Your message dated Thu, 9 Dec 2021 23:14:30 +0100
with message-id <[email protected]>
and subject line Closing 991301
has caused the Debian Bug report #991301,
regarding syncthing-relaysrv: Security issue due to CVE-2021-21404 for all
versions <1.15.0
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
991301: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991301
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: syncthing-relaysrv
Version: <1.15.0
Severity: normal
Tags: newcomer
Dear Maintainer,
This is a copy of the text from CVE-2021-21404 because I cannot see that the
problem is allready fixed in downstream versions:
Syncthing is a continuous file synchronization program. In Syncthing before
version 1.15.0, the relay server `strelaysrv` can be caused to crash and exit
by sending a relay message with a negative length field. Similarly, Syncthing
itself can crash for the same reason if given a malformed message from a
malicious relay server when attempting to join the relay. Relay joins are
essentially random (from a subset of low latency relays) and Syncthing will by
default restart when crashing, at which point it's likely to pick another non-
malicious relay. This flaw is fixed in version 1.15.0.
It is not installed on my system but of relevant security issue it should be
fixed on all versions.
--- End Message ---
--- Begin Message ---
Hello,
I'm closing #991301 since it has already been dealt with
by the security team. See [1] and [2] for more details.
Cheers,
[1]: https://security-tracker.debian.org/tracker/CVE-2021-21404
[2]: https://bugs.debian.org/986593
--
Aloïs Micard <[email protected]>
GPG: DA4A A436 9BFA E299 67CD E85B F733 E871 0859 FCD2
OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---
_______________________________________________
Pkg-go-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-go-maintainers
