Your message dated Fri, 05 Sep 2025 11:06:50 +0000
with message-id <[email protected]>
and subject line Bug#1111316: fixed in tcpreplay 4.5.2-1
has caused the Debian Bug report #1111316,
regarding tcpreplay: CVE-2025-9019
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1111316: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111316
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: tcpreplay
Version: 4.5.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for tcpreplay.
CVE-2025-9019[0]:
| A vulnerability has been found in tcpreplay 4.5.1. This
| vulnerability affects the function mask_cidr6 of the file cidr.c of
| the component tcpprep. The manipulation leads to heap-based buffer
| overflow. The attack can be initiated remotely. The complexity of an
| attack is rather high. The exploitation appears to be difficult. The
| exploit has been disclosed to the public and may be used. The
| researcher is able to reproduce this with the latest official
| release 4.5.1 and the current master branch. The code maintainer
| cannot reproduce this for 4.5.2-beta1. In his reply the maintainer
| explains that "[i]n that case, this is a duplicate that was fixed in
| 4.5.2."
Issue should be fixed in upcoming 4.5.2 upstream, but TTBOMK not yet
released, that is issue seems fixed womewhere after 4.5.1 tag in the
upstream repository, but no commit explicitly identified.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-9019
https://www.cve.org/CVERecord?id=CVE-2025-9019
[1] https://github.com/appneta/tcpreplay/issues/958
[2] https://github.com/appneta/tcpreplay/issues/959
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: tcpreplay
Source-Version: 4.5.2-1
Done: Christoph Biedl <[email protected]>
We believe that the bug you reported is fixed in the latest version of
tcpreplay, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christoph Biedl <[email protected]> (supplier of updated tcpreplay
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 05 Sep 2025 08:43:44 +0200
Source: tcpreplay
Architecture: source
Version: 4.5.2-1
Distribution: unstable
Urgency: medium
Maintainer: Christoph Biedl <[email protected]>
Changed-By: Christoph Biedl <[email protected]>
Closes: 1097976 1111316
Changes:
tcpreplay (4.5.2-1) unstable; urgency=medium
.
* New upstream version 4.5.2. Closes: #1097976, #1111316
Checksums-Sha1:
88c8c41ba4abdc50bd6f9b1459a061243f605813 2183 tcpreplay_4.5.2-1.dsc
ef14286452c4d7a12a7b997cf6b5de74a1700107 818824 tcpreplay_4.5.2.orig.tar.xz
cb6d6b664dcd2b598dad6add17074ba225ef40aa 516 tcpreplay_4.5.2.orig.tar.xz.asc
d3709c9848e3311d3ae26441d93345be1d9ea141 9200 tcpreplay_4.5.2-1.debian.tar.xz
b28e5e81623f7fc75833a7de0f2eb5e7f03ccfbf 6513
tcpreplay_4.5.2-1_powerpc.buildinfo
Checksums-Sha256:
631fb1a3ac1cb431475d6e0da3d7fe39d89dbb91dd762c5e50677bf4bed0fa6d 2183
tcpreplay_4.5.2-1.dsc
2df15bc6d49f96a77617d137049f998193bbae95c1a31b04ca02856a24cbf384 818824
tcpreplay_4.5.2.orig.tar.xz
38021643dc1d59c6b3103a6a4ca1cba75e28456e35d73959d053e3ca301b31ac 516
tcpreplay_4.5.2.orig.tar.xz.asc
48253c18b9c1e51c8327ffbec745ffdbba87efb78eccdf43a829df5c875f4420 9200
tcpreplay_4.5.2-1.debian.tar.xz
bc78ed0bb46c6bb59f0301a5a15e4d441fede5ab1561541620d3a4352b4e7d2c 6513
tcpreplay_4.5.2-1_powerpc.buildinfo
Files:
edaa5a7e17b61e391120414cc7dba363 2183 net optional tcpreplay_4.5.2-1.dsc
d0e78eb33ac4cdc8255bb2d3774df549 818824 net optional
tcpreplay_4.5.2.orig.tar.xz
1e38503f6d90eedc20e63fedc79f128b 516 net optional
tcpreplay_4.5.2.orig.tar.xz.asc
0c8cffa49480cf5421b15d7a58e55d39 9200 net optional
tcpreplay_4.5.2-1.debian.tar.xz
ceb4b84037282352a20baac11f76fef5 6513 net optional
tcpreplay_4.5.2-1_powerpc.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEWXMI+726A12MfJXdxCxY61kUkv0FAmi6vhIACgkQxCxY61kU
kv2ehg//RooCPJmtzXGw93Nx7CyGReWMYVYxocipE8Sy6BqG+sbQrSjHANoiMDrS
IyTImEZTiLOVXd7Cmuj3fr8js6GgayVeofMHRkPA1eLKPpFvjf+zuJ74jd9b5SKp
wiKozANdWF/oBS8O4vk287fjeRlqrt2ClneCLW1lo4MAVfSBokvRuB2r8pTRrRv0
/V2H3JGe6UOgM+9siRJZkDiyZQulFfHXsgIk9sn2Nd8+XjLTsYzB7f+OZ48waGeL
U6EgKZcrULcJG+69NRvqPvvga0oNu043kBgo27XcwSQoJAuk4AVesgcynXr7r6wS
p65HMC7bsS50VpClntUXrlzQcJOKeaukTsm68XS5mscF5EViXeVNpy6NEGt11Rjh
A3pP5AAMMpzXmY2s7cNjWRIKl1xKJk+zPLMI/20cfrt8OxcvEdw+y3+LJeprOJfD
KP/DPnGHroBhz8A0z+U6YMWu4iQLcUtScEHSMOebKlsAH8e2giZWcg3EZYxnmaBC
KQmNyY0u12prJtm8nZD/VauIvc7n1NefSWU5p0O65lPWS50QyEcxbACGcZLm2uo1
cYpR6THe1brOV5rJFGljZk8jrE92EK6SdjvSnpt2h7gN3URdr+rdV7ihIvISn8Yi
SZNAUclCBVXymLhWPQ/0VHoW5eyDWyZgAn3nEzAt+L0U1pE8Wrc=
=Mg7t
-----END PGP SIGNATURE-----
pgpoqKptbGPTQ.pgp
Description: PGP signature
--- End Message ---
