Your message dated Tue, 12 Mar 2024 04:40:22 +0000
with message-id <[email protected]>
and subject line Bug#1066059: fixed in libreswan 4.14-1
has caused the Debian Bug report #1066059,
regarding libreswan: CVE-2024-2357
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1066059: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066059
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libreswan
Version: 4.12-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 https://github.com/libreswan/libreswan/issues/1609
Control: found -1 4.10-2+deb12u1
Control: found -1 4.10-2
Control: found -1 4.3-1+deb11u4
Control: found -1 4.3-1
Hi,
The following vulnerability was published for libreswan.
CVE-2024-2357[0]:
| The Libreswan Project was notified of an issue causing libreswan to
| restart under some IKEv2 retransmit scenarios when a connection is
| configured to use PreSharedKeys (authby=secret) and the connection
| cannot find a matching configured secret. When such a connection is
| automatically added on startup using the auto= keyword, it can cause
| repeated crashes leading to a Denial of Service.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-2357
https://www.cve.org/CVERecord?id=CVE-2024-2357
[1] https://libreswan.org/security/CVE-2024-2357/CVE-2024-2357.txt
[2] https://github.com/libreswan/libreswan/issues/1609
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libreswan
Source-Version: 4.14-1
Done: Daniel Kahn Gillmor <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libreswan, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Kahn Gillmor <[email protected]> (supplier of updated libreswan
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 11 Mar 2024 22:01:21 -0400
Source: libreswan
Architecture: source
Version: 4.14-1
Distribution: unstable
Urgency: medium
Maintainer: Daniel Kahn Gillmor <[email protected]>
Changed-By: Daniel Kahn Gillmor <[email protected]>
Closes: 1066059
Changes:
libreswan (4.14-1) unstable; urgency=medium
.
* New upstream release (Closes: #1066059)
- fixes CVE-2024-2357
Checksums-Sha1:
559c2ca5207a60e8480e00f0883782bb4bd46b68 2130 libreswan_4.14-1.dsc
2b43dbff049c5295d3c70284780b839e51b9758d 3721106 libreswan_4.14.orig.tar.gz
47467d143d540c2ad1b774ce28067e84f01951b1 862 libreswan_4.14.orig.tar.gz.asc
49d572c73b7391b4915f73067978d8ea089a4671 16688 libreswan_4.14-1.debian.tar.xz
0c2f32a65fdc2f92ff74fadc34d8f8f1d7ce8639 11559 libreswan_4.14-1_amd64.buildinfo
Checksums-Sha256:
525ea0e61f557117bcf9a313f3fe28f9c156b681eb13a5f60d64802bde942b22 2130
libreswan_4.14-1.dsc
e7b9602211b7a7a018824810ead76abb63aa166b0c37847fbc2ae5c1567ba69b 3721106
libreswan_4.14.orig.tar.gz
c00f53bb6a253c0418de0f574b24517b95607dba016b30e1fe7326f3729e1217 862
libreswan_4.14.orig.tar.gz.asc
8ab14ff2048cf13957c696bb965036febc45a1714dfb5abc215472ff364d8a74 16688
libreswan_4.14-1.debian.tar.xz
89bf581acd9adb30fb92d69c516bea03a7b2a7afe593d4a3ad61ddb1d500b59f 11559
libreswan_4.14-1_amd64.buildinfo
Files:
50d1c50c7c10158521eb175e05bcb138 2130 net optional libreswan_4.14-1.dsc
679663f609a6e150018637495ebb1409 3721106 net optional
libreswan_4.14.orig.tar.gz
a248050ae3ed689485c316d9b8c14a61 862 net optional
libreswan_4.14.orig.tar.gz.asc
6fb540dc9275df1a9bfca6f624dc4c66 16688 net optional
libreswan_4.14-1.debian.tar.xz
e8a6bb391d7b3cf98c467b4d00c82080 11559 net optional
libreswan_4.14-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
wr0EARYKAG8FgmXvwsQJEHctFh41zUuBRxQAAAAAAB4AIHNhbHRAbm90YXRpb25z
LnNlcXVvaWEtcGdwLm9yZxdD0pcJPbnE0GzZ8ULgztHzN9CiDEmyQozVPTvJ5CUD
FiEEdLwExD2GCEvoZywGdy0WHjXNS4EAAHEaAQDCYV8EEb5rfcOfCYOTEJuamcjL
+3j341ul5yB5ZNGRmgD/Y8gJ02eF55pZd3kL1UkEkuVuQO1d/wMMqZdcH4j+/wE=
=SgmN
-----END PGP SIGNATURE-----
pgpe_JfzrzuqC.pgp
Description: PGP signature
--- End Message ---
