Your message dated Mon, 25 Oct 2021 14:48:39 +0000
with message-id <[email protected]>
and subject line Bug#994790: fixed in hcxtools 6.2.4-1
has caused the Debian Bug report #994790,
regarding hcxtools: CVE-2021-32286
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
994790: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994790
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: hcxtools
X-Debbugs-CC: [email protected]
Severity: grave
Tags: security
Hi,
The following vulnerability was published for hcxtools.
CVE-2021-32286[0]:
| An issue was discovered in hcxtools through 6.1.6. A global-buffer-
| overflow exists in the function pcapngoptionwalk located in
| hcxpcapngtool.c. It allows an attacker to cause code Execution.
https://github.com/ZerBea/hcxtools/issues/155
https://github.com/ZerBea/hcxtools/commit/e6505ddc262bc3254b39844895ebac70861001d2
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-32286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32286
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: hcxtools
Source-Version: 6.2.4-1
Done: Paulo Roberto Alves de Oliveira (aka kretcheu) <[email protected]>
We believe that the bug you reported is fixed in the latest version of
hcxtools, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Paulo Roberto Alves de Oliveira (aka kretcheu) <[email protected]> (supplier
of updated hcxtools package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 15 Oct 2021 16:09:00 -0300
Source: hcxtools
Architecture: source
Version: 6.2.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Security Tools <[email protected]>
Changed-By: Paulo Roberto Alves de Oliveira (aka kretcheu) <[email protected]>
Closes: 974484 994790
Changes:
hcxtools (6.2.4-1) unstable; urgency=medium
.
[ Ulises Vitulli ]
* Use Salsa-CI template
.
[ Paulo Roberto Alves de Oliveira (aka kretcheu) ]
* New upstream version 6.2.4.
* Fixed CVE-2021-32286 global-buffer-overflow (Closes: #994790)
* Using new DH level format. Consequently:
- debian/compat: removed.
- debian/control: changed from 'debhelper' to 'debhelper-compat' in
Build-Depends field and bumped level to 13.
* debian/control:
- Added 'Rules-Requires-Root: no' to source stanza.
- Bumped Standards-Version to 4.6.0.1.
- Fixed uploader name.
- Added new build dependencies (openssl, pkg-config).
- Changed ieee-data arch dependency to all.
- Changed maintainer to team+pkg-security
and put myself and Ulises as uploader.
* debian/copyright:
- Updated packaging copyright years.
- Included kretcheu.
* debian/hcxtools.lintian-overrides: updated and fixed spell errors.
* debian/patches/:
- Added 01-fix-spell-errors.patch: fix spell errors.
- Added 02-fix-cross-build.patch to solve cross build error.
* debian/rules:
- Removed '-Wl,--as-needed' not required now.
- Fixed string that generate manpage.
* debian/watch: updated watch file.
* debian/tests/:
- Added superficial restriction. (Closes: #974484).
- Included tests for all binaries.
* Added upstream metadata file.
* Added upstream signing key.
Checksums-Sha1:
d64171690da7aea66258e6617ce23a00f6063622 2101 hcxtools_6.2.4-1.dsc
2548f5078133cf150e1e2d6237e2600992f8b868 147077 hcxtools_6.2.4.orig.tar.gz
b2b3fcab0ef13b5f0d7a62b72ba4d55d697d7bd3 5676 hcxtools_6.2.4-1.debian.tar.xz
c234e7857bbf4088a4a951b5377abb1249a32155 6853 hcxtools_6.2.4-1_amd64.buildinfo
Checksums-Sha256:
28fa8b2eefc41eab36af9f5d0f7df40ebb75374f02dc209b7cd560c3c5a16ad0 2101
hcxtools_6.2.4-1.dsc
74299313dd15ed38f07b42201903ab85ebbc3ad220a01fff1bd5c967cfea817d 147077
hcxtools_6.2.4.orig.tar.gz
952262adb321f81dd3b2f6c1fc690a39382ee1145e98aa3f359c10af2bf8e203 5676
hcxtools_6.2.4-1.debian.tar.xz
c10eb5676f430c56325002d1e658d7f3eeb0b21513987391d9d79c5453eb3110 6853
hcxtools_6.2.4-1_amd64.buildinfo
Files:
dbcdd1385785bd405050fb8cd8fa5908 2101 net optional hcxtools_6.2.4-1.dsc
41aa9bc1a51b23091912188751b6086a 147077 net optional hcxtools_6.2.4.orig.tar.gz
6194e88c239920c030122ef227b5cf06 5676 net optional
hcxtools_6.2.4-1.debian.tar.xz
9487a4b12f973692003c99df9927ee44 6853 net optional
hcxtools_6.2.4-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEBdtqg34QX0sdAsVfu6n6rcz7RwcFAmF2wDAACgkQu6n6rcz7
RwfelQ/5AY9LKnUGC4eGQKgcLIokjGS3FA3UQQIuHTUiaf+7+a++nfpMrJm+k/i8
PH8KIA6bGWLiwXHuLf+/DmBoxRWGUxWEh650fwNbwOZNlIvPLglq7GZKkKhIEdil
9iRhP1sOWHorj1jOSur1VLwG7y7hBymCmeRr1R/3+8E8qCmSBPJZUvlYNssRTK/E
1kIB/bbEgTmpin6s02HK5C8HmEAKYZBkd1QPM+nl3zYSBMBB67eklCrwNgnVsZc/
4TF45omIaaBVv/t1JyN4Xgs7ISczmEP7V7KfIoGixAabnTRWGsXd5hmNvQ9Wm8eo
RQzli43mGicHsodMAtbRnUro/joH+CMGsY7upfJiTEYJt2/Brnj/OGtjTVz8WQG9
CltIAx0/xJ1vDFNEsa4sP/CHoVbOoQyUSGfZh6/+nj/y7TQ3zksHOAeVfvwy9Xj0
F2215vurE+0PHEdoxTDBgeRVnxurxVQWzUUBxRWBH8YHUL2Uc5KiF0sE84ef+Les
/Rw6wdJ5oO5zRp9lNdCTpB31S2tZBWToh58U8JbWnyDE3QCrq4cNSUGLGbyI6Tq1
L0JO2Vtx3KwbFa8OMRVqjNpq5Y4Gl+HaCIOusk+cMJU1Bt/M0ES1TWgKXj5Ql1tG
cXYxnBL3OwM0fd4DpeAkncUmEODpZssCPTofO4xXddJAn+jLhMU=
=VQ4r
-----END PGP SIGNATURE-----
--- End Message ---