Bug#951291: marked as done (ppp: CVE-2020-8597: Fix bounds check in EAP code)

Sun, 08 Mar 2020 00:28:12 -0800 

Your message dated Sun, 8 Mar 2020 09:21:56 +0100
with message-id <[email protected]>
and subject line [[email protected]: Accepted lwip 2.1.2+dfsg1-5 
(source amd64 all) into unstable]
has caused the Debian Bug report #951291,
regarding ppp: CVE-2020-8597: Fix bounds check in EAP code
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
951291: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951291
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: ppp
Version: 2.4.7-2+4.1
Severity: important
Tags: security upstream
Control: found -1 2.4.7-1+4

Hi,

The following vulnerability was published for ppp.

CVE-2020-8597[0]:
| eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer
| overflow in the eap_request and eap_response functions.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-8597
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8597
[1] 
https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: lwip
Source-Version: 2.1.2+dfsg1-5

Closing the bug manually, fixed with the 2.1.2+dfsg1-5 upload.
--- Begin Message --- 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 07 Mar 2020 20:41:29 +0100
Source: lwip
Binary: liblwip-dev liblwip-doc liblwip0 liblwip0-dbgsym
Architecture: source amd64 all
Version: 2.1.2+dfsg1-5
Distribution: unstable
Urgency: medium
Maintainer: Joan Lledó <[email protected]>
Changed-By: Joan Lledó <[email protected]>
Description:
 liblwip-dev - small implementation of the TCP/IP protocol suite - development f
 liblwip-doc - small implementation of the TCP/IP protocol suite - documentation
 liblwip0   - small implementation of the TCP/IP protocol suite - shared librar
Changes:
 lwip (2.1.2+dfsg1-5) unstable; urgency=medium
 .
   * Fix CVE-2020-8597
Checksums-Sha1:
 2b71e5c4da3adbedc1e4b8edc11caf100ccc60e7 2001 lwip_2.1.2+dfsg1-5.dsc
 a31fe0753660289a04ea1f9281bcf03b88b970e6 29276 lwip_2.1.2+dfsg1-5.debian.tar.xz
 37dc483232c0ec41568ca9a23111091777a7b248 239852 
liblwip-dev_2.1.2+dfsg1-5_amd64.deb
 e23ad8d3fbe0b5d7e523e81dfcf70283ad6fa801 739256 
liblwip-doc_2.1.2+dfsg1-5_all.deb
 456e30873a72b44773cf46b0961df692c2ae3c08 280504 
liblwip0-dbgsym_2.1.2+dfsg1-5_amd64.deb
 3231232e63ae0c1d54a452ae64966b500743ce24 168800 
liblwip0_2.1.2+dfsg1-5_amd64.deb
 035f9d4819664a81cc8663465894d93772feb8f7 7470 
lwip_2.1.2+dfsg1-5_amd64.buildinfo
Checksums-Sha256:
 b18e44464c61ae4e34146288702f63529265ada570817a177f00b3fdcfaa50cb 2001 
lwip_2.1.2+dfsg1-5.dsc
 cb2beed893ea077ff0a2ae41821dec23d70dcdd02c5321a6271b048f3d7fb249 29276 
lwip_2.1.2+dfsg1-5.debian.tar.xz
 32bbedb45dd36282f3e2ac657a19db00b7e5b0e4f4c875c0950de6e282078043 239852 
liblwip-dev_2.1.2+dfsg1-5_amd64.deb
 0ad101272a938a49e5f3577ccd554f525800ecd2846f049026e4f92c363acb04 739256 
liblwip-doc_2.1.2+dfsg1-5_all.deb
 c5e627a8b9b104d715d6fad638c8794d7bd216cac99ee825b9ec67fc7adbe19f 280504 
liblwip0-dbgsym_2.1.2+dfsg1-5_amd64.deb
 9c97e8f6477e58c0e8700896a5c601f0daa6780ba65fc65804096dbe08040ef4 168800 
liblwip0_2.1.2+dfsg1-5_amd64.deb
 152007391168eea63b4eb7c12b1b812e7452720a3485a4aeebe427abf946b47d 7470 
lwip_2.1.2+dfsg1-5_amd64.buildinfo
Files:
 603178dfdef2ac58a1341bd544588f01 2001 libs optional lwip_2.1.2+dfsg1-5.dsc
 38d42123084b1100bfbe34788941cda7 29276 libs optional 
lwip_2.1.2+dfsg1-5.debian.tar.xz
 d5db789ef3bc7d7ee5282e4f3430c249 239852 libdevel optional 
liblwip-dev_2.1.2+dfsg1-5_amd64.deb
 448d27e97dbe68555fd59cfb6545e011 739256 doc optional 
liblwip-doc_2.1.2+dfsg1-5_all.deb
 076484c38edf48b15c083c79ab875756 280504 debug optional 
liblwip0-dbgsym_2.1.2+dfsg1-5_amd64.deb
 994033a3044134b4aebc57d8b32ad9cc 168800 libs optional 
liblwip0_2.1.2+dfsg1-5_amd64.deb
 a6c931da4841c3c141076fd769fcb401 7470 libs optional 
lwip_2.1.2+dfsg1-5_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJLBAEBCgA1FiEEitwNudTbNE2R94iMoZnXa8pGkeMFAl5kPlgXHGpsbGVkb21A
bWVtYmVyLmZzZi5vcmcACgkQoZnXa8pGkeOFbQ/9HWnwVyNNZHhDnpzBGYvfdYyw
awodXsNN6jkKk6ufjhYId72xwhfEdJk7U51bS/9oUBg/p/mtcN9P1gMaVfuEyH+f
h1F+1YEn/AgfVTBDqMhfam0QDqQ2gLMELLysognQerEWII8SbQj3M0BlPs6UgrBn
QCn3+dEXCZeQ62wTJYmlx6LW7Ylw8t4FONXkKPgK6bVZPEnI+55L6u2PJejhpqSM
ZEGTpIgfREEyoX0oILzf6al4s33hDKuo2bso2KeD9AdNfMtSf9LUiJcwlnMPI7Fo
Cm2BQSK0SEZwY5hllZ/TAVS0/0PmOIuRGxHHFuPF2UCZCXwywdRX+I/8HC7+p3Hb
Ee7kHdR6HVCELofhyDZPziIjWtal61jwoulJZqdjMPu7xqRaREaPJx3lxggcYfeh
gXi1Zk0E+YJljpJXkV4o91C2fvP0Vi162X6HQqbrGm5woL2WA72LUBASyyg6ZeJ1
LbH4zmWwXJ8NnqoTaIB+3Upvca/YAr1DGWJ/fgBF1Xnh2qqQJe+4AH0D4xU431mA
5+XSb3c6keeavPRxOozrTLQp0+TlinmlOIThEOmFap20yiBRoVZq+MeFAcyohgXp
M6DntstVJiCufrCoVYqvf2QksNzSlNaEsSLjrD2cqluMtt/EqxiCJBnC+mNNKnVR
/sgBHttpZll4o6rMx6I=
=uF6N
-----END PGP SIGNATURE-----

--- End Message ---

--- End Message ---

Reply via email to