Your message dated Sat, 30 May 2015 10:35:06 +0000 with message-id <e1yye6c-0004ue...@franck.debian.org> and subject line Bug#785778: fixed in ipsec-tools 1:0.7.3-12+deb6u1 has caused the Debian Bug report #785778, regarding ipsec-tools: CVE-2015-4047: null pointer dereference crash in racoon to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 785778: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785778 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ipsec-tools Version: 1:0.8.0-14 Severity: grave Tags: security upstream Hi Marked as severity grave as this could lead to denial of service, see the following for details: http://www.openwall.com/lists/oss-security/2015/05/20/1 No CVE is assigned yet (will update the bug once assigned). Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: ipsec-tools Source-Version: 1:0.7.3-12+deb6u1 We believe that the bug you reported is fixed in the latest version of ipsec-tools, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 785...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated ipsec-tools package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 24 May 2015 19:28:09 +0200 Source: ipsec-tools Binary: ipsec-tools racoon Architecture: source amd64 Version: 1:0.7.3-12+deb6u1 Distribution: squeeze-lts Urgency: high Maintainer: Stefan Bauer <stefan.ba...@cubewerk.de> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: ipsec-tools - IPsec tools for Linux racoon - IPsec IKE keying daemon Closes: 785778 Changes: ipsec-tools (1:0.7.3-12+deb6u1) squeeze-lts; urgency=high . * Non-maintainer upload. * Add bug785778-null-pointer-deref.patch patch. CVE-2015-4047: Fix NULL pointer dereference in racoon in gssapi.c leading to a possible crash and denial of service attack. (Closes: #785778) Checksums-Sha1: 5f52457e7eff9ad112a34a1ce660f23a222b8122 1792 ipsec-tools_0.7.3-12+deb6u1.dsc 5c3daa6a1592a54c384a328bd6981eb1a3f6b59a 51968 ipsec-tools_0.7.3-12+deb6u1.diff.gz 2291c6f0fc6d8b5946972f84100ccaddff5e4e29 86926 ipsec-tools_0.7.3-12+deb6u1_amd64.deb c4b657f80cdb80ecda22158b1fee75dc69f63415 410660 racoon_0.7.3-12+deb6u1_amd64.deb Checksums-Sha256: 937d8428fde9758466c9c8670a07044902299d75c1a447ad05c65a9468990310 1792 ipsec-tools_0.7.3-12+deb6u1.dsc 1491e942de594c513ac2c682d33cffd8904a9952f6fec381f1656da70999dba7 51968 ipsec-tools_0.7.3-12+deb6u1.diff.gz db3a474a559272ae17876553120a2e5367d0894ea01c0fe0872083cf0b381764 86926 ipsec-tools_0.7.3-12+deb6u1_amd64.deb d2ae4dce4490bda32a56b4157422235d97db3e24e189528613c7f9d42a2c6e67 410660 racoon_0.7.3-12+deb6u1_amd64.deb Files: 392822261152fa8237ec066efcb69259 1792 net extra ipsec-tools_0.7.3-12+deb6u1.dsc 88cfa32c42fc1c0dba8f9359e3caec0d 51968 net extra ipsec-tools_0.7.3-12+deb6u1.diff.gz 043ee1cfa1458e652be21edc2933c615 86926 net extra ipsec-tools_0.7.3-12+deb6u1_amd64.deb ebb992f10c8bd8c5a29cf244eaface3f 410660 net extra racoon_0.7.3-12+deb6u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVaY2tAAoJEAVMuPMTQ89EooAP/16nRF06aCYSuSjC/tBlS0k+ 7Uk8OyCT8HUCv9F6afLvKKK18XUZkZj55rpaeaxrTJ0tfMLM4il8MdRhxVoBZh5k 9lL937fzsI3NwCYGn5HYQF9+5eHDChW+xyS3vOLDJctQmnv4bNLkIHzbQOZKFxHz d4iCeIOFT0bZnMteplgb9v5s6pgote8IHvsr5Gju520SJKpBDskYIXjmuw53m5ep DE/N+0Qtl7QUf+5Oq0+Dw7pc0tB84aMXcUFK+v4f0JnM+ybP3rlQ1Ac9jtjcVDCw jiW8olT+9O2ebnfc8lpjmrTZb54up/rJtiZG1sruLox5598ZwQXGpFi4cHy/trOY 6qpDN+VO8uweEaEd6RKLS1N672aF0bAGrSTkucyFWvqfPAuPz1wlZZT/lC4x6EZs 7K/4RWwv0G5LVqCHK5fXV1UAXny4uqdAJKZpbItctnBu7imOEaLiA9xg4drlGo/Z 9qYs8NS/fTjmU4iMEciBZpsS1AJtoA4v8MvnXCHToXA25eF56HPv+GmjpYqJGrfF LWfquY/HwJKeLunUa54VCIq3QVEgMjlWDnqAmqayU7fSesyoKxr3k0hLepa+ixru 66Vnkw63yreWNR6ZNA7QG0QNHHlUMnCX+JNHGjjnl0tOtqFAW/CzxOJ+C8nPi49P f7Pz60F7Je7ZRx2kGMg/ =USA4 -----END PGP SIGNATURE-----
--- End Message ---
