Your message dated Fri, 18 Dec 2020 22:00:09 +0000
with message-id <[email protected]>
and subject line Bug#972050: fixed in ndpi 3.4-1
has caused the Debian Bug report #972050,
regarding CVE-2020-11939 CVE-2020-11940 CVE-2020-15471 CVE-2020-15472
CVE-2020-15473 CVE-2020-15474 CVE-2020-15475 CVE-2020-15476
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
972050: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972050
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ndpi
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team <[email protected]>
CVE-2020-15476
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21780
https://github.com/ntop/nDPI/commit/b69177be2fbe01c2442239a61832c44e40136c05
CVE-2020-15475
https://github.com/ntop/nDPI/commit/6a9f5e4f7c3fd5ddab3e6727b071904d76773952
CVE-2020-15474
https://github.com/ntop/nDPI/commit/23594f036536468072198a57c59b6e9d63caf6ce
CVE-2020-15473
https://github.com/ntop/nDPI/commit/8e7b1ea7a136cc4e4aa9880072ec2d69900a825e
CVE-2020-15472
https://github.com/ntop/nDPI/commit/b7e666e465f138ae48ab81976726e67deed12701
CVE-2020-15471
https://github.com/ntop/nDPI/commit/61066fb106efa6d3d95b67e47b662de208b2b622
CVE-2020-11940
https://github.com/ntop/nDPI/commit/3bbb0cd3296023f6f922c71d21a1c374d2b0a435
https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi
CVE-2020-11939
https://github.com/ntop/nDPI/commit/7ce478a58b4dd29a8d1e6f4e9df2f778613d9202
https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi
--- End Message ---
--- Begin Message ---
Source: ndpi
Source-Version: 3.4-1
Done: Gianfranco Costamagna <[email protected]>
We believe that the bug you reported is fixed in the latest version of
ndpi, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gianfranco Costamagna <[email protected]> (supplier of updated ndpi
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 18 Dec 2020 10:50:44 +0100
Source: ndpi
Binary: libndpi-bin libndpi-bin-dbgsym libndpi-dev libndpi-wireshark libndpi3.4
libndpi3.4-dbgsym
Architecture: source amd64
Version: 3.4-1
Distribution: unstable
Urgency: medium
Maintainer: Ludovico Cavedon <[email protected]>
Changed-By: Gianfranco Costamagna <[email protected]>
Description:
libndpi-bin - extensible deep packet inspection library - ndpiReader
libndpi-dev - extensible deep packet inspection library - development files
libndpi-wireshark - extensible deep packet inspection library - wireshark
dissector
libndpi3.4 - extensible deep packet inspection library - shared library
Closes: 972050
Changes:
ndpi (3.4-1) unstable; urgency=medium
.
[ Debian Janitor ]
* debian/copyright: use spaces rather than tabs to start continuation lines.
* Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
Repository-Browse.
.
[ Gianfranco Costamagna ]
* New upstream version 3.4 (Closes: #972050)
- CVE-2020-11939 CVE-2020-11940 CVE-2020-15471
- CVE-2020-15472 CVE-2020-15473 CVE-2020-15474
- CVE-2020-15475 CVE-2020-15476
* Team upload (salsa.d.o namespace)
* Add R^3: no
* Add libgcrypt20-dev dependency, used for tests
* Update copyright years
* Bump std-version to 4.5.0, and compat level to 13
* Drop old define-have-json-c.patch: not needed anymore
* Rebase patches for new release (keeping one little library as static)
* Drop dh_auto_install override: txt files are now correctly
installed upstream
Checksums-Sha1:
4b0398ca56b1856c12dc4ea99532543c668c63fb 2090 ndpi_3.4-1.dsc
65d216e1cf8c07c836db1740a2b6a7077c92b044 37976087 ndpi_3.4.orig.tar.gz
cb5382f666c2f23b5d9fa5f143b3139629e43723 13832 ndpi_3.4-1.debian.tar.xz
b48ec0d490326bdc9310d135a4de5b3c89d546be 147896
libndpi-bin-dbgsym_3.4-1_amd64.deb
618b654f2ceef560ce10a6b648e2930645a9f0bc 62972 libndpi-bin_3.4-1_amd64.deb
1052edfae5fd9efaee07eafe4f1c14d0f9713388 355688 libndpi-dev_3.4-1_amd64.deb
088dc57e6041293ba8be4e91901ecf216ddd3605 23244
libndpi-wireshark_3.4-1_amd64.deb
d3ff39ea998c507679414a10bc35aa9599d0fb07 503696
libndpi3.4-dbgsym_3.4-1_amd64.deb
70bac25c63fc49a9bbe63d5589ba0d3c2107510c 257016 libndpi3.4_3.4-1_amd64.deb
5f3dc6f5e81462b90ae0f4f08857c8e02b1ab3c3 8259 ndpi_3.4-1_amd64.buildinfo
Checksums-Sha256:
e419940bca793793df3452ba2fda4c3cc91c71a2864a37987640ef1eeb4473a8 2090
ndpi_3.4-1.dsc
dc9b291c7fde94edb45fb0f222e0d93c93f8d6d37f4efba20ebd9c655bfcedf9 37976087
ndpi_3.4.orig.tar.gz
10eadf12cd3624dc3b6b6ca459ea5e1ac05acbb0959f638b0804d23865b5d8b0 13832
ndpi_3.4-1.debian.tar.xz
7ca14221a6957adb98942d4725eb2269691c7f3aa519221c4d3fb4fa7f6d29bd 147896
libndpi-bin-dbgsym_3.4-1_amd64.deb
1f0ee1b95a4a7488420b492e82fd4310d2bc21df8494855057d573793c791f5a 62972
libndpi-bin_3.4-1_amd64.deb
1519aef481554052270a48abe486de1f7ffc12a6659b0b76b1d952fa924cb2af 355688
libndpi-dev_3.4-1_amd64.deb
e216e67ac8969542626b9a1435a031b286b4097f67ca76a10aa0007f09c8539a 23244
libndpi-wireshark_3.4-1_amd64.deb
12a247e8ab985a9d21cca371b99bb9f3335c4c36e7e695aed4879d6266fe8be7 503696
libndpi3.4-dbgsym_3.4-1_amd64.deb
846c945753e73ad0d8a15e905a9623fe1222d3f5ccce90b89c09e9e1f01eeec2 257016
libndpi3.4_3.4-1_amd64.deb
014924722bf3f111ef6d14ec3d971d025bd6e7448e8b6828a10cdc2dcac922c8 8259
ndpi_3.4-1_amd64.buildinfo
Files:
87155894d475ec8e5b8fc806f75966cc 2090 libs optional ndpi_3.4-1.dsc
4a2978b0d527a220ab46344444a1934c 37976087 libs optional ndpi_3.4.orig.tar.gz
6c3f19745c67c1c46d0a6cb2cd51734b 13832 libs optional ndpi_3.4-1.debian.tar.xz
2784c6c0cddd1c0f99ed55df15b759a4 147896 debug optional
libndpi-bin-dbgsym_3.4-1_amd64.deb
56ecbbc395d18d9ff276c7094b9fecc5 62972 libs optional
libndpi-bin_3.4-1_amd64.deb
6f374f501ed7b35cab0893fa1ce2b621 355688 libdevel optional
libndpi-dev_3.4-1_amd64.deb
bd65fcd2d557630ef265f7bd8a552ded 23244 libs optional
libndpi-wireshark_3.4-1_amd64.deb
d7d0a79c5582fbf490c65b261d91a223 503696 debug optional
libndpi3.4-dbgsym_3.4-1_amd64.deb
498323ff83bfafc44df0eae82071da59 257016 libs optional
libndpi3.4_3.4-1_amd64.deb
32b4c70c78bb312622aef9723b096a16 8259 libs optional ndpi_3.4-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEkpeKbhleSSGCX3/w808JdE6fXdkFAl/c1jsACgkQ808JdE6f
XdkBXRAAkW133JpvxU2pibstXJ84Cg6WgsX8VN7MsFzTxSBuFgIBktjAfG5BEhTT
ur/MMqEACxumAeLZC0cHOi3q1PSITZ4KYIqb67mMpI9ZpxP5W25bEK+cZVPNhyBq
WLRk6flm0WliXWWUtci1JgvlCRAMOqdOsxzpJRCVPISiCs57owhU9JnC/y5pR5Qr
W4UjrOg70mRkmKZflY6QQRjcPLA1iU0ZgUbBx/W+45JprRDCb5ltAB4o80FwZhXn
HzFYyxIMSskIUqh/FMfF99TWjBOs2ZOoHjCyspEo5p+BkrR08NePFpLQ3JGn4Hvi
OTw9QG4idUVM3ZqR1QE/4B0HjJT0qf6nFIdyx0pc4fn2PvBzKc4xeDzBRCaV0Ld1
UD8nOIFGJXOVsQoK/ote3Kh/iAMueKsMyiOo7pUZ3t16inDseJ8U7tCtubv10Mto
yb7euLD73aiMhS8nk/ESrsGxeyloHkljEEduYES/wEulCmI+65NcsOBRWYNekmMt
y15TWiyuU9PCqjh4PrOb9nw0ezymg2HHK5MivKJgoyC7RqTqZjTAXzahoHeMkA+p
LRqLmhLKaDtY/kMGXroHqDAxAWTsDvTNBDVqczdA26CaFpIhNBWChwH3deZKaJt0
eN++w8pL+YK7cVBSbEhhannvz4CTdTmV5dnJmh+XtmNFIWITs40=
=JIoN
-----END PGP SIGNATURE-----
--- End Message ---
