Your message dated Mon, 16 Jan 2023 21:17:08 +0000
with message-id <[email protected]>
and subject line Bug#1027273: fixed in openvswitch 2.15.0+ds1-2+deb11u2
has caused the Debian Bug report #1027273,
regarding openvswitch: CVE-2022-4337 CVE-2022-4338
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1027273: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027273
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: openvswitch
Version: 3.1.0~git20221212.739bcf2-3
Severity: grave
Tags: security upstream
Forwarded: https://github.com/openvswitch/ovs/pull/405
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerabilities were published for openvswitch.
Filling as RC to make sure the fix can reach bookworm release.
CVE-2022-4337[0]:
| Out-of-Bounds Read in Organization Specific TLV
CVE-2022-4338[1]:
| Integer Underflow in Organization Specific TLV
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-4337
https://www.cve.org/CVERecord?id=CVE-2022-4337
[1] https://security-tracker.debian.org/tracker/CVE-2022-4338
https://www.cve.org/CVERecord?id=CVE-2022-4338
[2] https://github.com/openvswitch/ovs/pull/405
[3] https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html
[4] https://www.openwall.com/lists/oss-security/2022/12/20/2
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: openvswitch
Source-Version: 2.15.0+ds1-2+deb11u2
Done: Thomas Goirand <[email protected]>
We believe that the bug you reported is fixed in the latest version of
openvswitch, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <[email protected]> (supplier of updated openvswitch package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 03 Oct 2022 12:59:27 +0200
Source: openvswitch
Architecture: source
Version: 2.15.0+ds1-2+deb11u2
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian OpenStack <[email protected]>
Changed-By: Thomas Goirand <[email protected]>
Closes: 1027273
Changes:
openvswitch (2.15.0+ds1-2+deb11u2) bullseye-security; urgency=medium
.
* Fix ovs-dpctl-top by removing 3 wrong hunks in py3-compat.patch.
* CVE-2022-4337 & CVE-2022-4338: Out-of-Bounds Read and Integer Underflow in
Organization Specific TLV. Added upstream patches (Closes: #1027273).
Checksums-Sha1:
a3027ea346e4cdbc1b771d3323b7802d89bfbd72 3180
openvswitch_2.15.0+ds1-2+deb11u2.dsc
23e1e6493c66a7af4b454c473c34f1ed5de4b9cf 3721240
openvswitch_2.15.0+ds1.orig.tar.xz
e8514245add5f997f81832cb9bd321e3b492bf70 54040
openvswitch_2.15.0+ds1-2+deb11u2.debian.tar.xz
ed95acd0db0935ad1b5fc381752265ff642e47fc 21970
openvswitch_2.15.0+ds1-2+deb11u2_amd64.buildinfo
Checksums-Sha256:
6b9af72d052ed38cc35e309bca041e896d8859022b8f4b599d03b103e6114e1d 3180
openvswitch_2.15.0+ds1-2+deb11u2.dsc
801aeb7e4135f20ebb965df47527ce1118da25ac143a975113f4f0d2c7be62ab 3721240
openvswitch_2.15.0+ds1.orig.tar.xz
fb5580da1365fd9bbb1de0d1b17d6b0027b5659daa64eae8adebb908f423757d 54040
openvswitch_2.15.0+ds1-2+deb11u2.debian.tar.xz
4e5e33bac7f768e0601fb43da81a332d5a10a368c3f46b3e07e1db3a6502138b 21970
openvswitch_2.15.0+ds1-2+deb11u2_amd64.buildinfo
Files:
4322b65be1e8c2db43401253240cea24 3180 net optional
openvswitch_2.15.0+ds1-2+deb11u2.dsc
534a718be0dac829f71f02bc4e89fe1f 3721240 net optional
openvswitch_2.15.0+ds1.orig.tar.xz
024a68141a69d72c59aa854a4c681af6 54040 net optional
openvswitch_2.15.0+ds1-2+deb11u2.debian.tar.xz
d940001372210fbb4926a4d8aa5e7a03 21970 net optional
openvswitch_2.15.0+ds1-2+deb11u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmPBEIwACgkQ1BatFaxr
Q/4NHRAAj6txhSM5hwkldU/hMT/wNuPKSqndZy2FC4TrDXfzYGDUfROZk6x5ClKr
ozIZ/nsMBViJVTXPybhrNJnFhALW/CY3nLNuLbqqxkFfHZAqrHLdJf9qclBTvChd
i6RO/xnNzip9KmrfNA+8WSpgfK7Vuq46qIxKxKrix7VSq/V5297oYzS7kkFCzEBg
gaDQ84F66ByL/Mi7fWHwu1dhpKCJMRR1kU9bniwbTr4pyYQCznXPO2+qDMtFjoeP
NH1IewlZggTIpvgYrU2qkHOIB4V6S9KoXgeYpxGnzLFYM0KGeN+upKL5rEApJEKu
+kh4jfIiS8x9BueNIe05BraFkP4h+/GYWwZ0pyi5UGy90wrmYQqcMIXcH2YXUk1e
4YL7i2iWyr6yy/HHZbr4qKpba5W835aCWiKKO7f6qzvEaoWHsWDGjyQTawefJTeN
04amnzLvIcrHeIRC3tUrF2ZXLKA1eF/Z93hM/7CrMuRHMvofscZNP+v4/bhdDz2g
PeAF3z1j2etfRuL5GbBWeTH84uJ6SJC6S6QwHx+J/oaPy/CpAXB7O9KndYJuGnXw
ZkM3zj0QbNBh44Q4HNY1ZtR6jwacXyOu0hZRdyAggfbHsE/vaKLIgWwA+2Y0qqki
I2ghdMoswWBWl9zRxpnvvvdz+IpZ6cNM8AKAPJq7G+09d78iiWM=
=n07G
-----END PGP SIGNATURE-----
--- End Message ---
