Your message dated Mon, 11 May 2026 13:49:05 +0000
with message-id <[email protected]>
and subject line Bug#1134486: fixed in ovn 26.03.0-4
has caused the Debian Bug report #1134486,
regarding ovn: CVE-2026-5265 CVE-2026-5367
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1134486: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134486
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ovn
Version: 26.03.0-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerabilities were published for ovn.
CVE-2026-5265[0]:
| Heap Over-Read in ICMP Error Response Generation
CVE-2026-5367[1]:
| Heap over-read in OVN DHCPv6 Client ID processing
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-5265
https://www.cve.org/CVERecord?id=CVE-2026-5265
https://www.openwall.com/lists/oss-security/2026/04/20/2
[1] https://security-tracker.debian.org/tracker/CVE-2026-5367
https://www.cve.org/CVERecord?id=CVE-2026-5367
https://www.openwall.com/lists/oss-security/2026/04/20/3
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ovn
Source-Version: 26.03.0-4
Done: Thomas Goirand <[email protected]>
We believe that the bug you reported is fixed in the latest version of
ovn, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <[email protected]> (supplier of updated ovn package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 11 May 2026 15:17:17 +0200
Source: ovn
Architecture: source
Version: 26.03.0-4
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenStack <[email protected]>
Changed-By: Thomas Goirand <[email protected]>
Closes: 1134486
Changes:
ovn (26.03.0-4) unstable; urgency=medium
.
* Fix security issues (Closes: #1134486):
- CVE-2026-5265: Heap Over-Read in ICMP Error Response Generation. Add
upstream patch: pinctrl: Limit the IP packet size to buffer size for
ICMP Need Frag.
- CVE-2026-5367: Heap over-read in OVN DHCPv6 Client ID processing. Add
upstream patch: Unify handling of DHCPv6 options.
Checksums-Sha1:
47afbe88985e32412a5b08088e207d20bc1d4231 3156 ovn_26.03.0-4.dsc
4d670a9886f6912651b11b53d63be0cf6d31ff48 23896 ovn_26.03.0-4.debian.tar.xz
e4dadc2a99676816420095198a39fe1e6ce38de3 14263 ovn_26.03.0-4_amd64.buildinfo
Checksums-Sha256:
53d2308957267fd7eafed5b6af42561696967a33f79978703850fb718fb3051b 3156
ovn_26.03.0-4.dsc
7982395f070b9373ec325de3a8ac4a874380542592fddfa66313c2815d25f11f 23896
ovn_26.03.0-4.debian.tar.xz
dd08c24510483f75798481b4346979d8c96c187d746f467f13121d894bdaa161 14263
ovn_26.03.0-4_amd64.buildinfo
Files:
a64794b65012ee241b50c52ff4c11719 3156 net optional ovn_26.03.0-4.dsc
608a19d11f6ea09664641abdcac99fa7 23896 net optional ovn_26.03.0-4.debian.tar.xz
0fcc02e9e3d9900f4cc21fbfa2dfe9c7 14263 net optional
ovn_26.03.0-4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmoB2JMACgkQ1BatFaxr
Q/5aRg//QlxtFCd7aHvrjnPVie99ydtcm4hpqsXnt+SinNvx6kKxU5O2poJ9HWOg
Drmsv/IUskZ58i9owpuOgoYm9gT8k5waNB5byG97cO4/XmvQxSpgiWFhtIhQAQ8R
V/VUKdg94hRjPTjmNX+3gNhSVZx+HUxTEnc56+5EKFo8f2auwG5AzvGDFKqxfKWo
wnpkii6kVPKyqk+SYsVnJPl0Nhhh7xwp4vx/IgF8feBzKaMl9idbOfDIvy7snIxA
UqODZka1D3wWKtBGMexxMgWe1NVAoadaM5Mnankh3LyrUG7x1d2nVUhbMEyqlAI4
moSda/axte7Y+2ckSYaR/7ZJvYac6wKBt+VM8kn6W5xfIllSIVWrfS92JfGl4YOB
AjDbvGD6PLBQNnFUxGcNbW742qVUgzkaRLqpMOjcnxwSSxjMHlsyFQpXUdDnZtDK
cc7bRzsR5Fa1Xhv7XJ3HZR3IOziOaH/NaofkfL9gtLXkcxzsxCJE1yw8GaDcICuW
2ySsl52yX2OZVEykw6p7CmSQS1R/bv/pW/XiB3PR7Vp5g+0T1YD7oPaQErDelW93
YRI89NjYKo9rRAKWPOSk4lSB8qPBVIlY+zoq9EuPZrXQPJFlrE8/3pY2JDGxCskt
+j7SpOuPuqIWSlzcn5rsvBGIlLstXeM9hacZikf6yBpkMQuaP9M=
=8ssg
-----END PGP SIGNATURE-----
pgpFvCJ7AH3bs.pgp
Description: PGP signature
--- End Message ---
