Your message dated Thu, 23 Aug 2007 16:53:58 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Bug#439227: CVE-2007-4461: bypass filtering due to out of
period transmission time
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: nufw
Severity: serious
Tags: security
Hi,
A security issue has been reported against your package nufw:
> NuFW 2.2.3, and certain other versions after 2.0, allows remote attackers
> to bypass time-based packet filtering rules via certain "out of period"
> choices of packet transmission time.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4461
It seems the new upstream 2.2.4 fixes this.
Please mention the CVE id in the changelog when fixing this.
Also please check whether stable is vulnerable and coordinate
with the security team.
Thanks,
Thijs
pgpCoF5l1RDxv.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Package: nufw
Version: 2.2.4-1
Stable is not vulnerable, and fixed version was uploaded to unstable
before the CVE was created (.changes attached).
Thanks,
Pierre
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 20 Aug 2007 23:18:37 +0200
Source: nufw
Binary: nuauth-log-pgsql nuauth-extra nufw nutcpc nuauth-log-mysql nuauth
nuauth-utils libpam-nufw libnuclient3
Architecture: source all amd64
Version: 2.2.4-1
Distribution: unstable
Urgency: low
Maintainer: Pierre Chifflier <[EMAIL PROTECTED]>
Changed-By: Pierre Chifflier <[EMAIL PROTECTED]>
Description:
libnuclient3 - client library for nufw authentication
libpam-nufw - Pluggable Authentication module for nufw authentication
nuauth - The authentication daemon from the nufw package
nuauth-extra - The authentication daemon from the nufw package
nuauth-log-mysql - Module for nuauth logging into mysql databases
nuauth-log-pgsql - Module for nuauth logging into PostgreSQL databases
nuauth-utils - Set of tools useful to nuauth admin
nufw - a per-user firewalling daemon that interferes with libipq
nutcpc - a linux client for the nufw authentication gateway system
Changes:
nufw (2.2.4-1) unstable; urgency=low
.
* New upstream release
* Add nuauth-command script to nuauth-utils
* Use python-support for nuauth-utils
* Update nuauth-utils dependencies
Files:
1aef8a83ff191a1abe29b0ef76916419 987 net optional nufw_2.2.4-1.dsc
ff25e2670ac12481ebcc2ef71a0ba981 1111574 net optional nufw_2.2.4.orig.tar.gz
dcae1a2c6921002f9e5b68650416caaa 3189 net optional nufw_2.2.4-1.diff.gz
d166cf8814251a458ee3956b934b010b 37722 net optional nufw_2.2.4-1_amd64.deb
0694f9e8494ebd21503af2af7738bc37 159742 net optional nuauth_2.2.4-1_amd64.deb
7f0cf77400a3ca116b240b859f6419e0 25342 net optional nutcpc_2.2.4-1_amd64.deb
78900167cf1cb313ad235b9a09e6ebdc 36686 net optional
libnuclient3_2.2.4-1_amd64.deb
7e02e65b8c8e51a3e1775bfc5804335d 18088 net optional
nuauth-extra_2.2.4-1_amd64.deb
bd623da378bfd514ce9cef3ff58a76b2 31248 net optional
nuauth-log-mysql_2.2.4-1_amd64.deb
48d71aeed52c573b9475c4a3eaf325a5 26836 net optional
nuauth-log-pgsql_2.2.4-1_amd64.deb
4c01c921c6b58af3d149afa753f8db60 21804 net optional
libpam-nufw_2.2.4-1_amd64.deb
21b71334e2594f1c7de944f83fc7cc22 31162 net optional
nuauth-utils_2.2.4-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGygWwtwVrWo1fQMsRAmlmAKDnFXgJ5UvyAvJ0kSwj0+DDUhU+EACfXgoS
W93Eu3itNBZH9fti3LoBN9I=
=FGrV
-----END PGP SIGNATURE-----
--- End Message ---
