Your message dated Fri, 03 Sep 2021 11:00:10 +0000
with message-id <[email protected]>
and subject line Bug#990528: fixed in ndpi 4.0-1
has caused the Debian Bug report #990528,
regarding ndpi: CVE-2021-36082
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
990528: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990528
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ndpi
X-Debbugs-CC: [email protected]
Severity: grave
Tags: security
Hi,
The following vulnerability was published for ndpi.
CVE-2021-36082[0]:
| ntop nDPI 3.4 has a stack-based buffer overflow in
| processClientServerHello.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30393
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ndpi/OSV-2021-304.yaml
https://github.com/ntop/nDPI/commit/1ec621c85b9411cc611652fd57a892cfef478af3
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-36082
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36082
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: ndpi
Source-Version: 4.0-1
Done: Gianfranco Costamagna <[email protected]>
We believe that the bug you reported is fixed in the latest version of
ndpi, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gianfranco Costamagna <[email protected]> (supplier of updated ndpi
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 27 Aug 2021 14:04:41 +0200
Source: ndpi
Binary: libndpi-bin libndpi-bin-dbgsym libndpi-dev libndpi-wireshark libndpi4.0
libndpi4.0-dbgsym
Architecture: source amd64
Version: 4.0-1
Distribution: unstable
Urgency: medium
Maintainer: Ludovico Cavedon <[email protected]>
Changed-By: Gianfranco Costamagna <[email protected]>
Description:
libndpi-bin - extensible deep packet inspection library - ndpiReader
libndpi-dev - extensible deep packet inspection library - development files
libndpi-wireshark - extensible deep packet inspection library - wireshark
dissector
libndpi4.0 - extensible deep packet inspection library - shared library
Closes: 990528
Changes:
ndpi (4.0-1) unstable; urgency=medium
.
* New upstream version 4.0
- CVE-2021-36082 Closes: #990528
* Refresh patches
* bump somane from 3.4 to 4.0 and refresh symbols
* update copyright file
* add patch to force usage of system uthash
Checksums-Sha1:
9368ab2cc4cc68b53cece39dbcf70990ef20972c 2105 ndpi_4.0-1.dsc
ed8837de7b061ed6c03862f77e1901c3596c9d5e 120053617 ndpi_4.0.orig.tar.gz
d000afa180d0c13e80163d21007a19ea03a3ea71 14760 ndpi_4.0-1.debian.tar.xz
38f366c70d5c2c898565553c718a2fb4cb5b9a8c 163604
libndpi-bin-dbgsym_4.0-1_amd64.deb
856f1ca4c0d5d23ef3bdcacf3573888e9a4a7da6 70972 libndpi-bin_4.0-1_amd64.deb
0f70ffad100b2be318260e01db500161726910c3 401512 libndpi-dev_4.0-1_amd64.deb
6d9862debe65f3235870aaa8a8a37710d552f7ec 26824
libndpi-wireshark_4.0-1_amd64.deb
cba321fcb178c4db0c464e76af0f5c2ecd3a6dc5 557392
libndpi4.0-dbgsym_4.0-1_amd64.deb
6c801a02b712686a7b0a4441def96c963ebaaa1c 313076 libndpi4.0_4.0-1_amd64.deb
3c0ae89639545895b23836c856460ecb1e01b6d1 8281 ndpi_4.0-1_amd64.buildinfo
Checksums-Sha256:
3ee0cda773aa1d65661af91b1c318444c855c60218f4a71f556ebde675d714e9 2105
ndpi_4.0-1.dsc
99e0aba6396fd633c3840f30e4942f6591a08066d037f560b65ba64e7310f4d6 120053617
ndpi_4.0.orig.tar.gz
b0e318a5c86ccd7deba1ad1e0f4711ea31e5f20f3558b3ede675dca4320021b1 14760
ndpi_4.0-1.debian.tar.xz
1f4c2b16d6b4965c8209db5b0c7d0cc5130cd6ba517dfc6df26761078fa24992 163604
libndpi-bin-dbgsym_4.0-1_amd64.deb
180f336463d8cabc77c1b4b24a422368fcd94fbc766371d44a137f1dfec236cd 70972
libndpi-bin_4.0-1_amd64.deb
8b721104512175cc597b1ebd4b5c6d7df589ab995f07e182c91276ddb1245a3e 401512
libndpi-dev_4.0-1_amd64.deb
ef614cd42bb8bc7540412554d9bc82a4fd3277c3f5ec46195ff3a34f5c06b00c 26824
libndpi-wireshark_4.0-1_amd64.deb
f1f0eb4d3d3db5fd8099d2fa0d0b89c1d36897bbab6dbd2c266f77fa372bcc50 557392
libndpi4.0-dbgsym_4.0-1_amd64.deb
7f42452436960b2f4a23e5cca880726a288b1c94fbcee3a842274e2b237c0cf9 313076
libndpi4.0_4.0-1_amd64.deb
95a41e70da12bf3706c2f16b5b46770d063ee49d65f65be7b4de28d291432db6 8281
ndpi_4.0-1_amd64.buildinfo
Files:
c51e3eb1dab88f331fba2bb2322a0797 2105 libs optional ndpi_4.0-1.dsc
533296eb09ab27499b6881f3411aa22b 120053617 libs optional ndpi_4.0.orig.tar.gz
e974eda49cd8901134ffc8dd1fccab83 14760 libs optional ndpi_4.0-1.debian.tar.xz
1e5bf79326cd5ff4c1b30ce3cca981d3 163604 debug optional
libndpi-bin-dbgsym_4.0-1_amd64.deb
320185c48a05c4c4056304f74c714aca 70972 libs optional
libndpi-bin_4.0-1_amd64.deb
3c4aad7a4058d88ad8ce7522a0fcda7a 401512 libdevel optional
libndpi-dev_4.0-1_amd64.deb
39b2fed2ddf67253fc7fd6eedc580149 26824 libs optional
libndpi-wireshark_4.0-1_amd64.deb
84b64dc70ce705019d56b1e93ac00a1e 557392 debug optional
libndpi4.0-dbgsym_4.0-1_amd64.deb
b642cecf0728de57a7e930065d4d827e 313076 libs optional
libndpi4.0_4.0-1_amd64.deb
b3c45e779c67ce3a07ebed244ff21fc4 8281 libs optional ndpi_4.0-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEkpeKbhleSSGCX3/w808JdE6fXdkFAmEo2HAACgkQ808JdE6f
Xdmj5xAAtxkuHYLEHs+se2poZy0nBdgRLljvDEZYOtZBIyMId7SetLXiqSBwusMT
Q2GgByR/QFXIudBVbcVoOGtyJDrQyMqLEAGAfuPeypJTIvkWtNFCHYtxosawxMNh
CG4DsUyN7fCX+ufXl//JREnmpVlHMWBwYFiQXbp8B8a8vL4DzJBOmeQSKg2AlPDO
+Ch5C936dmaGlzZa34SsMJGvpPoRJjfOZkwjrztPOJfuUYVyV8t/7pRKAYn5oUAu
S90nFcGjY2fK203ZDasoGbEKWkdPRaS/nD5eCRBvhboxZJ4vUPiLy8Ldk+ARKsIY
GlfEO9XlFhXQ2w5i5NlqM+e6rKK5V8lXJleXcpEE7XaaviUaiwSGl+AABjFFPaht
j40o3mculJ3wvU+EZrpqUEwBv7H9d1Ik8ECnivckcnjXlpNIWtKeUoQRG0X3uKt4
i/O46GbujGp5yzu8HkVL2xFrsD3mVC0OENGDGBEwk9TmBgBm6xKheQ2Ajl+my1yo
OmIl4/hFPTRNX/ATays3xSDKG8zDYYYb3QjodcML2SboTlJhzBt9gMbLI86qqdHY
ccA2QolyV17hjJY5NuGTJ4lWZaxxLnN31vsDXYrtrFREuhW0hsOEAPW99a2pupFh
J0J/tvUMOy79+2JN/cCyoP4dGbh2OkZhBN0Mzk+BP7t1NcbunCU=
=BLMW
-----END PGP SIGNATURE-----
--- End Message ---
