Your message dated Thu, 24 Jul 2025 13:48:57 +0000
with message-id <[email protected]>
and subject line Bug#1109728: fixed in iputils 3:20250605-1
has caused the Debian Bug report #1109728,
regarding iputils: ping: CVE-2025-48964: Integer Overflow in ping Statistics
via Zero Timestamp
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1109728: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109728
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: iputils
Version: 3:20240905-3
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for iputils.
CVE-2025-48964 [1] [2]:
| While the CVE-2025-47268 patch added important validation for timestamp
| calculations, it doesn't account for a specific scenario where the original
| timestamp in the ICMP payload is zeroed.
NOTE: PoC is publicly available (it's also available for related CVE-2025-47268.
Therefore it'd be great if Debian got update iputils to 20250605, which contains
both fixes.
Upstream fix: afa3639 ("ping: Fix moving average rtt calculation") [3]
Kind regards,
Petr
[1] https://github.com/iputils/iputils/security/advisories/GHSA-25fr-jw29-74f9
[2] https://www.cve.org/CVERecord?id=CVE-2025-48964
[3]
https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c
--- End Message ---
--- Begin Message ---
Source: iputils
Source-Version: 3:20250605-1
Done: Noah Meyerhans <[email protected]>
We believe that the bug you reported is fixed in the latest version of
iputils, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Noah Meyerhans <[email protected]> (supplier of updated iputils package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 24 Jul 2025 08:58:19 -0400
Source: iputils
Architecture: source
Version: 3:20250605-1
Distribution: unstable
Urgency: medium
Maintainer: Noah Meyerhans <[email protected]>
Changed-By: Noah Meyerhans <[email protected]>
Closes: 1104746 1109728
Changes:
iputils (3:20250605-1) unstable; urgency=medium
.
* New upstream release
- Fix CVE-2025-47268: Signed 64-bit integer overflow in RTT calculation
(Closes: #1104746)
- Fix CVE-2025-48964: Integer Overflow in ping Statistics via Zero
Timestamp (Closes: #1109728)
Checksums-Sha1:
2837186759c5e4a60d84cf637676b4fb1027fe28 2184 iputils_20250605-1.dsc
cfe3cffc0dd9956d16935aee64f505774756830d 463420 iputils_20250605.orig.tar.xz
4285515169cb3edbfef73b48cc1a13512531de7d 10688 iputils_20250605-1.debian.tar.xz
dfe2f9cd849e4e6c752ffb9a9a0894b08ac799ed 7888
iputils_20250605-1_source.buildinfo
Checksums-Sha256:
a84c3f6967c5eb50f05ecbe22a178dfe1d08657727aed637db8f66520452b369 2184
iputils_20250605-1.dsc
2343570656f3cfc191eedd887fd8b5b78f68d0b68e59f2d45b17209cdcfd35a3 463420
iputils_20250605.orig.tar.xz
d96deaa02124f076618e00e1eee0686cec74496f66dfd9491c43e3574a955b5c 10688
iputils_20250605-1.debian.tar.xz
3002f79e74cee635592ed21d5c06ce4e3f3888d01e4f1354148c00bc6100343d 7888
iputils_20250605-1_source.buildinfo
Files:
dec0323bc138b79715c81f48811928de 2184 net optional iputils_20250605-1.dsc
ae2b03d9dec8f61ea0ec9fd9867dc8a8 463420 net optional
iputils_20250605.orig.tar.xz
b41f834f89a51cfd4101f90d26fb1f67 10688 net optional
iputils_20250605-1.debian.tar.xz
03516baee03ff1489ea263f5ac53a1ac 7888 net optional
iputils_20250605-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEE5G+E0xEKhJuZ7RJ34+c1IpshdTUFAmiCMqcRHG5vYWhtQGRl
Ymlhbi5vcmcACgkQ4+c1IpshdTUV1RAAh8phHNcoeuDzTNPDwHAGJ1t0nswL5lsV
yMboUNwWR3HxdbzuBn79iKc7EQKfTbW+b1LgWUJ8T71FOrgxJxobSAyR0Vw3mtFS
RR2eFlG5lPc9oyCoyxRzPMufgRc81ofPLLj3VKOIZaUo3fS1jZ8jHacRcw73FPwM
PFO0cjO7Vp/29amQregE8AtPqtPHBXaEGapt8gahGKgf0Zgm/Gt4Kpn3bhkN0d6k
MytQulBoiKbVf8ETwROLniRJryVUahmiIy+9r8dxXzhfmKhJuNRekuSuOouGeKFn
RvblZvvUJhw0MrTrIagcGggo/qhwL5nkjkNRdF7OnaLTwBn6uhiJhBElGpwqEX9/
HtTBUAtH+rT5K7NQRBGYoCJaZvCJMGyu0qMyzlzYwjTpw/vL0J6GeqQBlk2BC6qh
TmnBDjHPFFGMBlx+yL625cYCfdAIOBl030ljN0xfbvxotoi4IaNPpa0wBnG6MnST
7VUwTpqWYuS2uRNx8G5a1C0VABe8SXXe4Q9MA+DHfY0ujMSnVE3ed4WOQf/Rv9uD
3v4ymJY4sCM3xo56fPmxplhwzgC+yVq/CS9zi4XC6HR3CMxVkP2+yY1KJ+qQqnNq
Fr4MTuA1xqpxjddoIjFnSGI8Z2q13vLLIDD2AJIeQ0gwrCICH+VugYQ4R3BR1/QL
q9q5CDT3vFI=
=9Xgy
-----END PGP SIGNATURE-----
pgp7AtVQqJNoX.pgp
Description: PGP signature
--- End Message ---
