Bug#1052546: marked as done (rust-quinn-proto: CVE-2023-42805)

Tue, 12 Dec 2023 11:24:14 -0800 

Your message dated Tue, 12 Dec 2023 19:20:47 +0000
with message-id <[email protected]>
and subject line re: rust-quinn-proto: CVE-2023-42805
has caused the Debian Bug report #1052546,
regarding rust-quinn-proto: CVE-2023-42805
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1052546: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052546
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: rust-quinn-proto
Version: 0.10.2-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for rust-quinn-proto.

CVE-2023-42805[0]:
| quinn-proto is a state machine for the QUIC transport protocol.
| Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in
| a QUIC packet could result in a panic. The problem has been fixed in
| 0.9.5 and 0.10.5 maintenance releases.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-42805
    https://www.cve.org/CVERecord?id=CVE-2023-42805
[1] https://github.com/quinn-rs/quinn/security/advisories/GHSA-q8wc-j5m9-27w3
[2] https://github.com/quinn-rs/quinn/pull/1667 (main)
[3] https://github.com/quinn-rs/quinn/pull/1668 (backport to 0.9.x)
[4] https://github.com/quinn-rs/quinn/pull/1669 (backport to 0.10.x)

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Version: 0.10.5-1


| quinn-proto is a state machine for the QUIC transport protocol.
| Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in
| a QUIC packet could result in a panic. The problem has been fixed in
| 0.9.5 and 0.10.5 maintenance releases.


Version 0.10.5 has been uploaded.

--- End Message ---

Reply via email to