Your message dated Mon, 03 Jun 2019 23:49:09 +0000
with message-id <e1hxwhr-00066a...@fasolo.debian.org>
and subject line Bug#929916: fixed in libreswan 3.27-5
has caused the Debian Bug report #929916,
regarding libreswan: CVE-2019-12312
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
929916: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929916
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libreswan
Version: 3.27-4
Severity: grave
Tags: patch security upstream fixed-upstream
Justification: user security hole
Forwarded: https://github.com/libreswan/libreswan/issues/246
Control: fixed -1 3.28-1
Hi,
The following vulnerability was published for libreswan.
CVE-2019-12312[0]:
| In Libreswan before 3.28, an assertion failure can lead to a pluto IKE
| daemon restart. An attacker can trigger a NULL pointer dereference by
| sending two IKEv2 packets (init_IKE and delete_IKE) in 3des_cbc mode
| to a Libreswan server. This affects send_v2N_spi_response_from_state
| in programs/pluto/ikev2_send.c when built with Network Security
| Services (NSS).
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-12312
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12312
[1] https://github.com/libreswan/libreswan/issues/246
[2]
https://github.com/libreswan/libreswan/commit/7142d2c37d58cf024595a7549f0fb0d3946682f8
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libreswan
Source-Version: 3.27-5
We believe that the bug you reported is fixed in the latest version of
libreswan, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 929...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Kahn Gillmor <d...@fifthhorseman.net> (supplier of updated libreswan
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 03 Jun 2019 19:36:16 -0400
Source: libreswan
Architecture: source
Version: 3.27-5
Distribution: unstable
Urgency: medium
Maintainer: Daniel Kahn Gillmor <d...@fifthhorseman.net>
Changed-By: Daniel Kahn Gillmor <d...@fifthhorseman.net>
Closes: 929916
Changes:
libreswan (3.27-5) unstable; urgency=medium
.
* fix CVE-2019-12312 (Closes: #929916)
* bump Standards-Version to 4.3.0 (no changes needed)
Checksums-Sha1:
270ff238d6dd9b177cc483b4e3d95cd80b238761 1973 libreswan_3.27-5.dsc
49decf20caa34f9f25996480f06f1a74bebad774 16152 libreswan_3.27-5.debian.tar.xz
225bc6930865b62943ae7e203229fa61a3bac57e 10088 libreswan_3.27-5_amd64.buildinfo
Checksums-Sha256:
2b2cb5642d276f8f2d6e18512cf84f555e34c38f1d70a01de577807808ebafb0 1973
libreswan_3.27-5.dsc
b6736bf1a5f46c9c2a5f826d85c84dec3d2f2d13e3f685054675e767aa9c2864 16152
libreswan_3.27-5.debian.tar.xz
49824a2f8601e87b2b76aa86cd2269bccba064dd1b440af058b07e14cc177163 10088
libreswan_3.27-5_amd64.buildinfo
Files:
19465178eda3773e95972b419605e67b 1973 net optional libreswan_3.27-5.dsc
a7896e4e0324fc18a507ef3a2e07183d 16152 net optional
libreswan_3.27-5.debian.tar.xz
35d238db4c5ef28fe9c0ecab05000d9f 10088 net optional
libreswan_3.27-5_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQTJDm02IAobkioVCed2GBllKa5f+AUCXPWwoAAKCRB2GBllKa5f
+GUmAQDIHK0AbjIXMD3I8eCVtaXkkx6t+gGdXtEqcWu2iyU05gEAxEUX7LqXphsJ
MuGL1g2Z/t/ANeEPPi9ObtTatWJr/gg=
=u5IM
-----END PGP SIGNATURE-----
--- End Message ---
