Your message dated Thu, 18 Dec 2014 10:03:59 +0000
with message-id <[email protected]>
and subject line Bug#773416: fixed in ettercap 1:0.8.1-3
has caused the Debian Bug report #773416,
regarding ettercap: CVE-2014-6395 CVE-2014-6396 CVE-2014-9376 CVE-2014-9377
CVE-2014-9378 CVE-2014-9379 CVE-2014-9380 CVE-2014-9381
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
773416: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ettercap
Severity: grave
Tags: security
Justification: user security hole
Hi,
please see
https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/
for details and patches.
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: ettercap
Source-Version: 1:0.8.1-3
We believe that the bug you reported is fixed in the latest version of
ettercap, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Barak A. Pearlmutter <[email protected]> (supplier of updated ettercap package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 18 Dec 2014 09:07:40 +0000
Source: ettercap
Binary: ettercap-common ettercap-text-only ettercap-graphical ettercap-dbg
Architecture: source amd64
Version: 1:0.8.1-3
Distribution: unstable
Urgency: high
Maintainer: Barak A. Pearlmutter <[email protected]>
Changed-By: Barak A. Pearlmutter <[email protected]>
Description:
ettercap-common - Multipurpose sniffer/interceptor/logger for switched LAN
ettercap-dbg - Debug symbols for Ettercap
ettercap-graphical - Ettercap GUI-enabled executable
ettercap-text-only - Ettercap console-mode executable
Closes: 773416
Changes:
ettercap (1:0.8.1-3) unstable; urgency=high
.
* Patch a bunch of security vulnerabilities (closes: #773416)
- CVE-2014-6395 (Length Parameter Inconsistency)
- CVE-2014-6396 (Arbitrary write)
- CVE-2014-9376 (Negative index/underflow)
- CVE-2014-9377 (Heap overflow)
- CVE-2014-9378 (Unchecked return value)
- CVE-2014-9379 (Incorrect cast)
- CVE-2014-9380 (Buffer over-read)
- CVE-2014-9381 (Signedness error)
See:
https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/
Patches taken from repo CVE-patch, URL
git://github.com/NickSampanis/ettercap.git
- 88804bd3a900d273215855f7c567ec891d31e547 CVE-patch/589
- 103f16582ee88341a6a610378011781cdc866b0c CVE-patch/602
- 3f0c582826095c722ab6fbf91518282a765a0b68 CVE-patch/603
- cb7b2028dc03c628aa0a1a5130ca41421ddebcb2 CVE-patch/604
- edd337d5d4f37ab8e330c5e067344dd5b3f10435 CVE-patch/605
- 37dcfdf79e1ac6dcacd565894cd7717aa0224164 CVE-patch/606
- c2a3c99af956146570d7883e4b540b9d0c0a3c46 CVE-patch/607
- 6b196e011fa456499ed4650a360961a2f1323818 CVE-patch/608
- afe7061948e85f0a0fd417d5e4c681bfaf212f42 CVE-patch/609
- 9e9fdc7ed1ee8eba01a5a05e000b6c55d2a70923 CVE-patch/610
Thanks to Nick Sampanis <[email protected]> who is responsible for
both finding and repairing these issues.
Checksums-Sha1:
035c4a4d0d7f99f7d103556564b3e48cc8812d19 2419 ettercap_0.8.1-3.dsc
782debc9af21f2c5ac2a84ae8da8629317060ea0 14088 ettercap_0.8.1-3.debian.tar.xz
36bd7b3b49d603b98013f53b1f1d272abdf316f3 566846
ettercap-common_0.8.1-3_amd64.deb
5a370b4b6d994280b0597bc07abd330e5bf4f03d 51572
ettercap-text-only_0.8.1-3_amd64.deb
43e7ed90bc49ee7bb97a49568bfe63c2a60856cc 176376
ettercap-graphical_0.8.1-3_amd64.deb
417983706125e17f686704925c34507bcaffc239 1544636 ettercap-dbg_0.8.1-3_amd64.deb
Checksums-Sha256:
cf7c4cd9ed1046146a030e1544b8452ad25012ffc001eec9e5d6204298fec44f 2419
ettercap_0.8.1-3.dsc
da47bba88577bca989d8a229c9aec16591815e3c1b4f39194ca95357347d100c 14088
ettercap_0.8.1-3.debian.tar.xz
e79d7e241d95725db03609781cb356795c59f2e04e7ad02861e300b2a134ae1d 566846
ettercap-common_0.8.1-3_amd64.deb
30c4dcb1c392e3aa823741f5da867ce0d71919a73863f2cc65e9e241e1e53a97 51572
ettercap-text-only_0.8.1-3_amd64.deb
8f000c9521ce1ac186460032e6eadacb8780abe9f6b434edd95292a85d91deb2 176376
ettercap-graphical_0.8.1-3_amd64.deb
3a83291c7536518c5d5edf5e6e952dbc219c95c97b7ea66fac51fbf67f6472c2 1544636
ettercap-dbg_0.8.1-3_amd64.deb
Files:
85be940f45d0b00cefce43e268c1eeb7 2419 net optional ettercap_0.8.1-3.dsc
0537d1f72670709cd021abedd9f02117 14088 net optional
ettercap_0.8.1-3.debian.tar.xz
f1c33f2bdf393d2916223bfca97b7480 566846 net optional
ettercap-common_0.8.1-3_amd64.deb
e8570bbd11555244e7222de23802446a 51572 net optional
ettercap-text-only_0.8.1-3_amd64.deb
724c66bfbbfbd08fab3b9e04a385bb8e 176376 net optional
ettercap-graphical_0.8.1-3_amd64.deb
112aa7ea7bec86c565b165bbb7e42d6b 1544636 debug extra
ettercap-dbg_0.8.1-3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJUkpyaAAoJEBJbV0deGQ0YbgUP+wQONIe158mXbGduJZBytPNk
kP5Ehaa53gKUao69C4CRaHmXY/0XJFpP1cB6vT7ClE+3HUjFaRj4CJ9NDFVPDaAZ
DyW8pY3pqwDsdR88lTefep7iqJOAiSFpmNBboTyqSIBBtdgxyD0v6eVmQWwSzILT
E9jRM+qdJgEyoaoOvCWaH4eiuRMd71Jj5D6RDuUnTd98KzXSGo7Bpv/qqVv5Tfqp
QM21UVsDu2mlmV7/5d32/ZpggmoCTawrWBfIFro86Y+XwHgXWEq70Iy4RPkaGtPb
ABLuB75mMkX1jaUYYq83xa24dUWnhvHh5jvUh87359EgJKOlN0ti8MsTT3Yx2llQ
8w7rFC0GrPM4cltIIZrezch0+47p8p3sPxAE1WSA9si3YX0hiWPlUg2NcIuV1eGR
O0J+7EfZFDe+TENPK+DNMFlUftZKuShHGKuePBfoSOA8LX0anfG183EnkLe9aNAP
itzVt94Bv+PkaJynwJUxoAAG2UZba6+J3DHBAsy+5oiHwWZlNgD1bbQt3AfzeuP4
zlTi6/HDHem+Wjx1P3KmNlgrW+K13f9y4OuGcEXNz9lKpRTfymbxwFTqCW32XGU7
ROp0JuzsQiSrDI33OijKvdWlS4oJv9HoLGkXJtZKQxYMVwQPrOgNXGaL43I9Avyp
t8E7GdF8+BD2g56S3aWi
=sGom
-----END PGP SIGNATURE-----
--- End Message ---
