Your message dated Sun, 07 May 2023 21:33:46 +0000 with message-id <e1pvm0o-007q2r...@fasolo.debian.org> and subject line Bug#1033752: fixed in sniproxy 0.6.0-2.1 has caused the Debian Bug report #1033752, regarding sniproxy: CVE-2023-25076 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1033752: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033752 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: sniproxy Version: 0.6.0-2 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for sniproxy. CVE-2023-25076[0]: | A buffer overflow vulnerability exists in the handling of wildcard | backend hosts of SNIProxy 0.6.0-2 and the master branch (commit: | 822bb80df9b7b345cc9eba55df74a07b498819ba). A specially crafted HTTP, | TLS or DTLS packet can lead to arbitrary code execution. An attacker | could send a malicious packet to trigger this vulnerability. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-25076 https://www.cve.org/CVERecord?id=CVE-2023-25076 [1] https://talosintelligence.com/vulnerability_reports/TALOS-2023-1731 [2] https://github.com/dlundquist/sniproxy/commit/f8d9a433fe22ab2fa15c00179048ab02ae23d583 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: sniproxy Source-Version: 0.6.0-2.1 Done: Thorsten Alteholz <deb...@alteholz.de> We believe that the bug you reported is fixed in the latest version of sniproxy, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1033...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thorsten Alteholz <deb...@alteholz.de> (supplier of updated sniproxy package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 29 Apr 2023 19:03:02 +0200 Source: sniproxy Architecture: source Version: 0.6.0-2.1 Distribution: unstable Urgency: medium Maintainer: Jan Dittberner <ja...@debian.org> Changed-By: Thorsten Alteholz <deb...@alteholz.de> Closes: 1033752 Changes: sniproxy (0.6.0-2.1) unstable; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2023-25076 (Closes: #1033752) fix buffer overflow while handling wildcard backend hosts Checksums-Sha1: ff6fb1ffe2f584572c6de932aaf60450fc9596f6 2058 sniproxy_0.6.0-2.1.dsc 26ff187c46eb4f98f9f1731cd26f341383ea6454 78515 sniproxy_0.6.0.orig.tar.gz 1505e5413f208cf7785d125a5bb1544d409ca459 7340 sniproxy_0.6.0-2.1.debian.tar.xz 6256b901e396c552b3f0680ad2d6fd5f09877dfa 7336 sniproxy_0.6.0-2.1_amd64.buildinfo Checksums-Sha256: 032be20f6310fa1b743ef60be22c0277eb9cfa53142270d0c5fe6b95f8f1bc76 2058 sniproxy_0.6.0-2.1.dsc d73c77a9fa8199ae7ac551c0332d3e0a3ff234623f53d65369a8fa560d9880e2 78515 sniproxy_0.6.0.orig.tar.gz 2c03f74321c9183d242913bc7e87f95367dfdb789de4d264fa1bc0491a58a6fa 7340 sniproxy_0.6.0-2.1.debian.tar.xz aa7a1b07de5ec2734069bba1746909618b6cc96f8cf6cff1287215e75ba96f14 7336 sniproxy_0.6.0-2.1_amd64.buildinfo Files: 5b6146ac2c06b3dc18e1ca2eb9b3b980 2058 web optional sniproxy_0.6.0-2.1.dsc bcfb5d1efe045b8b356a4229f2339f02 78515 web optional sniproxy_0.6.0.orig.tar.gz 97e3c75be1be7de632d788e3d7eae9ab 7340 web optional sniproxy_0.6.0-2.1.debian.tar.xz 5fe05ee9d1ac2ddc235584fb9e96c13b 7336 web optional sniproxy_0.6.0-2.1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmRYFgVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR/WED/48gWUU5xsRY3oRqvnAqDJKYjda/kxe LycoMMCyM2RwVyXb1eMv0dPSN+jvbvI6mj5+d2wZDOO/j1DCJqLmT34Vipk8TEbv H6f1deS6uXqzIWz2akxR4mmwOv94+KemTYFktrVMLxgW367ewc1QvEcgn2qkW+5l 0kRZZU64ZAWWAroOCCiapUIjMHm6ClBAJaXVcKJxKFWoLtjSc3Z+jD6OAjsHR7M4 sWGq419gS93ju8woedQ6gU+ZW19Vk+lDHzBE3A7EW/SoN671zDyPe5RRmYAT6jnz TzNu34Mp3CPZru4FI2suPBrVvJFeMq2LJiFPk20VoQhE3jnyfei5HA2lBgR3cXV/ PyBrkyyFB4grmC3BFw2T6iONrOhwHPWHO9JGgMB6EOyi+WaNfp772ZGOQdtkYh3D L3bQ3q65q5KssHmFN4/p3jVCLYEkrcMRztsFcx1jZcVxRAa+UprHGvnEFa35GcKP TWHxm5tSHP8Ta63qYA4VeJCu0PRb7zzl9ImpeXOvU2TPWceBRC6FtdwWoNeI6F6P kGnwk4WbVMiROGwkRVAlw6Ddt18R0y8OWz2uY4L723P/ZV2dnFxd2eUAehFd+cEZ /dQ7lZgQP+xj12+bNi28BnEnXX8FQ3HyBimtDiobAMFTGH2B2X/KJxa79XlKTJCM m5MJ4YzQPj7Aew== =4Mb1 -----END PGP SIGNATURE-----
--- End Message ---
