Your message dated Mon, 14 Mar 2016 11:52:11 +0000
with message-id <[email protected]>
and subject line Bug#627884: fixed in ssldump 0.9b3-5
has caused the Debian Bug report #627884,
regarding ssldump segfaults when decoding some unknown enumerated values
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
627884: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627884
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ssldump
Version: 0.9b3-4
Severity: important
Tags: patch upstream
ssldump segfaults when decoding some unknown enumerated values
because decoder tables end with 0 instead of -1 expected by
table search routines
-- System Information:
Debian Release: 6.0.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages ssldump depends on:
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libpcap0.8 1.1.1-2 system interface for user-level pa
ii libssl0.9.8 0.9.8o-4squeeze1 SSL shared libraries
ssldump recommends no packages.
Versions of packages ssldump suggests:
ii tcpdump 4.1.1-1 A powerful tool for network monito
diff -urNad ssldump-0.9b3~/ssl/ssl.enums.c ssldump-0.9b3/ssl/ssl.enums.c
--- ssldump-0.9b3~/ssl/ssl.enums.c 2001-07-20 18:44:36.000000000 +0200
+++ ssldump-0.9b3/ssl/ssl.enums.c 2011-05-25 09:35:56.000000000 +0200
@@ -151,7 +151,7 @@
"application_data",
decode_ContentType_application_data
},
-{0}
+{-1}
};
static int decode_HandshakeType_HelloRequest(ssl,dir,seg,data)
@@ -498,7 +498,7 @@
"Finished",
decode_HandshakeType_Finished
},
-{0}
+{-1}
};
decoder cipher_suite_decoder[]={
@@ -728,7 +728,7 @@
"fatal",
decode_AlertLevel_fatal
},
-{0}
+{-1}
};
static int decode_AlertDescription_close_notify(ssl,dir,seg,data)
@@ -1031,7 +1031,7 @@
"no_renegotiation",
decode_AlertDescription_no_renegotiation
},
-{0}
+{-1}
};
decoder compression_method_decoder[]={
@@ -1095,6 +1095,6 @@
"dss_fixed_dh",
decode_client_certificate_type_dss_fixed_dh
},
-{0}
+{-1}
};
diff -urNad ssldump-0.9b3~/ssl/ssl_enum.c ssldump-0.9b3/ssl/ssl_enum.c
--- ssldump-0.9b3~/ssl/ssl_enum.c 2000-10-09 07:14:02.000000000 +0200
+++ ssldump-0.9b3/ssl/ssl_enum.c 2011-05-25 09:37:04.000000000 +0200
@@ -70,7 +70,7 @@
"application_data",
decode_ContentType_application_data
},
-{0}
+{-1}
};
static int decode_HandshakeType_hello_request(ssl,dir,seg,data)
@@ -260,7 +260,7 @@
"finished",
decode_HandshakeType_finished
},
-{0}
+{-1}
};
decoder cipher_suite_decoder[]={
--- End Message ---
--- Begin Message ---
Source: ssldump
Source-Version: 0.9b3-5
We believe that the bug you reported is fixed in the latest version of
ssldump, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sophie Brun <[email protected]> (supplier of updated ssldump package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 11 Mar 2016 10:42:20 +0100
Source: ssldump
Binary: ssldump
Architecture: source
Version: 0.9b3-5
Distribution: unstable
Urgency: medium
Maintainer: Debian Security Tools Packaging Team
<[email protected]>
Changed-By: Sophie Brun <[email protected]>
Description:
ssldump - SSLv3/TLS network protocol analyzer
Closes: 610334 627884 661276 668099 744515 765260
Changes:
ssldump (0.9b3-5) unstable; urgency=medium
.
* Take over the package and import it under the umbrella of the pkg-security
team.
* Bump to debhelper 9.
* Use quilt instead of deprecated dpatch (Closes: #668099)
* Drop debian/source.lintian-overrides for more-than-one-patch-system
* Add debian/clean to clean up generated files not cleaned by the
upstream makefile.
* Use dh-autoreconf (Closes: #765260, #744515)
* Compile against openssl (Closes: #661276) (thanks brian m. carlson)
* Add two patches to fix the warnings during the build:
update-for-glibc2.20.patch and add-missing-include.patch
* Add a patch fix-table-stop.patch (Closes: #627884)
* Add a patch support-TUN-interfaces (Closes: #610334)
Checksums-Sha1:
2ea4dbc4bf51ba7e70a6385ccea8db4b25c1bbca 1616 ssldump_0.9b3-5.dsc
23c678ed72078b436834aa1fa4c9dc84c737b455 8944 ssldump_0.9b3-5.debian.tar.xz
Checksums-Sha256:
06673fa33ebc461c362e805e98b688437d2c3b8044abc7a0bef3a035bda46b84 1616
ssldump_0.9b3-5.dsc
0c7d68d1db0c8e7eddeb739b91dca2bf32421fe8bac7d73b48c50a21c634d54b 8944
ssldump_0.9b3-5.debian.tar.xz
Files:
85e1611870f186f6fcaebce595bda2f8 1616 net optional ssldump_0.9b3-5.dsc
e7f1681f91b35eb2d54cbad79d28ee20 8944 net optional
ssldump_0.9b3-5.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Signed by Raphael Hertzog
iQEcBAEBCAAGBQJW5qHiAAoJEAOIHavrwpq5tG8H/0aF7DZebxuQLe0572j4Kvgu
DG8xQ+/jYcHNyEJ18YIHJ4S7cHjYzAac0KcYrHyxEqSv7jl1uzRY67h4+USsEQTV
8toxab+C3eLOtb4aZ3AbLYiwx1zIEvRBvsgzj618/MA007E8pN3ssbL5LsZCZ9xU
n3VlywdhXnoshQ8i/HHFKsgsUbeRoSD2i+oTznueB0mLeCutbGTyzpk1jzrhXBPs
0iZRKVhdjjoMOpHGbAuQvGlcKZSo0Hxwe9o9Fyaq6E7Rtmw5IuF8drb/l95jEkXI
0ozdAnfuf1q4dKeWrYL66a6w5nkJlGNCfU1TRbfQWvpD21YtXuyDI6SfvCbxIOE=
=HE9p
-----END PGP SIGNATURE-----
--- End Message ---
