernst <flor...@debian.org>
Changed-By: Florian Ernst <flor...@debian.org>
Closes: 1072366
Changes:
libndp (1.8-1+deb12u1) bookworm-security; urgency=medium
.
* add debian/patches/CVE-2024-5564.patch from upstream fixing CVE-2024-5564
(Closes: #1072366)
* d/gbp.conf: update for bookworm release
Checksums-Sha1:
446762f3367fdcf36a71d0aedc04f2df6350a364 2061 libndp_1.8-1+deb12u1.dsc
c3a63a27574a0af9a893a395a4916314bb596292 364669 libndp_1.8.orig.tar.gz
4b3b4dfae0e340afe117ad659d5e47e364f17cf3 5192
libndp_1.8-1+deb12u1.debian.tar.xz
815c0b19a5632d30477089799e5d1805c050346c 7322
libndp_1.8-1+deb12u1_amd64.buildinfo
Checksums-Sha256:
f1d8c3e91963b63f22aec4371f5e676b8e090f2121fec6b76b3b303cb11d0d3b 2061
libndp_1.8-1+deb12u1.dsc
88ffb66ee2eb527f146f5c02f5ccbc38ba97d2b0d57eb46bfba488821ab0c02b 364669
libndp_1.8.orig.tar.gz
53ebb65352b36045d9c1d08e3b0f6c7d66172841a2e1cdeb8c680fd4103aeeaa 5192
libndp_1.8-1+deb12u1.debian.tar.xz
6722ed3bb70429d15201e7ce62f99c396f4788c72ab129336afc3ddcd6649e70 7322
libndp_1.8-1+deb12u1_amd64.buildinfo
Files:
6fa37bd8eddbdf367cd92529191d4bb1 2061 net optional libndp_1.8-1+deb12u1.dsc
c7e775fd5a9d676e8cba9c3732c4df93 364669 net optional libndp_1.8.orig.tar.gz
24cf4541d88a0e3f58782492364328c5 5192 net optional
libndp_1.8-1+deb12u1.debian.tar.xz
725e28cf046baeafe5fecb68848c2f89 7322 net optional
libndp_1.8-1+deb12u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEBn03XtJwVyplJ26xBjdBuvXdHs4FAmZn6EcACgkQBjdBuvXd
Hs6t3hAAlEuBGh8fD9DJ7/CQGhGRRx23I15Prbo5MhAOh3VJd9xBJs/qFM4O7oMw
QftS064MMw3K5BDZkGZhFGS9zmxcN970aNLLPwK38HFDFaJke7hAtrYF6CpyU4d1
SCyCabq3tWMmQhj819oMz4AgUH3a+2uiE9rTPiZ2q8wVQB2Se8bBUr6vep7FrfC3
9Mi1AfB2li82yg6P8M666SgYfo8gsgsl4W5S4Jn+d0qj0SV+JeTmyWgu/ZwdccTB
zsurOI72DEDW2XU9Qvg135blsX+TuIMaCg23gfNnOFgBI9a2XxTjrMo2hkR6WFKe
N8lZAO4SDmFPY9gPgnMMZ61PixVkCN/wRbdtc+xcNDN6IiPvmFV7i7xK4wrd1FPN
2vDq7S+b1GFMWCHQH1N6CszmVqAZpseM4k7p/Ywgvdgr9mS2pwFVUBfkNkrvfJx8
5GH/gFJ4jlG33raFLd8qqTYVTbxmqSAN1ZMJZSiZs/ZllcXMpvM/LqHS4+jTgVE2
BD46yp5+IKI2TVbbLsH7UgAnd6CRpyxJYMBPEGu+MUclyesobRqSUjTTzDfw1Q8c
Bw4CHfZXo+ksqVZZ6hCs2zQ9axS3s6yfvKQAWnrVyoVgYUJyly3UnS0wNkehznEf
DKfGM7mhvDHtyqIrTesakOcU9qLL1qszkwgUNlp/gESn1TD0cMU=
=Z5He
-----END PGP SIGNATURE-----
pgprdNBraBTEG.pgp
Description: PGP signature
--- End Message ---
