Your message dated Wed, 10 Feb 2021 22:33:33 +0000 with message-id <e1l9y3b-0006h8...@fasolo.debian.org> and subject line Bug#982493: fixed in openvswitch 2.15.0~git20210104.def6eb1ea+dfsg1-5 has caused the Debian Bug report #982493, regarding openvswitch: CVE-2020-35498 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 982493: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982493 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: openvswitch Version: 2.15.0~git20210104.def6eb1ea+dfsg1-4 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 2.10.6+ds1-0+deb10u1 Control: found -1 2.10.0+2018.08.28+git.8ca7c82b7d+ds1-12+deb10u2 Control: found -1 2.10.0+2018.08.28+git.8ca7c82b7d+ds1-12 Hi, The following vulnerability was published for openvswitch. CVE-2020-35498[0]: | Packet parsing vulnerability If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-35498 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35498 [1] https://www.openwall.com/lists/oss-security/2021/02/10/4 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: openvswitch Source-Version: 2.15.0~git20210104.def6eb1ea+dfsg1-5 Done: Thomas Goirand <z...@debian.org> We believe that the bug you reported is fixed in the latest version of openvswitch, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 982...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand <z...@debian.org> (supplier of updated openvswitch package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 10 Feb 2021 22:59:35 +0100 Source: openvswitch Architecture: source Version: 2.15.0~git20210104.def6eb1ea+dfsg1-5 Distribution: unstable Urgency: high Maintainer: Debian OpenStack <team+openst...@tracker.debian.org> Changed-By: Thomas Goirand <z...@debian.org> Closes: 982493 Changes: openvswitch (2.15.0~git20210104.def6eb1ea+dfsg1-5) unstable; urgency=high . * CVE-2020-35498: Packet parsing vulnerability. Applied upstream patch: flow: Support extra padding length.patch (Closes: #982493). Checksums-Sha1: 0dd8d36345cdffd06b6980875e86b157ada9e9d1 3316 openvswitch_2.15.0~git20210104.def6eb1ea+dfsg1-5.dsc b0436e44a21263978d875af871a5deb18632fa1f 53420 openvswitch_2.15.0~git20210104.def6eb1ea+dfsg1-5.debian.tar.xz 6a7dbfac78d66690e2a4e2052bb0a15e424297c3 20160 openvswitch_2.15.0~git20210104.def6eb1ea+dfsg1-5_amd64.buildinfo Checksums-Sha256: 6575999f2951f0886aab18b5820f3a03154c4d507b5454f9017102259b4381c1 3316 openvswitch_2.15.0~git20210104.def6eb1ea+dfsg1-5.dsc 595a16f940134d9d9068d3d98d63170c5dc300ca0912473169ec3193291fad4b 53420 openvswitch_2.15.0~git20210104.def6eb1ea+dfsg1-5.debian.tar.xz 9eaa124c1eb1edf519c25726711774c6fc545fc262869976d34b6be9d97b7b6b 20160 openvswitch_2.15.0~git20210104.def6eb1ea+dfsg1-5_amd64.buildinfo Files: 41deb3766fd506d15b72d0d5c2ea64c2 3316 net optional openvswitch_2.15.0~git20210104.def6eb1ea+dfsg1-5.dsc 09dcd7b6fa76de2bd785e20b73059185 53420 net optional openvswitch_2.15.0~git20210104.def6eb1ea+dfsg1-5.debian.tar.xz 785149532fb8be4bd88ff307a2a7068d 20160 net optional openvswitch_2.15.0~git20210104.def6eb1ea+dfsg1-5_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmAkWk4ACgkQ1BatFaxr Q/6x5A/+P5B0LEPT706iXTcbJHvjTCPIfv9+P4V/BRkHWU7E34V7oubhPRVYf73H hw1CYDBwUaLq2x9pmuqbKRnHzvFLxuaBeCCpDvJvX5MWYzqr+ttzY/zvOmZFj1if gSa2N1K6BOxhop9XWXudC8ok/WtdLj/MHbNbOuCEtggdiqF8qZoDjMIsIijKIJcx FUgL0XghT7nWZVwjZbHIouz5fPqTsQYDOvX+hrR7cJMgeOlwXNqAgWJ/qtJ02Mpg JOmWNZhKQrzThyAxqwxmSD5Uayj1cQELzqARMsvF2N/fxGh1C1R6T5r7VeV6yTMS nfPKSTw9h9mhb8OJOe1HBzfXb9r9VHzuEbQe0k3ohXV5nQSubI8aXL8gTF1OUccn DNfeb2SCUc7PjokaxcEzoR3+vxm0I6gQt20sEXI9W1Bb/DOxspJqcBv/wbTNRfMS kuwD40QvKWXdFK/AeyD9do/ElB8ckgAxy+Ols5kF5IlipbLgbkosKPXqd8jYYWo2 PKrqcQPg5jrJVYyZqksVnIDw5cIrhiov507CWcVS+o5OAksEWgp4SAEJ+q7OLkOm BO50lIHNN1padCM0/SrHD8Ql47I4CDkZOeCsJERhsxFFJhOo5tuba/2b2dqJy2Dq OeuHKzdV8uHLxV3DhfQx5wtoQWfqX21jzHYc3tZceGTuIJniF/k= =PsKe -----END PGP SIGNATURE-----
--- End Message ---
