Your message dated Sat, 27 Jun 2009 16:04:28 +0000
with message-id <e1mkaoc-00013e...@ries.debian.org>
and subject line Bug#528933: fixed in ipsec-tools 1:0.7.1-1.3+lenny2
has caused the Debian Bug report #528933,
regarding CVE-2009-1632: Multiple memory leaks in Ipsec-tools before 0.7.2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
528933: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528933
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ipsec-tools
Version: 1:0.7.1-1.4
Severity: important
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ipsec-tools.
CVE-2009-1632[0]:
| Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote
| attackers to cause a denial of service (memory consumption) via
| vectors involving (1) signature verification during user
| authentication with X.509 certificates, related to the
| eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2)
| the NAT-Traversal (aka NAT-T) keepalive implementation, related to
| src/racoon/nattraversal.c.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For the moment set only important as severity because 1:0.7.1-1.4 needs to
migrate in testing, and I don't know if an RC bug could interfere.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1632
http://security-tracker.debian.net/tracker/CVE-2009-1632
http://marc.info/?l=oss-security&m=124101704828036&w=2
Patches:
http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c.diff?r1=1.11.6.4&r2=1.11.6.5&f=h
http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c.diff?r1=1.6&r2=1.6.6.1&f=h
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoOwQkACgkQNxpp46476apwggCeOsGCHxZDseuTaVSqy8cxcXRa
SJgAn2CKMUqdfUBs9y30R2puUlh2fwpu
=oQ8G
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: ipsec-tools
Source-Version: 1:0.7.1-1.3+lenny2
We believe that the bug you reported is fixed in the latest version of
ipsec-tools, which is due to be installed in the Debian FTP archive:
ipsec-tools_0.7.1-1.3+lenny2.diff.gz
to pool/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2.diff.gz
ipsec-tools_0.7.1-1.3+lenny2.dsc
to pool/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2.dsc
ipsec-tools_0.7.1-1.3+lenny2_amd64.deb
to pool/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_amd64.deb
racoon_0.7.1-1.3+lenny2_amd64.deb
to pool/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 528...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <n...@debian.org> (supplier of updated ipsec-tools package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 18 May 2009 20:03:50 +0000
Source: ipsec-tools
Binary: ipsec-tools racoon
Architecture: source amd64
Version: 1:0.7.1-1.3+lenny2
Distribution: stable-security
Urgency: high
Maintainer: Ganesan Rajagopal <rgane...@debian.org>
Changed-By: Nico Golde <n...@debian.org>
Description:
ipsec-tools - IPsec tools for Linux
racoon - IPsec IKE keying daemon
Closes: 528933
Changes:
ipsec-tools (1:0.7.1-1.3+lenny2) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix multiple memory leaks in NAT traversal and RSA authentication
code of racoon leading to DoS (CVE-2009-1632; Closes: #528933).
Checksums-Sha1:
3775ab19c1f7d511941f6248f1f47b729d223c4c 1144 ipsec-tools_0.7.1-1.3+lenny2.dsc
529f049642cbf2decb8d07a5b279f25e3c02b589 1039057 ipsec-tools_0.7.1.orig.tar.gz
e1bbe3881d011bd8d29f5532c3d534daec0847c9 49472
ipsec-tools_0.7.1-1.3+lenny2.diff.gz
f65a034de3ffb97e8100e9e04749586c07dea8d5 104612
ipsec-tools_0.7.1-1.3+lenny2_amd64.deb
f61f13bb557d590d59bbab15d1e913d37b20622b 409514
racoon_0.7.1-1.3+lenny2_amd64.deb
Checksums-Sha256:
1e60a4b9395b009dfa31c558d32782cdc3f0b379818cb07988eb6f5701284617 1144
ipsec-tools_0.7.1-1.3+lenny2.dsc
69c95651a0851cdfba0887020c1bd33c07ac7f2dd250e09153d6da983f02c2b3 1039057
ipsec-tools_0.7.1.orig.tar.gz
3839173be8419112e0764df68bf0e7601576680277f0cddfe5fe5d079098fa49 49472
ipsec-tools_0.7.1-1.3+lenny2.diff.gz
cb1614f141ef9e2fdad05829cddb51d41d8a3e4ddc9af155f5c298a113c3218f 104612
ipsec-tools_0.7.1-1.3+lenny2_amd64.deb
3004d07723fc02b96e3607948619d319c550badf00a1fea08f3e3a70503d9b9f 409514
racoon_0.7.1-1.3+lenny2_amd64.deb
Files:
46d3f28156ee183512a451588ef414e4 1144 net extra
ipsec-tools_0.7.1-1.3+lenny2.dsc
ddff5ec5a06b804ca23dc41268368853 1039057 net extra
ipsec-tools_0.7.1.orig.tar.gz
4bc8ba2bd520a7514f2c33021c64e8ce 49472 net extra
ipsec-tools_0.7.1-1.3+lenny2.diff.gz
9ec93c697cf64232728d0dd5658efac8 104612 net extra
ipsec-tools_0.7.1-1.3+lenny2_amd64.deb
a421f12270f5b22639d67be8d2cc8b4e 409514 net extra
racoon_0.7.1-1.3+lenny2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoRwNUACgkQHYflSXNkfP9jeACgkZndrg3KwC5Q53uelYxj6mmU
GhMAn3qnyzakP6fhXh7arog76i6b2Ri/
=RLdK
-----END PGP SIGNATURE-----
--- End Message ---
