Bug#1086154: marked as done (bookworm-pu: package tgt/1:1.0.85-1+deb12u1)

Sat, 09 Nov 2024 03:00:50 -0800 

Your message dated Sat, 09 Nov 2024 10:51:02 +0000
with message-id 
<b0a29248bc631362ed06a8879f93b8cdae5414d0.ca...@adam-barratt.org.uk>
and subject line Closing bugs released with 12.8
has caused the Debian Bug report #1086154,
regarding bookworm-pu: package tgt/1:1.0.85-1+deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1086154: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086154
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: t...@packages.debian.org, David Gstir <da...@sigma-star.at>, 
Richard Weinberger <rich...@sigma-star.at>, car...@debian.org
Control: affects -1 + src:tgt
User: release.debian....@packages.debian.org
Usertags: pu

Hi SRM,

tgt is affected in stable by CVE-2024-45751, but it is no-dsa. I did a
while back a NMU for unstable, preparing for this bookworm-pu update
as well. Given there are no issues reported with it in unstable, now
proposing as well the bookworm update.

Description is at 
https://security-tracker.debian.org/tracker/CVE-2024-45751
https://www.openwall.com/lists/oss-security/2024/09/07/2

|The user-space iSCSI target daemon of the Linux target framework (tgt)
|uses an insecure random number generator to generate CHAP
|authentication callenges. This results in predictable challenges which
|an attacker capable of recording network traffic between iSCSI target
|and initiator can abuse to bypass CHAP authentication by replaying
|previous responses.

The patch switches to a proper entropy source.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: release.debian.org
Version: 12.8

Hi,

Each of the updates tracked by these bugs was included in today's 12.8
bookworm point release.

Regards,

Adam

--- End Message ---

Reply via email to