Your message dated Thu, 04 Jul 2024 14:50:06 +0000
with message-id <e1spnmg-002o2m...@fasolo.debian.org>
and subject line Bug#1072789: fixed in netplan.io 1.0.1-1
has caused the Debian Bug report #1072789,
regarding netplan.io: CVE-2022-4968
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1072789: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072789
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: netplan.io
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for netplan.io.
CVE-2022-4968[0]:
| netplan leaks the private key of wireguard to local users. A
| security fix will be released soon.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-4968
https://www.cve.org/CVERecord?id=CVE-2022-4968
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: netplan.io
Source-Version: 1.0.1-1
Done: Lukas Märdian <sl...@debian.org>
We believe that the bug you reported is fixed in the latest version of
netplan.io, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1072...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Lukas Märdian <sl...@debian.org> (supplier of updated netplan.io package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 04 Jul 2024 15:22:20 +0200
Source: netplan.io
Built-For-Profiles: noudeb
Architecture: source
Version: 1.0.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Netplan Maintainers <team+netp...@tracker.debian.org>
Changed-By: Lukas Märdian <sl...@debian.org>
Closes: 1072789
Launchpad-Bugs-Fixed: 1987842 2020409 2051939 2055148 2065738 2066258 2071363
2071652
Changes:
netplan.io (1.0.1-1) unstable; urgency=medium
.
* New upstream release: 1.0.1:
- sriov: accept setting the eswitch mode without VFs (LP: #2020409)
- cli/sriov: refactoring
- tests: use proper 0o600 file permissions in more places
- doc: Adding missing 'watchfiles' dependency for Sphinx
- doc: Minor fixes in lang. and mark-up in YAML reference
- doc: Tutorial reorg & lang. + formatting improvements
- networkd: add wait-online enumeration utils
- generate: enable systemd-networkd-wait-online for non-optional interfaces
- CLI:utils: Do not ask for daemon-reload password interactively
- CLI:generate: call daemon-reload after (re-)generating services
- wait-online: Do not block on loopback interface
- generate: Do not touch wait-online, if we don't have any networkd NetDefs
- wait-online: wait for existing interfaces only and downgrade operational
state for interfaces without IP configuration
- wait-online: account for DHCPv4/v6 addresses
- wait-online: do not require virtual devices to be created already
- wait-online: recognize that bridge/bond members will never gain
link-local addresses
- networkd:apply: Drop handling of legacy wpa@ instance units
- wait-online: disabled wait-online for stable 1.0
- test:integration: Try to improve test flakyness
- autopkgtest: More fixes for flaky 'ethernets' test
- Increase some test timeouts to account for slow (riscv64) buildds
SECURITY UPDATE:
- libnetplan: use more restrictive file permissions
(Closes: #1072789, LP: #2065738, LP: #1987842)
- CVE-2022-4968
- libnetplan: escape control characters
- backends: escape file paths
- backends: escape semicolons in service units (LP: #2066258)
Bug fixes:
- cli: Fix logging setup when python-rich is not present
- CI: fix DebCI case for no-change rebuilds
- CI: adopt autopkgtest for 1.0-1 on 22.04
- doc: Update README, move CODE_OF_CONDUCT
- doc: fix en_GB spelling
- CI: adopt snapd.patch for autopkgtest SRU (LP: #2051939)
- parse-nm: add a workaround for the DoT DNS option (LP: #2055148)
- CI: Install netplan-ci PPA
- parse: don't remove datalist items during iteration
- ATTN: parse/bonds: handle same primary in multiple bonds
- parse/bonds: don't fail on primary reassignment
- cli/sriov: set eswitch regardless of pcidev.vfs
- doc: Fix wrong bonds.parameters.mode syntax in example
- parse: fix redefinition of gateway(4|6)
- doc:tutorial: fix whitespace formatting
- util: fix potential NULL pointer assert
- python: elements of __all__ must be strings
- tests: fix diff test with iproute2 6.8
- cli/generate: skip daemon_reload with --mapping
- test: cleanup after wait_online test to fix DebCI
- CI: fork spread to get !179 fixes
- doc: Fix netplan-generate.md formatting !483
- emitter: allow unicode characters in the emitter (LP: #2071652)
- parse: do not escape all non-ascii bytes
* d/t/control: 'diff' autopkgtest is not flaky anymore
* d/patches: Drop patches, applied upstream
* d/p/0003: Update 'udevadm trigger' patch, using MOVE action (LP: #2071363)
* debian/netplan-generator.postinst: Add a postinst maintainer script to call
the generator, so the file permissions fixes will be applied automatically.
* d/libnetplan1.symbols: Update for new internal wait-online symbol
* d/copyright: Update for 2024
Checksums-Sha1:
593b3d94a395bef2494606431d33bf9e232cdb3b 3012 netplan.io_1.0.1-1.dsc
d37d9de0e2de77265483699d6a520f2333fc5a74 481426 netplan.io_1.0.1.orig.tar.gz
cbdd1e56b6a6993f498c9e79e8e13a226086911a 19020 netplan.io_1.0.1-1.debian.tar.xz
3393a96d2a466d817630bc50b26fce048e88c78d 12195
netplan.io_1.0.1-1_source.buildinfo
Checksums-Sha256:
45dc5cb40e71f2c7ba33df0ce97e91186d3f4118a003ef870ab83a687d3079aa 3012
netplan.io_1.0.1-1.dsc
7dfdcfc8134eca71af04c4e786a926a474ea95d4ebe86f7cab2efe9460c5d81e 481426
netplan.io_1.0.1.orig.tar.gz
c9c899add251ee9c73bc2880491a4ec8558eb58c28795dad3a0828fe028e5e88 19020
netplan.io_1.0.1-1.debian.tar.xz
7f8164bdadbbdce2b7a94d44481b5dbab25dfb3b0b3fae6ab447998eab0acfeb 12195
netplan.io_1.0.1-1_source.buildinfo
Files:
4908ceaf11704b63441c8d93b8db64da 3012 net optional netplan.io_1.0.1-1.dsc
0f67745a00c55ffd26dc67708bf53157 481426 net optional
netplan.io_1.0.1.orig.tar.gz
4f1c3aa00cef8b270571964674399863 19020 net optional
netplan.io_1.0.1-1.debian.tar.xz
b1e80336b7bfa081305fca340ab825a4 12195 net optional
netplan.io_1.0.1-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE496GmCL5m2y8NfJ5v322IrMDrIsFAmaGsf0ACgkQv322IrMD
rIuiiA//Z7LdP6RqmA8DuSLLbfImWX++zNoGz1A4qQs/96/x/eWg1EShKU4C9Eep
1RmPOrX4BfBAw601rhvow1Wxy5UOco+7RJg0StPy1828RXFUAovmvzfs28tOI2MQ
nXdsQJRwJFAUypUTzytHGKdjXwKYZGva8oJfuOpkK3u7rF77kMCp6fVvLtf6e5rV
KtMePBCeju+MsOVBui/RNEeEAgF4N4xnYC/FYX3lunofsrbdvuQoa1iQFUZMpsH1
qpdhUVsJ2xCj2AKzmTKdPBQV/j4AM+aLuYudLhQ8Mw5E6XyUhh+Lk8M3E9sfpr5o
iJLV1BrQ2h3DmqQgxvLv9rLaC6U0vcK92hZn6Y1TEo++nAh4Za+S3JI3MeLjcLrW
bFDcEbZXubLuUEqFckjglzeLKHI0c4rtB5ru4Je7PZbJHHknWZjMFc1QzKfrqPF3
ynz0xYAF9gH3LPdRKjBxx9yMA9PNlu7eyKDreIgy9OcTNpeGx5ZmjN43vbM31nE2
OB9o0gFILKDuyBMq/fhAHdXVXXq4uBuhfUv5ltb7r5zwDWKtA5PM7ln6lG3eso5+
3+UIHdwVSYK/Q+W5dIrP/OtZ53sQtorBnTYljqIj03XjX0h9QgoQRZdQ1jAlBVlh
fmGLxZE2dSF1k0zx9TdX28cCSrtKMQsTn7k8sDp1jQlKT+ObTQM=
=hwlj
-----END PGP SIGNATURE-----
pgpt_GjQOOr8W.pgp
Description: PGP signature
--- End Message ---
