Bug#980132: marked as done (openvswitch: CVE-2020-27827)

Thu, 14 Jan 2021 23:36:15 -0800 

Your message dated Fri, 15 Jan 2021 07:33:35 +0000
with message-id <[email protected]>
and subject line Bug#980132: fixed in openvswitch 
2.15.0~git20210104.def6eb1ea+dfsg1-4
has caused the Debian Bug report #980132,
regarding openvswitch: CVE-2020-27827
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
980132: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980132
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: openvswitch
Version: 2.15.0~git20210104.def6eb1ea+dfsg1-3
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 2.10.0+2018.08.28+git.8ca7c82b7d+ds1-12+deb10u2
Control: found -1 2.10.0+2018.08.28+git.8ca7c82b7d+ds1-12

Hi,

The following vulnerability was published for openvswitch.

CVE-2020-27827[0]:
| lldp: avoid memory leak from bad packets

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-27827
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27827
[1] https://mail.openvswitch.org/pipermail/ovs-announce/2021-January/000269.html
[2] 
https://github.com/openvswitch/ovs/commit/78e712c0b1dacc2f12d2a03d98f083d8672867f0

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: openvswitch
Source-Version: 2.15.0~git20210104.def6eb1ea+dfsg1-4
Done: Thomas Goirand <[email protected]>

We believe that the bug you reported is fixed in the latest version of
openvswitch, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Goirand <[email protected]> (supplier of updated openvswitch package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 15 Jan 2021 08:10:49 +0100
Source: openvswitch
Architecture: source
Version: 2.15.0~git20210104.def6eb1ea+dfsg1-4
Distribution: unstable
Urgency: high
Maintainer: Debian OpenStack <[email protected]>
Changed-By: Thomas Goirand <[email protected]>
Closes: 980132
Changes:
 openvswitch (2.15.0~git20210104.def6eb1ea+dfsg1-4) unstable; urgency=high
 .
   * CVE-2020-27827: denial of service attacks in which crafted LLDP packets
     could cause memory to be lost when allocating data to handle specific
     optional TLVs. Applied upstream patch: lldp: do not leak memory on multiple
     instances of TLVs (Closes: #980132).
Checksums-Sha1:
 e33b619719cf56c41a03c1e766c19e1deaef062f 3316 
openvswitch_2.15.0~git20210104.def6eb1ea+dfsg1-4.dsc
 e308d11989329b67edab9aa869f5638ec5f665c2 51812 
openvswitch_2.15.0~git20210104.def6eb1ea+dfsg1-4.debian.tar.xz
 e475261b8146323dd8c5bd854ae453cd523d6f66 20149 
openvswitch_2.15.0~git20210104.def6eb1ea+dfsg1-4_amd64.buildinfo
Checksums-Sha256:
 489bdd6986556f695b83a613f4c68b7eff5bf7b7c3f6e8055d18a735eb206065 3316 
openvswitch_2.15.0~git20210104.def6eb1ea+dfsg1-4.dsc
 0a3ca785405097595c3eb9cd9dd02d80a41c3250b7413665b633fbc7888ea13f 51812 
openvswitch_2.15.0~git20210104.def6eb1ea+dfsg1-4.debian.tar.xz
 baf4c9940d0978c681bbd97616bdb029fc81f3e7c8beedb44364684a5dd7fb8f 20149 
openvswitch_2.15.0~git20210104.def6eb1ea+dfsg1-4_amd64.buildinfo
Files:
 8b5ef8b5ed85c223fd70270ec030b779 3316 net optional 
openvswitch_2.15.0~git20210104.def6eb1ea+dfsg1-4.dsc
 b034af24d3ec42c0abb836dd45babd27 51812 net optional 
openvswitch_2.15.0~git20210104.def6eb1ea+dfsg1-4.debian.tar.xz
 3b58fac1f3d852458682b0431bbcbe3f 20149 net optional 
openvswitch_2.15.0~git20210104.def6eb1ea+dfsg1-4_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmABQoYACgkQ1BatFaxr
Q/5ONQ/8CsqAkytviEIoJM54JKfzCuCQwEJ6EZL+Js4kIsFMs5e3m66MEPb0JHIR
VlxD2ID8wOaYW1mw8HMWThjW9kvssZcduIgl3ayl7amh/DbyVC8xAFDADwmO8B2L
JzTFfh/JtnKqkZpAajBMvkPZ5sL7NKMIdmg2jKVCYpIP2TTwNLk3D9AOFIaTHYRz
YEAeLzp2JiQlokQCYBpwbg2gla7EvuuY4YyDb5nFMfwG4G8p6ajCFLtxJNbgatAN
/DTHLsNiUHT8xqCFxD8KmDq5Zz26ZVBEm9vn56xYHKIvkOf/EbzND2bwsa9UoCf9
QgKtq0cIF/MFacud/WQg9ObydvCCWN0VjiIwwvDnmyihmqhQeDdyIVkD2c/vnFud
CbgdHhQSltNNrj0/XY/6v7GgJv0dYmDcuRnr6IcxBOsPKk1xKuMptvT7jn0wM3Xi
c84ktEDP8fny4n8iY/9zPnPf7VC2Qaj8eNrcMkraVQCb1jmKEBTOMaZUjKyGu5Wn
OqqLmHb7NvHV86QvF3F05VTeqqaSK4ldSLMYQtWXm4jxfQOt+oFWzQ0u62L1Sw40
hohEyvxnsTjSFWbpQoqQ921xtf0eAP6cjKQ3ANoHA1K+ArHcTb9OzxR8pCRXHg2D
hLPNyX6utAh3lFgKxoGgUJii9ILH8uF/uEKFBSfch8cYM8UzAto=
=2GQX
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to