Your message dated Sun, 24 May 2015 13:32:35 +0000 with message-id <e1yww15-0002pt...@franck.debian.org> and subject line Bug#785778: fixed in ipsec-tools 1:0.8.0-14+deb7u1 has caused the Debian Bug report #785778, regarding ipsec-tools: CVE-2015-4047: null pointer dereference crash in racoon to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 785778: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785778 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ipsec-tools Version: 1:0.8.0-14 Severity: grave Tags: security upstream Hi Marked as severity grave as this could lead to denial of service, see the following for details: http://www.openwall.com/lists/oss-security/2015/05/20/1 No CVE is assigned yet (will update the bug once assigned). Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: ipsec-tools Source-Version: 1:0.8.0-14+deb7u1 We believe that the bug you reported is fixed in the latest version of ipsec-tools, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 785...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated ipsec-tools package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 22 May 2015 08:05:50 +0200 Source: ipsec-tools Binary: ipsec-tools racoon Architecture: source amd64 Version: 1:0.8.0-14+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Matthew Grant <matthewgra...@gmail.com> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: ipsec-tools - IPsec utilities racoon - IPsec Internet Key Exchange daemon Closes: 785778 Changes: ipsec-tools (1:0.8.0-14+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * Add bug785778-null-pointer-deref.patch patch. CVE-2015-4047: Fix NULL pointer dereference in racoon in gssapi.c leading to a possible crash and denial of service attack. (Closes: #785778) Checksums-Sha1: 2fd0dbf067d47aa1ac94caa683812343e5586000 2051 ipsec-tools_0.8.0-14+deb7u1.dsc 2f8057f12cc8b0697fc0cc6826df1bccd2292291 1057292 ipsec-tools_0.8.0.orig.tar.gz 9cdbf36c6f91e48470b6af6cab6864abab2f9622 69081 ipsec-tools_0.8.0-14+deb7u1.debian.tar.gz 37afc0cf3243db2bcec675c2033691ab38efcaaa 103060 ipsec-tools_0.8.0-14+deb7u1_amd64.deb 34beced4df183a97d8c4def760c7cbb901e83de5 457602 racoon_0.8.0-14+deb7u1_amd64.deb Checksums-Sha256: c8b78d505a5be3282b5c9d0441537dd933a894b238a0ade59897967278f6c854 2051 ipsec-tools_0.8.0-14+deb7u1.dsc 985297bd91c73eeb83e60cea7b6404e12fc4d93b215ded8232a5c1c230332c4f 1057292 ipsec-tools_0.8.0.orig.tar.gz 6221bacdbbfbcd01e2a4a0493f6e38aa1ea2278808da522380035d06f43c5972 69081 ipsec-tools_0.8.0-14+deb7u1.debian.tar.gz 4246c486814fd8dca4b01cd082e8b2d7c1803e162755fe0e4dc835d7129383b9 103060 ipsec-tools_0.8.0-14+deb7u1_amd64.deb ba113f7295a6e2546804d2b3f519edb3bf3bde2aedf9b29f8f8cc8ea6ec20649 457602 racoon_0.8.0-14+deb7u1_amd64.deb Files: fb5cb35e145ec5d49b4e0c44f0ca8c1d 2051 net extra ipsec-tools_0.8.0-14+deb7u1.dsc c9a318cdbc0946f4e51464866d529739 1057292 net extra ipsec-tools_0.8.0.orig.tar.gz 0b2f25e5cb845afecf6550567102788e 69081 net extra ipsec-tools_0.8.0-14+deb7u1.debian.tar.gz 6b47a45ae0cf4ebf908b26a236d6806d 103060 net extra ipsec-tools_0.8.0-14+deb7u1_amd64.deb 5646804899ce8c67b849a4973a47d16b 457602 net extra racoon_0.8.0-14+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVXt+rAAoJEAVMuPMTQ89EiqcP/jmKD9vWxFYqH31jVydDTGZ5 F6v+sv01HtknERkq4+ZNgAHZ8dKUggEasoAEewm+XlDqHbLhE3XTkvRRRRSLkGRA 1ADrLDn0IMiqpUAxNbVDYR00K2f4CUUPTKPt2dMdwUfT3kQR3094QULtkwcT3ene VKh5/V55cfGx1fhgt1k/z58B2h9l3r0H0mLTWjJdLU3jTYocp+DsCE/N7+Q13X51 q44vXdV2ZnnaydLpk7albK040ZSX6oI66LIydzoW4THt3VA+fXr+lpRy973wPL27 Yb50Sk1awIKDV/qd4jGekfXAUWcTOW1HZ4j6AH0wwGojyTsEs4UzanzNoTLDnYgR NXufCa3xl1kNyT2unoS/kd3BEueaByUfhhMF0lDBz1e2DMJIBasbFB7O/iZblz1S +oK5s/bWiVdysb8YCsTWIQA9FtfIdxv34cHaKftlAu0YpJleIGsEMqZWdYyuVrBN YHhh/rfbJXgnpHRIPwZANYWkXjkmqkoRs1O1epdO/r1yXEyEKN7dLNyRY4k7AuMw BEoOm8V8BWAqsQkAmUYMaSdQoK18claOlR3XlpjjFrZQI31ZOzXe5MpgxflDJQPu d/6wW85OzZiihF6hx3kJ08/QPp2jSC/ngoHuL3J/AvK2ZQahh4uHm3yT9SIv12w/ qPEraCOz5x8+yFrKRKeH =jDyS -----END PGP SIGNATURE-----
--- End Message ---
