Your message dated Thu, 04 Jul 2019 21:33:39 +0000 with message-id <e1hj9mj-000eed...@fasolo.debian.org> and subject line Bug#908614: fixed in bro 2.5.5-1+deb10u1 has caused the Debian Bug report #908614, regarding bro: CVE-2018-16807: memory leak in kerberos scripts to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 908614: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908614 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: bro Version: 2.5-1 Severity: important Tags: patch security upstream Hi, The following vulnerability was published for bro. CVE-2018-16807[0]: | In Bro through 2.5.5, there is a memory leak potentially leading to DoS | in scripts/base/protocols/krb/main.bro in the Kerberos protocol parser. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-16807 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16807 [1] https://github.com/bro/bro/commit/34d0cf886ca16c665f673a299e295b2a2bc14533 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: bro Source-Version: 2.5.5-1+deb10u1 We believe that the bug you reported is fixed in the latest version of bro, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 908...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hilko Bengen <ben...@debian.org> (supplier of updated bro package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 25 Jun 2019 21:26:53 +0200 Source: bro Binary: bro bro-common Architecture: source Version: 2.5.5-1+deb10u1 Distribution: buster-security Urgency: medium Maintainer: Hilko Bengen <ben...@debian.org> Changed-By: Hilko Bengen <ben...@debian.org> Description: bro - passive network traffic analyzer bro-common - passive network traffic analyzer -- architecture-independent part Closes: 908614 908779 Changes: bro (2.5.5-1+deb10u1) buster-security; urgency=medium . * Add patches for CVE-2018-16807, CVE-2018-17019 (Closes: #908614, #908779) Checksums-Sha1: b3c98421e1f40ea5e5798383d40ed3ad30bb28c7 2368 bro_2.5.5-1+deb10u1.dsc e831a443660cb53bd74fc6b2aa4223a243ad7cdc 15721952 bro_2.5.5.orig.tar.gz 2816f28e28007853742ef90313300c3eb7dc2783 801 bro_2.5.5.orig.tar.gz.asc 646a77679987fa9a3c4f0e76c917fb5cfec2a411 37532 bro_2.5.5-1+deb10u1.debian.tar.xz 01d19766b4c0f7d3fe5c4c57093ecbc081f43487 7855 bro_2.5.5-1+deb10u1_source.buildinfo Checksums-Sha256: 5ea818b445f8e67f9321c129b7d4337b49dfe372b5b55f61d086108ea4d29668 2368 bro_2.5.5-1+deb10u1.dsc ec0b287d5686ce2f3d529302e5eb6972299ae0b17a204a7e5ca1967d24104398 15721952 bro_2.5.5.orig.tar.gz 48d613dc4826e916cf63923eed73122152ab61277698d42f34577a71c56fa79a 801 bro_2.5.5.orig.tar.gz.asc 958e8f30e77dd087dda387c7b8d29a52f6b4fd6aa1b13fe57771e9bfbbba72f3 37532 bro_2.5.5-1+deb10u1.debian.tar.xz 607a2651d0d08d0bc56fae9d7285d6abe76600ec877fae3f17c646ac3752e7d2 7855 bro_2.5.5-1+deb10u1_source.buildinfo Files: bb325ffa9693fb7267d29f8273cb3939 2368 net optional bro_2.5.5-1+deb10u1.dsc 60df0fad1c2b4f0766e680888c4dfc10 15721952 net optional bro_2.5.5.orig.tar.gz 9ddca7a395d4454d7e86e975ef9433f9 801 net optional bro_2.5.5.orig.tar.gz.asc 03d7289740ef7e45a16a9a2a3e9b84ab 37532 net optional bro_2.5.5-1+deb10u1.debian.tar.xz 6dc374dc5bae6e8ec0e8749a625ab00c 7855 net optional bro_2.5.5-1+deb10u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEErnMQVUQqHZbPTUx4dbcQY1whOn4FAl0b09oACgkQdbcQY1wh On415w//UScuNV5jF17sBhH3b337b7U/crnOfmh09abxpSyXwI3KhossTnZxGaX9 Br1QV04NbUH9dHpu/RM40LPuC7pcSH9MsZIuACFMQyxBL7WeKhZUFVlBKkXjTSZt HSG/KgR8yk9zfIXR4IRy103dyhAANbANMlEShxRSgk8lFPUYmymCAk05PmcyEiud aw4ngHZzznR7AZd6eOFKMiAOaM/2RoS4+EZaruaRDL56++C4c9rVKElkvGku3ho6 uP/29PD4ShviNh/OqlbuKYk4AIKtTEmocI4AtQu6l0E2moveJ0QZ7Q95S4Mnq4Mj jqoH1lUSrY0pfj8umWM1+DXl20UgfQn6WZUHRgkruHqMMtxYnMvqweG82xkGkMWC TqNj5jbObkN6KHZBYkzzHJ7CxhgEbDGRcmLNIzk8NP+vA1z3IoyVS88iclaRWkmU /FtnHWpmBC3XFT2HiVRC9WfVHNyM/QE6vVFsfJEEZ7Dt+zcXu6Thek1LjcTCnjjv gnBgwRXCbhp99GCYKQmq1jEBll4M/cwxMSse7d9NscXNlQmdJwQ8a6JKUSsQooBE oxOaxZwgTUYZnwNTsbDHb0pA4B+RhHft8Z5CH/HIgsOSpm+DQv5iiuy7K5xcWdY6 qTWEsg4lG6znQf7BJWWqAWFNfTSZvxlSL7DXci40Z3a/RiOILCc= =xzsb -----END PGP SIGNATURE-----
--- End Message ---
