Bug#1069194: marked as done (libreswan: CVE-2024-3652: IKEv1 default AH/ESP responder can crash and restart)

Wed, 26 Feb 2025 22:06:19 -0800 

Your message dated Thu, 27 Feb 2025 07:03:52 +0100
with message-id <[email protected]>
and subject line Re: Accepted libreswan 4.15-1 (source) into unstable
has caused the Debian Bug report #1069194,
regarding libreswan: CVE-2024-3652: IKEv1 default AH/ESP responder can crash 
and restart
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1069194: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069194
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: libreswan
Version: 4.14-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/libreswan/libreswan/issues/1665
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 4.10-2+deb12u1
Control: found -1 4.10-2
Control: found -1 4.3-1+deb11u4
Control: found -1 4.3-1

Hi,

The following vulnerability was published for libreswan.

CVE-2024-3652[0]:
| The Libreswan Project was notified of an issue causing libreswan to
| restart when using IKEv1 without specifying an esp= line. When the
| peer requests AES-GMAC, libreswan's default proposal handler causes
| an assertion failure and crashes and restarts. IKEv2 connections are
| not affected.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-3652
    https://www.cve.org/CVERecord?id=CVE-2024-3652
[1] https://github.com/libreswan/libreswan/issues/1665
[2] https://libreswan.org/security/CVE-2024-3652/CVE-2024-3652.txt

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: libreswan
Source-Version: 4.15-1

On Thu, Feb 27, 2025 at 01:41:28AM +0000, Debian FTP Masters wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> Format: 1.8
> Date: Wed, 26 Feb 2025 19:22:24 -0500
> Source: libreswan
> Architecture: source
> Version: 4.15-1
> Distribution: unstable
> Urgency: medium
> Maintainer: Daniel Kahn Gillmor <[email protected]>
> Changed-By: Daniel Kahn Gillmor <[email protected]>
> Changes:
>  libreswan (4.15-1) unstable; urgency=medium
>  .
>    * New upstream release
>      - Fixes CVE-2024-3652
>    * Standards-Version: bump to 4.7.1 (no changes needed)
>    * drop patch already applied upstream
>    * drop libsystemd-dev from build-deps
> Checksums-Sha1:
>  377e0fc617b3c6040aa0d0e8fb4717e547c76cd7 2017 libreswan_4.15-1.dsc
>  861eaeefff1c2f3862a8bfe0295b3e307f8e3055 3728498 libreswan_4.15.orig.tar.gz
>  d2a7ffbd722febf49fb7fbed0eefb9f51d0638da 862 libreswan_4.15.orig.tar.gz.asc
>  f54a5663a52c4f6d15c1cb5e454eef60bd1489c9 16180 libreswan_4.15-1.debian.tar.xz
>  a92a8b8094d5128864936a4c0a7c2f19d8a8dae9 10322 
> libreswan_4.15-1_amd64.buildinfo
> Checksums-Sha256:
>  d30d6f36900f3577f2fc549ec0f8e971bff157f9c318addc7cf1e9692a250052 2017 
> libreswan_4.15-1.dsc
>  fe60d7db398c8ee225055db365ec968a24aebcbc5c35061131fcffdad1be04af 3728498 
> libreswan_4.15.orig.tar.gz
>  3fe05a0e2d5961e39360942994d7422a547e1851c4bf03ab8baabec32b866fd9 862 
> libreswan_4.15.orig.tar.gz.asc
>  f6a0b2e7daa11a7e241aca6a0bc809f1f588bdfc193c71b004154266f9d862b4 16180 
> libreswan_4.15-1.debian.tar.xz
>  25b63450e17650968e204f4f36e78957128243a364ca01075b9e3ce857664ff1 10322 
> libreswan_4.15-1_amd64.buildinfo
> Files:
>  0c39a261b6396cc58064289ac2db8d20 2017 net optional libreswan_4.15-1.dsc
>  ded0c06c31790be39e8881174b40ce04 3728498 net optional 
> libreswan_4.15.orig.tar.gz
>  bf387d5e4eb1f8a149f17d8ca6dc7d13 862 net optional 
> libreswan_4.15.orig.tar.gz.asc
>  5947bf28fff6615aed795a2da6869912 16180 net optional 
> libreswan_4.15-1.debian.tar.xz
>  47d0f0946905f2993bfcd2672dd11693 10322 net optional 
> libreswan_4.15-1_amd64.buildinfo
> 
> 
> -----BEGIN PGP SIGNATURE-----
> 
> iHUEARYKAB0WIQRjrBGOWy5dZsiKhad4C4VO2cK0lgUCZ7+xpQAKCRB4C4VO2cK0
> lgATAP4trpEoM7O/oV6l76Z7adVcFIPm54S45jif7UREtt2/MQEA7hc+Z0NCztrd
> UzuUwNS44JV/M/uFsoIfIYTD2DNQjQI=
> =8zhE
> -----END PGP SIGNATURE-----
>

--- End Message ---

Reply via email to