Bug#827116: marked as done (iperf3: CVE-2016-4303: JSON parsing vulnerability)

[Debian Bug Tracking System]

Your message dated Wed, 22 Jun 2016 22:24:30 +0000
with message-id <e1bfqzs-00043w...@franck.debian.org>
and subject line Bug#827116: fixed in iperf3 3.1.3-1
has caused the Debian Bug report #827116,
regarding iperf3: CVE-2016-4303: JSON parsing vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
827116: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827116
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: iperf3
Version: 3.0.7-1
Severity: grave
Tags: security upstream fixed-upstream

Hi,

the following vulnerability was published for iperf3.

CVE-2016-4303[0]:
JSON parsing vulnerability

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-4303
[1] 
https://raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.asc

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: iperf3
Source-Version: 3.1.3-1

We believe that the bug you reported is fixed in the latest version of
iperf3, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 827...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Raoul Gunnar Borenius <boren...@dfn.de> (supplier of updated iperf3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 22 Jun 2016 17:01:13 +0200
Source: iperf3
Binary: iperf3 libiperf0 libiperf-dev
Architecture: source
Version: 3.1.3-1
Distribution: unstable
Urgency: medium
Maintainer: Raoul Gunnar Borenius <boren...@dfn.de>
Changed-By: Raoul Gunnar Borenius <boren...@dfn.de>
Description:
 iperf3     - Internet Protocol bandwidth measuring tool
 libiperf-dev - Internet Protocol bandwidth measuring tool (development files)
 libiperf0  - Internet Protocol bandwidth measuring tool (runtime files)
Closes: 827116
Changes:
 iperf3 (3.1.3-1) unstable; urgency=medium
 .
   * new upstream version which fixes CVE-2016-4303 (Closes: #827116)
   * enabled hardening flags
   * bumped standards version to 3.9.8
Checksums-Sha1:
 106d5271f887e41ad091ce2244ec1914591e050a 1797 iperf3_3.1.3-1.dsc
 04fdab968f7c20fe5410fb5e1c88b18b1c5ac29a 546899 iperf3_3.1.3.orig.tar.gz
 0088a874371e0a3409a8d0dfd498ac0372c6b117 4276 iperf3_3.1.3-1.debian.tar.xz
Checksums-Sha256:
 9b3fa476200bdac4ede98dbeeb469ef3fceecf0174ea9eeb553e4bfbc05bf262 1797 
iperf3_3.1.3-1.dsc
 60d8db69b1d74a64d78566c2317c373a85fef691b8d277737ee5d29f448595bf 546899 
iperf3_3.1.3.orig.tar.gz
 cb506206a77caab6c746b65b38528af07c4ec21d9cedbe17b9bb2ffbdf645076 4276 
iperf3_3.1.3-1.debian.tar.xz
Files:
 76225b0b0aa27b4cea361c7282f40764 1797 net optional iperf3_3.1.3-1.dsc
 3fb849c24a2370af60687cf673b67bc7 546899 net optional iperf3_3.1.3.orig.tar.gz
 1eab2db9936b956d021abb4d7b0533e0 4276 net optional iperf3_3.1.3-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXawicAAoJED0Hh6qvbGHdAy8QAKwpTRlD1GDiY/4/XH1oNdnV
DD6ynhD4nvzpxZTaT13dX0MN5ZuN1kK+VTdBojZ367UPzO2yCYr2RFuQpmK5NTBn
N2OgVSs4rc3AILACyG9tlgsFSJuhF4Mg4HWgDkzqGV5RBLFSlBtE8XHCjNzjnwJx
Cb+s9MLNaOTYofetgGwMrrJmsFf7OMnEYEYld9agX5AVLY31pjtSRhkS1/jg7vaI
0dHmOjmJs6xiu2RmvYV16TM12Oh+VYS+lvlTMEjgiVKN63b1I0a2pXu3HwSE4uVn
5MPTmsUR4LdztotqpL8pXhE6zIGSubsctPHUrjPfPFqzUg/pfU6+uFkrojEwrwX4
Xj7Ba0MaGim66a6rla0qqQ6A1ploGmppGrOuMT9bIzPyFUj9MxCmMT7jNiTgQoCs
Qv97aPghtatwk5tzDb3MopzWRC/Cy1GCH6TfuNXRO7Qgv8tlkZgUD9gpHmPDb0q1
87kg4mBSsN9i0hkgLFHe0h9bn0XcW818K8BNeGf24q+h8mv8Y69JNF6qvCbrF/vB
rMjSFfqPzS1gF4D4KjRezMGEYxxHJH5ltFxfLEp68pbKM1yR9gsaZJ9rfkRFtwgZ
XPdzi8wk9JSg67qzfA3clVs1qI0ui/llaRfBPNXlBhascstGTANUWEwVlMpTwZS1
/VJu7dkkieicmfXmTt2Z
=HcD/
-----END PGP SIGNATURE-----

--- End Message ---