Your message dated Sat, 24 Apr 2021 09:47:07 +0000
with message-id <[email protected]>
and subject line Bug#985088: fixed in freediameter 1.2.1-7+deb10u1
has caused the Debian Bug report #985088,
regarding CVE-2020-6098
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
985088: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985088
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: freediameter
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team <[email protected]>
Please see https://talosintelligence.com/vulnerability_reports/TALOS-2020-1030
Possible fix:
http://www.freediameter.net/trac/changeset/19ab8ac08a361642e7f9ec9f2657202c6f8ef9ee/freeDiameter?old=edfb2b662b91af94b2fccc48b11eec904ccab370
--- End Message ---
--- Begin Message ---
Source: freediameter
Source-Version: 1.2.1-7+deb10u1
Done: Thorsten Alteholz <[email protected]>
We believe that the bug you reported is fixed in the latest version of
freediameter, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thorsten Alteholz <[email protected]> (supplier of updated freediameter
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 13 Jul 2020 19:03:02 +0100
Source: freediameter
Binary: freediameter freediameter-extensions freediameter-extensions-dbgsym
freediameterd freediameterd-dbgsym libfdcore6 libfdcore6-dbgsym libfdproto6
libfdproto6-dbgsym libfreediameter-dev
Architecture: source
Version: 1.2.1-7+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Debian Mobcom Maintainers
<[email protected]>
Changed-By: Thorsten Alteholz <[email protected]>
Description:
freediameter - Implementation of the freeDiameter protocol - metapackage
freediameter-extensions - Extensions for the Diameter protocol
freediameterd - Daemon for the Diameter protocol
libfdcore6 - FreeDiameter - library for the Diameter protocol
libfdproto6 - Library for manipulating Diameter messages and dictionary
libfreediameter-dev - Library for the Diameter protocol (development files)
Closes: 985088
Changes:
freediameter (1.2.1-7+deb10u1) buster; urgency=medium
.
* Team upload
* CVE-2020-6098 (Closes: #985088)
Anybody can send a specially crafted Diameter request, which triggers
a memory corruption and thus results in a denial-of-service.
Checksums-Sha1:
e1ce5dde4dca793e9c39dcbf5ac9e1ade9e03637 2649 freediameter_1.2.1-7+deb10u1.dsc
9ea9797ab25174fc874694c9d59ab72cc4bbb6c0 903662 freediameter_1.2.1.orig.tar.gz
2d5a4c4663a50596b6cfda0807ac7e7fb182431d 10872
freediameter_1.2.1-7+deb10u1.debian.tar.xz
Checksums-Sha256:
e052cafdabc9e083d5451272dd33157e9394d795b6e028da8194b58fe452c7eb 2649
freediameter_1.2.1-7+deb10u1.dsc
b959ecb54b0268906ef0c33fd162f9a756367beb6f89cc77063b651f953b62ed 903662
freediameter_1.2.1.orig.tar.gz
8d87c4b502cf582f9aa7c953259700c489acf87184744280e2a71aa965e8d443 10872
freediameter_1.2.1-7+deb10u1.debian.tar.xz
Files:
49739c278efd63a70f9c650e44563e7b 2649 libs optional
freediameter_1.2.1-7+deb10u1.dsc
2fbdd9f6195e1a7329e1ffb226540bac 903662 libs optional
freediameter_1.2.1.orig.tar.gz
6bc0893a38dbd555190ffb3c4e9bd489 10872 libs optional
freediameter_1.2.1-7+deb10u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmB+l4NfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR2fGD/sEpRxeJawhkM0cd4yZIUlGtP/5HerQ
jqFoUQyLS3+E594qcpXTC6uKqUwOlM21gkPvZlJoHIBNIFxIqLcLJiqyWane1psU
b7lPOgGAAgxpseKJXskVbfrLuMaF9UxMQIH7sAZVYVQNjRe5qSllEXzAQTkr85dF
Xl/Mcvufdw4au3MlKF6O1XJWsx/akRtzvHfUfqfB2NW1wZF8zu5zOfZWaasIdqL5
Jg7NQx0d7EmC+9nH1I957kbjd+2ODQRfobJHYGbqUY5RgaZZKCTQ+U6Ii0vKqK8f
oGHJq+uxFZWIcIbs2jIMps8xrnCr/y9nufGygWfheZW9WfFScScBTGk7lrnRrI8p
CJa2utCvU1PwgoRggdyXdKHAq/sCdrtvRkSs38LYj5b7BPZQ2CBGeBjEAPsfZ1eW
I8SbJbIc4db86DR3V1QT3d+okSIdrmZd45qSpEJaA+iCEyufewGbGiXHLG3i5hz9
NOzNC6kv08W+RETWBVzZ0qgQeMkoaAFfzVPw9l4Rcv+0ezamJ442xRvlj+h9tWqX
ZKcyWUkaZKS2/EHpZ34+n7bxAAfoRalgkwZ0WdkJuu96ykv0INGdrPmJFsbfIEav
AL8vG0qsdDiEgrVf8Jf3y7tPbQpHuvIhTw/1WTebV7c+FlHlD4VGOp2sCcB67CUm
H2bALz4R4EtWfw==
=3GX5
-----END PGP SIGNATURE-----
--- End Message ---