Hi Romain,
On Sat, Aug 26, 2017 at 10:20:30PM +0200, Romain Francoise wrote:
> Hi,
>
> On Wed, Jul 26, 2017 at 03:27:05PM +0300, Henri Salo wrote:
> > These are only issues when using older versions of libpcap. This has
> > been verified by me and ack'd by the researcher. For example this
> >
Hi,
On Wed, Jul 26, 2017 at 03:27:05PM +0300, Henri Salo wrote:
> These are only issues when using older versions of libpcap. This has
> been verified by me and ack'd by the researcher. For example this
> setup was not affected:
>
> tcpdump version 4.10.0-PRE-GIT_2017_07_24
> libpcap version
On Wed, Jul 26, 2017 at 01:17:47PM +0200, Moritz Muehlenhoff wrote:
> That particular CVE ID is no-dsa by itself, but there's been
> new issues reported (not yet in the BTS, also not sure whether upstream
> has acted on those):
>
> https://security-tracker.debian.org/tracker/CVE-2017-11541
>
On Wed, Jul 26, 2017 at 12:46:11PM +0200, Romain Francoise wrote:
> On Sun, Jul 23, 2017 at 03:05:40PM +0200, Salvatore Bonaccorso wrote:
> > This issue has been fixed upstream in 4.9.1, according to
> > http://www.tcpdump.org/tcpdump-changes.txt
>
> Yes, thanks, I will upload to unstable
On Sun, Jul 23, 2017 at 03:05:40PM +0200, Salvatore Bonaccorso wrote:
> This issue has been fixed upstream in 4.9.1, according to
> http://www.tcpdump.org/tcpdump-changes.txt
Yes, thanks, I will upload to unstable shortly.
If this is still no-dsa, I will try to get it fixed in stable via s-p-u.
Control: tags -1 + fixed-upstream
This issue has been fixed upstream in 4.9.1, according to
http://www.tcpdump.org/tcpdump-changes.txt
Regards,
Salvatore
On Thu, Jul 20, 2017 at 10:27:44AM -0400, Antoine Beaupré wrote:
> Opened an issue upstream, as recommended by the RedHat security
> folks. Also sent a pull request for the fix:
>
> https://github.com/the-tcpdump-group/tcpdump/pull/617
It's likely that this was wasted effort--tcpdump is the token
Control: forwarded -1 https://github.com/the-tcpdump-group/tcpdump/issues/616
Control: tags -1 +patch
Opened an issue upstream, as recommended by the RedHat security
folks. Also sent a pull request for the fix:
https://github.com/the-tcpdump-group/tcpdump/pull/617
I'll sit on this one until we
For what it's worth, I can reproduce this in stretch by rebuilding with
ASAN (-lasan -fsanitize=address -fno-omit-frame-pointer).
I can also reproduce this in wheezy by running it in valgrind:
$ valgrind /usr/sbin/tcpdump -ntr poc
==26648== Memcheck, a memory error detector
==26648== Copyright
Package: tcpdump
Severity: important
Tags: security
This was assigned CVE-2017-11108:
https://bugzilla.redhat.com/show_bug.cgi?id=1468504
Cheers,
Moritz
10 matches
Mail list logo
