Bug#985088: marked as done (CVE-2020-6098)

[Debian Bug Tracking System]

Your message dated Mon, 22 Mar 2021 17:48:26 +0000
with message-id <e1loofc-000io3...@fasolo.debian.org>
and subject line Bug#985088: fixed in freediameter 1.2.1-8
has caused the Debian Bug report #985088,
regarding CVE-2020-6098
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
985088: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985088
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: freediameter
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>

Please see https://talosintelligence.com/vulnerability_reports/TALOS-2020-1030

Possible fix:
http://www.freediameter.net/trac/changeset/19ab8ac08a361642e7f9ec9f2657202c6f8ef9ee/freeDiameter?old=edfb2b662b91af94b2fccc48b11eec904ccab370
                

--- End Message ---

--- Begin Message ---

Source: freediameter
Source-Version: 1.2.1-8
Done: Thorsten Alteholz <deb...@alteholz.de>

We believe that the bug you reported is fixed in the latest version of
freediameter, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 985...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thorsten Alteholz <deb...@alteholz.de> (supplier of updated freediameter 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 22 Mar 2021 18:03:02 +0100
Source: freediameter
Architecture: source
Version: 1.2.1-8
Distribution: unstable
Urgency: medium
Maintainer: Debian Mobcom Maintainers 
<debian-mobcom-maintain...@lists.alioth.debian.org>
Changed-By: Thorsten Alteholz <deb...@alteholz.de>
Closes: 985088
Changes:
 freediameter (1.2.1-8) unstable; urgency=medium
 .
   * Team upload
   * CVE-2020-6098 (Closes: #985088)
     Anybody can send a specially crafted Diameter request, which triggers
     a memory corruption and thus results in a denial-of-service.
Checksums-Sha1:
 ebe6fa43b230de1364a4f9542bd19f816f14908b 2617 freediameter_1.2.1-8.dsc
 ccdc834197e38716f6fbe22f62daeb37bfa7af20 10872 
freediameter_1.2.1-8.debian.tar.xz
 a5e871b6776ff663db8896a20b7aa277ba69dfb2 10005 
freediameter_1.2.1-8_amd64.buildinfo
Checksums-Sha256:
 13ba3d1c9175a85680efd2ec23222fd9d398734c2855ed6309cd8ee90db120b0 2617 
freediameter_1.2.1-8.dsc
 5f28c5381004f6e6b86cc536c3a43e4813998e7bfedf1663addde42029778520 10872 
freediameter_1.2.1-8.debian.tar.xz
 bf50662e35a6ad77c250b1c3b2360e950313d76998a9ed0132c0f3b7c835d6b6 10005 
freediameter_1.2.1-8_amd64.buildinfo
Files:
 d5db6f043beae49b7f6907723bd8dab9 2617 libs optional freediameter_1.2.1-8.dsc
 3b911f8d71e797d7e43a375f59b8a4b1 10872 libs optional 
freediameter_1.2.1-8.debian.tar.xz
 d09f5a0181b382bc5fbaaab31f900b33 10005 libs optional 
freediameter_1.2.1-8_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmBY00JfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR59hEACQTLirUFF81uoYfzhwD0COBpy6OnVg
xDckTchfeXfSpcFQCKVxT8drERqzLBfkGm6Zwt2VlSkqoLRp+YfuT4IUaskLWLqr
mGFbcQaaSRDFCzCKk81x0tDDT6BfvSaeSvkgMBfANfqD4HL5hJX9gmUW/ZVNQNuq
h4yzF5r9lueqDUdTjn8Vx5YMxPkqkCqJWY7VGbC2i8oysWpdVVLZNBp609TFp2j/
uHIxLyV/afBU6bxqxdvUzO+ifN1jkpB0rv+jzQHc5Fl+2Fb8AubsKkJaBTB4giDN
e4ejlqpXuvYwpqRF+pHsAMXmKLwVr4Km2CtXFZsMRoZOiE/T1b8XWUoAf0BH5ABf
HXLUl+5ehDCukWRR3sn0FWMYwZ5mblUyWxAUsmiOzYAFhEeQf8aLPVR1aeCJMZPR
xGTMCf6Xk7PiDLtAimRy7YCzosh9IPxgbZQpwm3Q5X+8ULPbUdkTgtEtnedJFDB2
mRDPohuor5N7MUREMy1mMwQeciwTm1m9Fvx/Xv6XoO+xP2rYyYGwTNUWY93Apg/Z
MYc+rKYxPG+/An5hw+VLPFpa7L6zgVguldwzKLJbQ3MA3fD/G96TKKpcqWiBoNLS
50KJQyQTx4k8ebekeTAoflym6ArALiVOd1JhEFVha7E8PR08HHkht5OfFs8yMf/v
wGuhna61dDvfRQ==
=NWln
-----END PGP SIGNATURE-----

--- End Message ---