Your message dated Fri, 03 Jul 2009 19:54:33 +0000
with message-id <e1mmoq9-00006p...@ries.debian.org>
and subject line Bug#528933: fixed in ipsec-tools 1:0.6.6-3.1etch3
has caused the Debian Bug report #528933,
regarding CVE-2009-1632: Multiple memory leaks in Ipsec-tools before 0.7.2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
528933: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528933
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ipsec-tools
Version: 1:0.7.1-1.4
Severity: important
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ipsec-tools.
CVE-2009-1632[0]:
| Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote
| attackers to cause a denial of service (memory consumption) via
| vectors involving (1) signature verification during user
| authentication with X.509 certificates, related to the
| eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2)
| the NAT-Traversal (aka NAT-T) keepalive implementation, related to
| src/racoon/nattraversal.c.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For the moment set only important as severity because 1:0.7.1-1.4 needs to
migrate in testing, and I don't know if an RC bug could interfere.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1632
http://security-tracker.debian.net/tracker/CVE-2009-1632
http://marc.info/?l=oss-security&m=124101704828036&w=2
Patches:
http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c.diff?r1=1.11.6.4&r2=1.11.6.5&f=h
http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c.diff?r1=1.6&r2=1.6.6.1&f=h
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoOwQkACgkQNxpp46476apwggCeOsGCHxZDseuTaVSqy8cxcXRa
SJgAn2CKMUqdfUBs9y30R2puUlh2fwpu
=oQ8G
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: ipsec-tools
Source-Version: 1:0.6.6-3.1etch3
We believe that the bug you reported is fixed in the latest version of
ipsec-tools, which is due to be installed in the Debian FTP archive:
ipsec-tools_0.6.6-3.1etch3.diff.gz
to pool/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3.diff.gz
ipsec-tools_0.6.6-3.1etch3.dsc
to pool/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3.dsc
ipsec-tools_0.6.6-3.1etch3_amd64.deb
to pool/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_amd64.deb
racoon_0.6.6-3.1etch3_amd64.deb
to pool/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 528...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <n...@debian.org> (supplier of updated ipsec-tools package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 18 May 2009 20:07:02 +0000
Source: ipsec-tools
Binary: racoon ipsec-tools
Architecture: source amd64
Version: 1:0.6.6-3.1etch3
Distribution: oldstable-security
Urgency: high
Maintainer: Ganesan Rajagopal <rgane...@debian.org>
Changed-By: Nico Golde <n...@debian.org>
Description:
ipsec-tools - IPsec tools for Linux
racoon - IPsec IKE keying daemon
Closes: 528933
Changes:
ipsec-tools (1:0.6.6-3.1etch3) oldstable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix multiple memory leaks in NAT traversal and RSA authentication
code of racoon leading to DoS because (CVE-2009-1632; Closes: #528933).
Files:
8b561cf84ac9c46ec07b037ce3ad06f1 722 net extra ipsec-tools_0.6.6-3.1etch3.dsc
643a238e17148d242c603c511e28d029 914807 net extra ipsec-tools_0.6.6.orig.tar.gz
7444fb4ad448ccfffe878801a2b88d2e 49875 net extra
ipsec-tools_0.6.6-3.1etch3.diff.gz
5ccd4554eec28da6d933dc20a8a39393 89184 net extra
ipsec-tools_0.6.6-3.1etch3_amd64.deb
9cee9f8c479a3a2952d2913d7bdc4c5d 343790 net extra
racoon_0.6.6-3.1etch3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoRwMUACgkQHYflSXNkfP/7tACcDLhKZfUOceBAPVUSnWut4n0R
Nc0AnRAqWtYVMWdkNYQxFefYlHbjSJLS
=Hs5X
-----END PGP SIGNATURE-----
--- End Message ---
