Your message dated Fri, 15 May 2020 16:02:16 +0000 with message-id <e1jzcmu-000ia0...@fasolo.debian.org> and subject line Bug#960458: fixed in libreswan 3.27-6+deb10u1 has caused the Debian Bug report #960458, regarding libreswan: CVE-2020-1763 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 960458: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960458 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libreswan Version: 3.29-2 Severity: important Tags: security upstream Control: found -1 3.27-6 Hi, The following vulnerability was published for libreswan. CVE-2020-1763[0]: | An out-of-bounds buffer read flaw was found in the pluto daemon of | libreswan from versions 3.27 till 3.31 where, an unauthenticated | attacker could use this flaw to crash libreswan by sending specially- | crafted IKEv1 Informational Exchange packets. The daemon respawns | after the crash. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-1763 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1763 [1] https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libreswan Source-Version: 3.27-6+deb10u1 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of libreswan, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 960...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated libreswan package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 13 May 2020 05:33:51 +0200 Source: libreswan Architecture: source Version: 3.27-6+deb10u1 Distribution: buster-security Urgency: high Maintainer: Daniel Kahn Gillmor <d...@fifthhorseman.net> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 960458 Changes: libreswan (3.27-6+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * DoS attack via malicious IKEv1 informational exchange message (CVE-2020-1763) (Closes: #960458) Checksums-Sha1: 6b268a226761104a440491749596bcd865d480fe 2765 libreswan_3.27-6+deb10u1.dsc c2e4b418ea286168bb022620a6af6a70cecffd14 3720103 libreswan_3.27.orig.tar.gz ed4c52832275d5e3dafaeb445b88dfa01ce17806 801 libreswan_3.27.orig.tar.gz.asc 577d27df6434544b6b8067a9a2432266ca4d6974 19072 libreswan_3.27-6+deb10u1.debian.tar.xz Checksums-Sha256: f7305127d20f4cadd5dcbd898df1c375e8dd1c5d44dfc9d889e7c24c9fad011c 2765 libreswan_3.27-6+deb10u1.dsc ead07dd701116094b483dc57e54e2a5ee9a06d3982bb142260bcbf3d1faf7b82 3720103 libreswan_3.27.orig.tar.gz 1c5d751bcea35f0fa90a5abd214634dbc04e086fa92286e7b3e5574c97a33d3d 801 libreswan_3.27.orig.tar.gz.asc b259466f07f986be3161a1707f297de003e5fae37e55f99155cec7f18a6a788a 19072 libreswan_3.27-6+deb10u1.debian.tar.xz Files: 1fd22c26c89427f1f2b00bb59155c575 2765 net optional libreswan_3.27-6+deb10u1.dsc a53f0545628cf3b5ccfc72a999388eb8 3720103 net optional libreswan_3.27.orig.tar.gz 8811894df384062ebbe9d8f42a458e77 801 net optional libreswan_3.27.orig.tar.gz.asc 45c6c4ddc7879cf1f874e265eee3ce90 19072 net optional libreswan_3.27-6+deb10u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl67btRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EId8P/jF2iiQgPiE6hPI90nyW6o5xizrSI/2y rk0ogSvimHWU47IYAhXXAXzCUTsvrXaP9y03MKwigy6n7SuaBPXp2hWttIXWYF2+ iEuWPUaUOcTj8zwG0PIZW0eyR7pbt3pU7adsZYgKsZehOrvVctVmHoxRhqLwIAQY 794+ZZzwSIPsXRTL+yQUzMAbmxdIfBuxhHCMORu+7Skf50Nyi9JKzgPNMTnWTBjD V9OCALUMoiXUegw9+8c4DbCbeyboNLimcEmYbYMSpbis56kjiYs8/xESocRMEQVF hRotFaA7/1OGCodC6yYs+4hvJAmZG7251r2YjuUh8RUP4MyNC5s+xNmbWkGxg5BQ +3lURv5HPbKC7xZQ3v4bkkbwC7INKb8sin6ZQftNVCw2jAIHDFrkIEQBnYN7/pnq TIFsNIG+JSvMZJxVOo+41lxqmvhM8n9YVEu6LLee9He0dstcuYXAdzzar3rLxJSp 77SMB8Vg7SU+1yT+hl3wSk4/FC8S7uhQOYJXKssHaHNOkagxawOC201zh+fBIzDA MgKKpBoo0pYcw6uXH/pUDIMZPV/BXC6vLBs6hc898NTFCBkwyvwRhw0txAIKj+Yb KbqiT5mtpH9/FNcOgf/Z2MCuhttXEaIqFaf4LDIfePs214jYiWDnBEf7+OQTFQJd z+OJKGVRkmdM =d1LA -----END PGP SIGNATURE-----
--- End Message ---
