Your message dated Tue, 21 May 2024 08:34:31 +0000 with message-id <e1s9kx5-008cjx...@fasolo.debian.org> and subject line Bug#1071248: fixed in crowdsec-firewall-bouncer 0.0.25-4 has caused the Debian Bug report #1071248, regarding crowdsec-firewall-bouncer: blocks wrong IPv4 and IPv6 addresses on LE systems (reversed byte order) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1071248: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071248 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: crowdsec-firewall-bouncer Version: 0.0.25-3 Severity: grave Tags: patch security Justification: renders package unusable X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>, debian.pack...@crowdsec.net Hi, This is the bouncer side of #1071247: golang-github-google-nftables up to version 0.1.0-3 ships a broken AddSet() function, which results in IPv4 and IPv6 addresses to be in reverse byte order at the nftables level on LE systems (i.e. all release architectures but s930x). This issue was confirmed to go away on LE systems once the bouncer gets rebuilt against a fixed golang-github-google-nftables-dev package, and not to regress on BE systems. Grave looks warranted as the package doesn't fulfill its purposes (blocking suspicious addresses), giving a false sense of security… while also blocking potentially harmless addresses. Cheers, -- Cyril Brulebois -- Debian Consultant @ DEBAMAX -- https://debamax.com/
--- End Message ---
--- Begin Message ---Source: crowdsec-firewall-bouncer Source-Version: 0.0.25-4 Done: Cyril Brulebois <cy...@debamax.com> We believe that the bug you reported is fixed in the latest version of crowdsec-firewall-bouncer, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1071...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Cyril Brulebois <cy...@debamax.com> (supplier of updated crowdsec-firewall-bouncer package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 21 May 2024 10:15:36 +0200 Source: crowdsec-firewall-bouncer Architecture: source Version: 0.0.25-4 Distribution: unstable Urgency: high Maintainer: Debian Go Packaging Team <team+pkg...@tracker.debian.org> Changed-By: Cyril Brulebois <cy...@debamax.com> Closes: 1071248 Changes: crowdsec-firewall-bouncer (0.0.25-4) unstable; urgency=high . * Set minimal version for the golang-github-google-nftables-dev build dependency to ensure a working AddSet() function, i.e. no longer reversing byte order for IPv4 and IPv6 addresses at the nftables level on little-endian architectures (Closes: #1071248, See: #1071247). Checksums-Sha1: e11fc3a45ceba91dec4bee14bb5cb35ea2c2e9b9 2602 crowdsec-firewall-bouncer_0.0.25-4.dsc 2051792153b25422adc11b215f101099220e4b7d 7600 crowdsec-firewall-bouncer_0.0.25-4.debian.tar.xz 112a3fd19cbef6c22021576738ca770d99d75d08 27724 crowdsec-firewall-bouncer_0.0.25-4_source.buildinfo Checksums-Sha256: 6ffb351d70d0ce06d8426618605979f878eb6b57207200d973f12eca01c22146 2602 crowdsec-firewall-bouncer_0.0.25-4.dsc 2c67ecd6d6c60ecbf1f26448c92874e300c5a8806ebb3d729a78774520bbd0dc 7600 crowdsec-firewall-bouncer_0.0.25-4.debian.tar.xz 1534cb45c8a10c0280a432eb165779582461f5ce169040c6b7db8832500ed6ed 27724 crowdsec-firewall-bouncer_0.0.25-4_source.buildinfo Files: ceb9df4ce30324299a3a625d89b766f9 2602 golang optional crowdsec-firewall-bouncer_0.0.25-4.dsc e25937243bdbfa6acba76a2a13ae7ac3 7600 golang optional crowdsec-firewall-bouncer_0.0.25-4.debian.tar.xz fb137f0b883404ee62443c9fd550d478 27724 golang optional crowdsec-firewall-bouncer_0.0.25-4_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJEBAEBCgAuFiEEtg6/KYRFPHDXTPR4/5FK8MKzVSAFAmZMWkwQHGtpYmlAZGVi aWFuLm9yZwAKCRD/kUrwwrNVIDtRD/0f5JiMwEMwiDMIEm7GBCboGRCjI+tfCJ+g 5QUW46uRzEq6HlP+s1EbKuR3P5/qTmFEDYZs+7VFvBqaCw/qTUT5719XWVSw64YP raSGEvuj53TSJeWjdSwKp+atvJx22kywGsvrboYqmTsn5Hrye5KwRorgg0lMg/Yk mtm7grDTzh56l1CqmAMkGE6JFCazbvdlZ/dshqThaNwgACn0P6Khyu7ZfoGYQ1qK 9TnVDHfFX3gm5ipJTRUMFhZ+gk3OahrRwtN2tHKjPsqdXj/qkZ2piSaK3CR+pbFL pCqx00ApUzGiLpp7+/IkIDczWobm9fVLlp4mRiy5kFtDWq50Da0CIM9VnrHr3SMo IsucocHpc5IvMrkmVT9ovR76FIk1NEfZ6M3mv/q/AnMjnc5jHCgPjbkgDu7nrFAd WpZDfrAuoF+49+kQOxNFOX9F4MKQtGmWGZRTFclEkZ3h3A0RD6QfdO71PdD1ukXd sfSdeFFrdbuxobXWjEqjWm6OyWnwGW8iqr37oYINkbpSg7/1jvWvvn4cO93sY7Jw PmuMaWR1KHgW2GQABzKj5fsB3WWA0SHpiwtoMhLcUcatl8vOcq+tAqLmMI4ww+VI FtsgA4W+T90pDtxM5bU1Nk5SWmuN45sxIBF0MjiHiG0YHy5AgB+gzZIs6Sz0SHQj bfnyeXIM5w== =6vnZ -----END PGP SIGNATURE-----pgp6Q17mYQno9.pgp
Description: PGP signature
--- End Message ---