Your message dated Mon, 17 Jun 2024 14:47:38 +0000
with message-id <e1sjddy-00hmmo...@fasolo.debian.org>
and subject line Bug#1072366: fixed in libndp 1.6-1+deb11u1
has caused the Debian Bug report #1072366,
regarding libndp: CVE-2024-5564
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1072366: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072366
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libndp
Version: 1.8-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 1.6-1
Hi,
The following vulnerability was published for libndp.
CVE-2024-5564[0]:
| A vulnerability was found in libndp. This flaw allows a local
| malicious user to cause a buffer overflow in NetworkManager,
| triggered by sending a malformed IPv6 router advertisement packet.
| This issue occurred as libndp was not correctly validating the route
| length information.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-5564
https://www.cve.org/CVERecord?id=CVE-2024-5564
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libndp
Source-Version: 1.6-1+deb11u1
Done: Florian Ernst <flor...@debian.org>
We believe that the bug you reported is fixed in the latest version of
libndp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1072...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Florian Ernst <flor...@debian.org> (supplier of updated libndp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 11 Jun 2024 07:38:05 +0200
Source: libndp
Architecture: source
Version: 1.6-1+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Andrew Ayer <a...@andrewayer.name>
Changed-By: Florian Ernst <flor...@debian.org>
Closes: 1072366
Changes:
libndp (1.6-1+deb11u1) bullseye-security; urgency=medium
.
* add debian/patches/CVE-2024-5564.patch from upstream fixing CVE-2024-5564
(Closes: #1072366)
* d/gbp.conf: update for bullseye release
Checksums-Sha1:
0ee6b3fc099d2dae3289b5abe34babe432b91391 2083 libndp_1.6-1+deb11u1.dsc
300e63fcf69f6239dc6c5f82770437d5ffbc2dd4 364406 libndp_1.6.orig.tar.gz
936afe9993b64c40a49c8bcf0c3d6403f1da926e 3956
libndp_1.6-1+deb11u1.debian.tar.xz
5fd90b0748e90459e7e94585362467447918ca88 7029
libndp_1.6-1+deb11u1_amd64.buildinfo
Checksums-Sha256:
7533ca6807defe92e09e60292236dd85affef10b63162c6be481e0202f591676 2083
libndp_1.6-1+deb11u1.dsc
0c7dfa84e013bd5e569ef2c6292a6f72cfaf14f4ff77a77425e52edc33ffac0e 364406
libndp_1.6.orig.tar.gz
424c67ad49cd27f71e1e534bf68fb3e17d0cc7f80f0dc415979c0e98e1bca1e3 3956
libndp_1.6-1+deb11u1.debian.tar.xz
9736c33929ba93caa98ed2bba537bdba40a505b49e801d24c2c20a3e3a3811c6 7029
libndp_1.6-1+deb11u1_amd64.buildinfo
Files:
bc6658ac4567b8b37c5dd617d5c441b4 2083 net optional libndp_1.6-1+deb11u1.dsc
1e54d26bcb4a4110bc3f90c5dd04f1a7 364406 net optional libndp_1.6.orig.tar.gz
65d454bbcb8b5990c41b4350c0eceda9 3956 net optional
libndp_1.6-1+deb11u1.debian.tar.xz
4f857f8c23544e3a4fb6a24b8e29bc00 7029 net optional
libndp_1.6-1+deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEBn03XtJwVyplJ26xBjdBuvXdHs4FAmZn6D0ACgkQBjdBuvXd
Hs7OkBAArYvlWcfIAi9NdLU6mAM3JUO7v3fsETpsKv/7VP2oDZ7d/7mfERdPT2Zj
Xt+jiMW3Qxrabj/ISGNS1XFrv5cb0lua21Z1YadEpYZtb9FV7etwprT4rj4qb9E7
8R1i9klq9Wi03tMNKUt3EsXcrA1lMqqlzoTzM1qN0pxG5aVI3uUfQ4n/T5XMhm8X
L4bQdp3y8V+M3rTJpcIIGwVZfyI6kGnQ99KZYgc8ApmU+O9wrB7BzxzeqDgU3PIv
pGSTr6HHI2nBlfL+hHtuwcU7aFZUkgELb/yBZK6j/X0tUGOnLMEFdiutV/Y7QXex
cRW21urSOXGx6UQyGLtLKPrhbefyO0GEb9NnUpYgLoK7YAUc1Cn3BHWC+q9XKWHf
2JKH/z5flw48Tw3oWfP9V29D5I+SgPEGFb+yrOSLUxHC3SKi6kC4zEaB3bbUeU79
vBuJ352loMgUbgFP2J+Hy/7gcUBkB52sYFN3zY2vT02tzgB3qoK13ZuHyVTX2wGo
ZpYOVbJqbsFBCHaIrl5s3QFNrGTGtLbjB8hB3vMiQVV8qgfl2OBMowG8InxNIzRN
vNgqEUJg7rxyfevL4WZNsySvYsbN3cQ/nkwJp5dbZQJ0MgnsP8hiI6eExr7uYpIJ
TSoArcVXX1RfCrM/j96nfoF9wrZb4GVXQJa8NVX/wlyH69G8+LU=
=tNbW
-----END PGP SIGNATURE-----
pgpT9Bj8V9tSZ.pgp
Description: PGP signature
--- End Message ---
