Your message dated Sat, 13 Sep 2014 19:04:40 +0000 with message-id <e1xssci-0001ex...@franck.debian.org> and subject line Bug#760990: fixed in ntopng 1.2.1+dfsg1-1 has caused the Debian Bug report #760990, regarding ntopng: Several vulnerabilities fixed upstream in 1.2.1 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 760990: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760990 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ntopng Severity: grave Tags: security upstream fixed-upstream Hi Ludovico, Marking this bugreport as grave, as more information seem a bit scarce, so was not able to identify the issues. There is an upstream report [1] which mentions several fixes were done in ntopng 1.2.1. [1] http://www.ntop.org/ndpi/released-ndpi-1-5-1-and-ntopng-1-2-1/ > Fixes for > - CVE-2014-5464 > - CVE-2014-4329 Strangely this was marked as fixed in 1.2.0+dfsg1-1 in the security tracker at [2]. Is this information correct? [2] https://security-tracker.debian.org/tracker/CVE-2014-4329 > - CVE-2014-5511, CVE-2014-5512, CVE-2014-5513, CVE-2014-5514, > CVE-2014-5515 No information referenced for these in the advisory. Could you have a look at them and also clarify if CVE-2014-4329 version information is wrong in the tracker? Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: ntopng Source-Version: 1.2.1+dfsg1-1 We believe that the bug you reported is fixed in the latest version of ntopng, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 760...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ludovico Cavedon <cave...@debian.org> (supplier of updated ntopng package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 09 Sep 2014 21:57:04 -0700 Source: ntopng Binary: ntopng ntopng-dbg ntopng-data Architecture: source amd64 all Version: 1.2.1+dfsg1-1 Distribution: unstable Urgency: medium Maintainer: Ludovico Cavedon <cave...@debian.org> Changed-By: Ludovico Cavedon <cave...@debian.org> Description: ntopng - High-Speed Web-based Traffic Analysis and Flow Collection Tool ntopng-data - High-Speed Web-based Traffic Analysis and Flow Collection Tool (d ntopng-dbg - High-Speed Web-based Traffic Analysis and Flow Collection Tool (d Closes: 760990 Changes: ntopng (1.2.1+dfsg1-1) unstable; urgency=medium . * Imported Upstream version 1.2.1+dfsg1 (Closes: #760990, CVE-2014-5464, CVE-2014-5511, CVE-2014-5512, CVE-2014-5513, CVE-2014-5514, CVE-2014-5515). * Remove patches merged upstream: build-flags.patch, libndpi-external.patch, manpage.patch, no-svn.patch, path-defaults.patch, remove-libs.patch, and rickshaw.patch. * Add no-librt.patch to avoid not needed linking against librt. * Fix typos in copyright and removed stanzas for removed files. Checksums-Sha1: d6e9a2a0918bf0d8d7d5b983261d6fb35ddc11f9 2184 ntopng_1.2.1+dfsg1-1.dsc a10e983e3557f6d17f770786a848b64645ed101c 1978757 ntopng_1.2.1+dfsg1.orig.tar.gz 4f9aa5677e1f3441b86a28a6130d18da07a02561 21328 ntopng_1.2.1+dfsg1-1.debian.tar.xz 7f67b503ff2d3919af4d02ceb9b30d30b2d1515a 167592 ntopng_1.2.1+dfsg1-1_amd64.deb 132390519d91f2a97d8a89d72555669cc84e7364 790786 ntopng-dbg_1.2.1+dfsg1-1_amd64.deb c0ee156effacead2ea80af2954420ccab46009a7 924170 ntopng-data_1.2.1+dfsg1-1_all.deb Checksums-Sha256: 92930138f717b6ee5d0707c3a24b026cb9e9977648f4f887e6914a96409a246b 2184 ntopng_1.2.1+dfsg1-1.dsc 0536e761ed7dfadd755bab25139742c26eb178de31a7df4a5eadf5d63e314b53 1978757 ntopng_1.2.1+dfsg1.orig.tar.gz b99af4cbb678dcef524f4c84facb59de59518c253635733ed67de95f5a7cbbd7 21328 ntopng_1.2.1+dfsg1-1.debian.tar.xz 4f2961dd26c99391a53acdcc070253aae90d06eee4b5b7723222a3b811c2eff9 167592 ntopng_1.2.1+dfsg1-1_amd64.deb 0ac83366fe77caeb9e166579313abb69a115c8081beeae9f4e08a47ae24f2a93 790786 ntopng-dbg_1.2.1+dfsg1-1_amd64.deb 02909cc7e79c011d024a6099d322e61241625818253338ed37d18f050666479f 924170 ntopng-data_1.2.1+dfsg1-1_all.deb Files: 53ef126b8dc90debc563644dee8077e5 167592 net extra ntopng_1.2.1+dfsg1-1_amd64.deb 3c77ed6bb51bd7ca2314ff004c826821 790786 debug extra ntopng-dbg_1.2.1+dfsg1-1_amd64.deb bcc236717def4c1cd61ea179a6ba3595 924170 net extra ntopng-data_1.2.1+dfsg1-1_all.deb 5f728ab1b008909dcdd16846b031553d 2184 net extra ntopng_1.2.1+dfsg1-1.dsc bb5b41ffa50f1bd00576c53f49299a47 1978757 net extra ntopng_1.2.1+dfsg1.orig.tar.gz d500bdcc6aeb43a04c786cf2b000fc1f 21328 net extra ntopng_1.2.1+dfsg1-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJUFJLKAAoJEBPAtWZ6OLCwwpQQAJEazvp50F9m9vKYF0lweMUE 9uXCqnv3dCvJo1EQxNohhUAwCMihCMCkbozhjXdZvj8X0sZHmU8BrmlKLbGnfFYm wjzgpot8qj8Qr/AIQ2t/+jTLdbPdfE/q2N6x11q95KfQAUDvxsAD2aixLaHrtoVR fRuRqTWnwkKUXZS8EGHrWDYhW8aWc8rTWR5MUEByhbHrva86L/IdCeMS19W0inep qMlROFQvkm4V5kruhHmtVbZY9hRxpElaUUoxCPCfNlSGLTk7Q9J+pWRXo2uXKuP2 rDYNtuLa6LsV3DyYSHgxp7a/jXZuRXm03SbBkdUFSBH3f6fT2oyAOdFOhwL05BaG MtpNBh7LR3rJYs8Nze0JKJaYgrB+ILtOafn+l+0jqaVzmQ4NeKtm776m6sQll+Xa Q59s6kMI/qGFydqFA1bAvk7zWnd3IaqaJgBviPt2B7Bc0XS0shfsiOHaXFXTQLPn fsd05OiScO2e0t7XJMC0L7Aiq24BCYy6vUBv5GM/YaFKs/cVJB2v1LDGPBVxs/U/ iM8rzPIdvNkBqlpQBxezNAqomTQrG2OS5nz9obMLpI/Y4zlBKsgfXbykmoe+kmg+ GscbelFO2JJbgFH3+3XYIHzU2amZ+Ch9WYEw7dvnjttqFDir77HV5yNBL9moAa1c vcukvo3nFQUmZrzJw2dX =XWCi -----END PGP SIGNATURE-----
--- End Message ---
