Thanks. Yes, this addressed my issues. Every issue identified by your team exists in 3.4.4 code. I took over the maintenance of Tcpreplay starting at 4.0.0, and inherited these issues.
I agree that these issues are not serious. They are mostly brought on by invalid PCAP files, and I have not seen any that send uninitialized memory over the wire. I plan to get the 4.3 release out in before Nov 18. In the mean time, I’ll release one or two more betas so that my fixes can soak a little. Regards, Fred. > On Oct 20, 2018, at 11:31 PM, Salvatore Bonaccorso <car...@debian.org> wrote: > > Hi Fredrick, > > [Disclaimer, not the Debian maintainer here for tcpreplay, who is > Christoph Biedl, only did report the issues downstream in the bug > tracker]. > > On Sat, Oct 20, 2018 at 02:42:30PM -0700, Fredrick Klassen wrote: >> Salvatore, >> >> I have been creating and testing fixes. I also have updated >> CHANGELOG a suggested below. Currently my fixes are in Beta. > > Ack, seen those already. > >> Can you tell me what "Please adjust the affected versions in the BTS >> as needed” means? Does that mean that I have to do something other >> than closing the bug in GitHub? > > No this was not meant for something to be done in the Github > repository, but here in the Debian specific tracking. I checked the > code of tcpreplay in the package version 4.2.6-1, and marked it as > found there (unless I missed something). That sentence is from a used > template, to indicate, please check time permitting as well the > current supported other versions for if the issue affects that suite. > Currently in Debian stretch there is 3.4.4-3, based on the upstream > 3.4.4 version with additional patches. > > These issues probably do not really warrant a so called DSA (Debian > Security Advisory), but still if affected could be fixed in a next > point release for stretch. > > Many thanks for your work, it is great if upstream maintainers/authors > have as well enought time to monitor downstream bugtracker for issues! > > Does this answers your question? > > Regards, > Salvatore
