Your message dated Sat, 06 Sep 2025 12:14:57 +0100
with message-id
<165032e5317517556dd7fd8cf24843112a3fb6ac.ca...@adam-barratt.org.uk>
and subject line Closing p-u requests for fixes included in 13.1
has caused the Debian Bug report #1112196,
regarding trixie-pu: package iperf3/3.18-2+deb13u1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1112196: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112196
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: [email protected]
Control: affects -1 + src:iperf3
User: [email protected]
Usertags: pu
Hi,
I'm iperf3 maintainer and there are two CVE fixed upstream. Version
3.19.1-1 with the fix is already in unstable and testing, and Adrian Bunk
uploaded the fix for bullseye a few days ago.
I am using my personal email, I am still having problems sending mail from
[email protected].
This is the fix for trixie. I have been emailing with Salvatore Bonaccorso
and both agree that DSA are not needed for these issues and the package can
go with the next trixie point release.
Details below, and debdiff attached. I will wait for your
instructions before doing the upload.
Debian bug report:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110376
CVE-2025-54349
| In iperf before 3.19.1, iperf_auth.c has an off-by-one error and
| resultant heap-based buffer overflow.
https://github.com/esnet/iperf/commit/42280d2292ed5f213bfcb33b2206ebcdb151ae66
patch:
https://github.com/esnet/iperf/commit/42280d2292ed5f213bfcb33b2206ebcdb151ae66.patch
This patch fails to apply but it is easy to do it by hand.
CVE-2025-54350
| In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion
| failure and application exit upon a malformed authentication
| attempt.
https://github.com/esnet/iperf/commit/de932ea16bc959f839d28d370f0602de52c5def1
patch:
https://github.com/esnet/iperf/commit/de932ea16bc959f839d28d370f0602de52c5def1.patch
This one applies with offset warnings.
Regards,
--
Roberto Lumbreras
Debian Developer
[email protected]
iperf3-trixie.debdiff
Description: Binary data
iperf3-trixie.debdiff.asc
Description: Binary data
--- End Message ---
--- Begin Message ---
Package: release.debian.org
Version: 13.1
Hi,
Each of the updates referenced by these requests was included in
today's 13.1 point release for trixie.
Regards,
Adam
--- End Message ---
