Bug#941697: marked as done (libpcap: CVE-2018-16301 CVE-2019-15165)

Debian Bug Tracking System Sun, 06 Oct 2019 09:40:57 -0700

Your message dated Sun, 06 Oct 2019 16:34:36 +0000
with message-id <[email protected]>
and subject line Bug#941697: fixed in libpcap 1.9.1-1
has caused the Debian Bug report #941697,
regarding libpcap: CVE-2018-16301 CVE-2019-15165
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
941697: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941697
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Source: libpcap
Version: 1.9.0-2
Severity: important
Tags: security upstream

Hi,

The following vulnerabilities were published for libpcap.

CVE-2018-16301[0]:
| libpcap before 1.9.1, as used in tcpdump before 4.9.3, has a buffer
| overflow and/or over-read because of errors in pcapng reading.


CVE-2019-15165[1]:
| sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB
| header length before allocating memory.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-16301
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16301
[1] https://security-tracker.debian.org/tracker/CVE-2019-15165
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15165

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: libpcap
Source-Version: 1.9.1-1

We believe that the bug you reported is fixed in the latest version of
libpcap, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Romain Francoise <[email protected]> (supplier of updated libpcap package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 06 Oct 2019 17:54:57 +0200
Source: libpcap
Architecture: source
Version: 1.9.1-1
Distribution: unstable
Urgency: medium
Maintainer: Romain Francoise <[email protected]>
Changed-By: Romain Francoise <[email protected]>
Closes: 941697
Changes:
 libpcap (1.9.1-1) unstable; urgency=medium
 .
   * New upstream release, fixes CVE-2018-16301 and CVE-2019-15165
     (closes: #941697).
   * Export new symbol `pcap_datalink_val_to_description_or_dlt'.
Checksums-Sha1:
 022a2e72eb7358ccd5a8950532811a209974dc97 2352 libpcap_1.9.1-1.dsc
 04d6e619defad5bb17af15f6d2304e79b649786c 861228 libpcap_1.9.1.orig.tar.gz
 d4a09d98f3aec7b19e4fe667c448e3cc83cd0ec1 442 libpcap_1.9.1.orig.tar.gz.asc
 ca9f66b7a49a32f5ee6f58ae5447e88f99b24095 19240 libpcap_1.9.1-1.debian.tar.xz
 b444475907770125196bf3ff00e955f61e88c76e 5510 libpcap_1.9.1-1_source.buildinfo
Checksums-Sha256:
 40c57d60977918e087f2af3f473f5b340d29754f209348f6842911b7b3717561 2352 
libpcap_1.9.1-1.dsc
 635237637c5b619bcceba91900666b64d56ecb7be63f298f601ec786ce087094 861228 
libpcap_1.9.1.orig.tar.gz
 2f75a3eac5796d0711adfdbb5853c2eb8fb4342c557330d758b270d2b343807b 442 
libpcap_1.9.1.orig.tar.gz.asc
 c1e108e51f194388a69ced56e42f77eee92611de959276cbebfee6dd7e3ebef1 19240 
libpcap_1.9.1-1.debian.tar.xz
 1fb75fcf70ab01a164b41a75dd2a525d2fa031d1b6a2f19121319e40a9d53a3b 5510 
libpcap_1.9.1-1_source.buildinfo
Files:
 e23aca6127aab9acf377afad113107ee 2352 devel optional libpcap_1.9.1-1.dsc
 21af603d9a591c7d96a6457021d84e6c 861228 devel optional 
libpcap_1.9.1.orig.tar.gz
 835978e62cccd572b7e40f81524401bf 442 devel optional 
libpcap_1.9.1.orig.tar.gz.asc
 26ef66cf54ee0208c889f061f1692b53 19240 devel optional 
libpcap_1.9.1-1.debian.tar.xz
 1d96931a179042ced6c2d9613e610348 5510 devel optional 
libpcap_1.9.1-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEvjSXQsqYfs1+d+QtrRX0NfBfli0FAl2aEWoACgkQrRX0NfBf
li33Cg/8D3jHvBgtrkQBAfGYe01tTY5InP3o/HUatpMffIWhQGygxJcAZC4dqpyx
xj8diczFgXzl4EvFQuKVeBre3oLzBp+eaUTq1yn1qBIvJRrJKVQ9bx+udZq91kIN
gVF+FhKIbJo61J6PR3q1LNkOTPNsW2DAexdePG6eien7CNvLLqZc5yZsRP1Ph9Ko
tqyi0c//NHlV+8VPAnI3OGB5YLQVSXcWgLlqBrEn3udyviw6VPnJ3eFP8griZjN0
zHfVaHnLzfbXnPSD1EoK4f25opN9eUtNQChqVU8bApwrbJ4FBJZmdDE6ppgV+6r6
Ow5hv20k5L9Z2pP3pd4bSAPbku4OK11Lqkrf5dM2K6Rvy7hlzx69geH7UUpsqxwU
2ZXjBvK84Wwl/8IId/Rsu+StgJBWxRstYLSc9XX0nsV/08O2SXpsvEZey6yLWmwF
BCRrEHh0xsT+WRaH3/wxw6vWgflXMOQMNGZ0pJvsk/CeLJiDEsj42+luFKozi42a
xh9nUDdlEWQ3NKUnLr0sGUIxuErH2dltKzJ+y5iJTSOKPMWn9XFU0gVLfoxYIbKn
U2Fo5XZmiC8fzeg8e1MnskU5q02gnKmNTpRaYJWaS+SJSm3ONVwkWvDs1suwF0zf
X3urMx5rHggIWYpNArUiRc+7YAoJjtRDbMhL3T4UiywqlnAncTc=
=di2I
-----END PGP SIGNATURE-----

--- End Message ---

Bug#941697: marked as done (libpcap: CVE-2018-16301 CVE-2019-15165)

Reply via email to