Bug#1072366: libndp: CVE-2024-5564

2024-06-16 Thread Moritz Muehlenhoff
On Fri, Jun 14, 2024 at 07:30:46AM +0200, Florian Ernst wrote: > On Thu, Jun 13, 2024 at 08:17:41PM +0200, Moritz Muehlenhoff wrote: > > Thanks, these look good! Please upload to security-master, I'll take care > > of the DSA over the weekend. > > Thanks for verifying, thus just uploaded to securi

Bug#1072366: libndp: CVE-2024-5564

2024-06-13 Thread Florian Ernst
On Thu, Jun 13, 2024 at 08:17:41PM +0200, Moritz Muehlenhoff wrote: > Thanks, these look good! Please upload to security-master, I'll take care > of the DSA over the weekend. Thanks for verifying, thus just uploaded to security-master. And thanks in advance for taking care of the DSA. Cheers, Flo

Bug#1072366: libndp: CVE-2024-5564

2024-06-13 Thread Moritz Muehlenhoff
Hi Florian, > Please give those packages an additional check, and feel free to just > upload them when they indeed meet your requirements, or briefly ping me > back for me to upload them / possibly apply further changes, whatever > suits you best. Thanks, these look good! Please upload to securit

Bug#1072366: libndp: CVE-2024-5564

2024-06-10 Thread Florian Ernst
Hello Moritz, On Mon, Jun 10, 2024 at 01:56:16PM +0200, Moritz Muehlenhoff wrote: > It would be great if you could prepare updates for bullseye-security and > bookworm-security [1]. Please use 1.6-1+deb11u1 and 1.8-1+deb12u1 as the > respective version numbers. security.debian.org also has autopkg

Bug#1072366: libndp: CVE-2024-5564

2024-06-10 Thread Moritz Muehlenhoff
Hi Florian, On Mon, Jun 10, 2024 at 08:41:27AM +0200, Florian Ernst wrote: > Dear Security Team, > > On Sat, Jun 01, 2024 at 04:57:53PM +0200, Salvatore Bonaccorso wrote: > > [...] > > [0] https://security-tracker.debian.org/tracker/CVE-2024-5564 > > https://www.cve.org/CVERecord?id=CVE-2024-

Bug#1072366: libndp: CVE-2024-5564

2024-06-09 Thread Florian Ernst
Dear Security Team, On Sat, Jun 01, 2024 at 04:57:53PM +0200, Salvatore Bonaccorso wrote: > [...] > [0] https://security-tracker.debian.org/tracker/CVE-2024-5564 > https://www.cve.org/CVERecord?id=CVE-2024-5564 An updated package containing upstream's fix has just been uploaded and is waiting

Bug#1072366: libndp: CVE-2024-5564

2024-06-01 Thread Salvatore Bonaccorso
Source: libndp Version: 1.8-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team Control: found -1 1.6-1 Hi, The following vulnerability was published for libndp. CVE-2024-5564[0]: | A vulnerability was found in libndp