Your message dated Sat, 23 Sep 2017 20:02:47 +0000
with message-id <[email protected]>
and subject line Bug#873804: fixed in tcpdump 4.9.2-1~deb8u1
has caused the Debian Bug report #873804,
regarding CVE-2017-11541
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
873804: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873804
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: tcpdump
X-Debbugs-CC: [email protected]
[email protected]
Severity: important
Tags: security
Hi,
the following vulnerability was published for tcpdump.
CVE-2017-11541[0]:
| tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print
| function in print-lldp.c, related to util-print.c.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-11541
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11541
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: tcpdump
Source-Version: 4.9.2-1~deb8u1
We believe that the bug you reported is fixed in the latest version of
tcpdump, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Romain Francoise <[email protected]> (supplier of updated tcpdump package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 09 Sep 2017 21:39:47 +0200
Source: tcpdump
Binary: tcpdump
Architecture: amd64 source
Version: 4.9.2-1~deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Romain Francoise <[email protected]>
Changed-By: Romain Francoise <[email protected]>
Closes: 867718 873804 873805 873806
Description:
tcpdump - command-line network traffic analyzer
Changes:
tcpdump (4.9.2-1~deb8u1) jessie-security; urgency=high
.
* New upstream release, fixing 90 new CVEs. See the upstream changelog
for the full list (closes: #867718, #873804, #873805, #873806).
Checksums-Sha1:
5511b408ac90d1157b4f54a598150c0c92a7a16b 1950 tcpdump_4.9.2-1~deb8u1.dsc
09569a91048a05d99fd201acb17244dd09227b3a 12832
tcpdump_4.9.2-1~deb8u1.debian.tar.xz
3fa24d9d0c6f59df0a684ada33e05aad64630ec8 5171
tcpdump_4.9.2-1~deb8u1_source.buildinfo
bff0a5af307e9aff5e91b3a0b8ae9bbcc4c56a3e 414518
tcpdump_4.9.2-1~deb8u1_amd64.deb
Checksums-Sha256:
e39b80bcd6c082f1b72428b9a20a591de48a399db5e6b94438bb2ff02e2f0e97 1950
tcpdump_4.9.2-1~deb8u1.dsc
4a778f95c28072499b2156d61123b179b7dd606342d675546e6b7cd0eeb5e6d5 12832
tcpdump_4.9.2-1~deb8u1.debian.tar.xz
c3d5b796b9624f8ca238bdbb50764548980f5eff2ef675669aa6c383c8c93cdd 5171
tcpdump_4.9.2-1~deb8u1_source.buildinfo
6bcf465812a09a327caf18360685bece7cb183f45dd6ac3d9bc28f16976edf75 414518
tcpdump_4.9.2-1~deb8u1_amd64.deb
Files:
6c9fdef5786f8deec27ab1a9fe4c599b 1950 net optional tcpdump_4.9.2-1~deb8u1.dsc
26efb3f35c818ddb09363db9690c3882 12832 net optional
tcpdump_4.9.2-1~deb8u1.debian.tar.xz
3fc5218e1bf121e2ed4a9adb21b80f0c 5171 net optional
tcpdump_4.9.2-1~deb8u1_source.buildinfo
9b260d56dbd89931d275c539d1a689d1 414518 net optional
tcpdump_4.9.2-1~deb8u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEvjSXQsqYfs1+d+QtrRX0NfBfli0FAlm4HTgACgkQrRX0NfBf
li1bpRAAm+UVbGXKd3pJ3+eXrJSWnLmtTNWa+R0uW64Kc9rGJMUrHLxw1UlZdZrJ
LdUiTT5g+66z+LtJOwtv91Nzc5nfviADyJM1gNc4gVt4xGUVcKCOku4ii18MuQnB
h0GQxJVtMXnE8bcYuDwgT3HSdFBV5WLMZ+wOxW2nsrxtjmq2QnYR8xi72US01uuU
kbSiihPGR0neS1jkEcavnJ/Ra2wf+j6ky91mmtu0WuNW5MsXidrmKMhb5kttBieF
SZeBBGhVB7UehS1jyGdyRzlkiYV1+GkpOE9tAEFoqjYh3QFMJHw3L1tfejd28CH3
gWwo7SaW+w8+1WRQj1j0wJ1VCRQSlThr2sqlbiBCfoEWbtIWajo1pYuEQHuNq5n5
dryUMf5hDMM/1UdwmsibpZJsZ1xWojN5KA0fnSevDZYQDaIiDejb8qk/ZRuj6zn7
SXYfEbpr2NctUnVui8ZW708uwKxm0nbLKwNzT1asnO7uoJkvof7X93y2a/4sQ9ZS
5D/VQo2suWcJv758iyjCHdRseLUtoHM6xzWOQEI4HV9qSv5DPcmSCYx2GwVdELgL
cniRRZtDhQtodbgkRHHmodOPn1ffGBNGmnBEiM8+CEVrPiIPx138wyOoudC3mViw
GRjNA2i6+9oLBbfhoNXcVZkAlWfCFMjG7Gryn8bjyOUSWfFRLCI=
=Z8T3
-----END PGP SIGNATURE-----
--- End Message ---
