Bug#990759: marked as done (FW: [Linuxptp-devel] linuxptp: Fixes published for CVE-2021-3570 and CVE-2021-3571)

Wed, 07 Jul 2021 00:12:24 -0700 

Your message dated Wed, 7 Jul 2021 09:09:20 +0200
with message-id <[email protected]>
and subject line Re: Bug#990759: FW: [Linuxptp-devel] linuxptp: Fixes published 
for CVE-2021-3570 and CVE-2021-3571
has caused the Debian Bug report #990759,
regarding FW: [Linuxptp-devel] linuxptp: Fixes published for CVE-2021-3570 and 
CVE-2021-3571
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
990759: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990759
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: linuxptp
Version: 3.1-2

CVE-2021-3570
CVE-2021-3571

-----Original Message-----
From: Richard Cochran <[email protected]> 
Sent: Tuesday, 6 July 2021 00:30
To: [email protected]
Cc: [email protected]; [email protected]
Subject: [Linuxptp-devel] linuxptp: Fixes published for CVE-2021-3570 and 
CVE-2021-3571

Dear list,

Now that the embargo period has expired, I published fixes for:

   CVE-2021-3570 linuxptp: missing length check of forwarded messages
   CVE-2021-3571 linuxptp: wrong length of one-step follow-up in transparent 
clock

The fixes have been published to SourceForge and to GitHub:
https://sourceforge.net/projects/linuxptp/
https://github.com/richardcochran/linuxptp

The tags with the fixes are as follows:

   v1.5.1
   v1.6.1
   v1.7.1
   v1.8.1
   v1.9.3
   v2.0.1
   v3.1.1

In addition, the head of the master branch (soon to be version 3.2) also 
includes the fixes.

Although it is possible to apply the fix to versions 1.2, 1.3, and 1.4, those 
versions are obsolete and do not pass our CI tests.  For this reason I decided 
to withdraw them instead.

Thanks,
Richard


_______________________________________________
Linuxptp-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/linuxptp-devel

--- End Message ---
--- Begin Message --- 
Hi,

On Tue, Jul 06, 2021 at 11:40:58AM +0000, Geva, Erez wrote:
> Package: linuxptp
> Version: 3.1-2
> 
> CVE-2021-3570
> CVE-2021-3571

This is alrady covered by #990748 and #990759.

Regards,
Salvatore

--- End Message ---

Reply via email to