Bug#990748: linuxptp: CVE-2021-3570

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#990748: linuxptp: CVE-2021-3570
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 06 Jul 2021 09:01:23 +0200
Message-id: <[🔎] 162555488366.2391.743226786352981400.reportbug@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 990748@bugs.debian.org

Source: linuxptp
Version: 3.1-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: found -1 1.9.2-1

Hi,

The following vulnerability was published for linuxptp.

CVE-2021-3570[0]:
| linuxptp: missing length check of forwarded messages

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-3570
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3570

Please adjust the affected versions in the BTS as needed.

Note, I did set the severity here straight to RC as I think the fix
should go in bullseye. I can try to help with a NMU if needed.

Regards,
Salvatore

Reply to:

Follow-Ups:
- Processed: linuxptp: CVE-2021-3570
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Processed: Proposed patch/debdiff
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#990748: Proposed patch/debdiff
  - From: Salvatore Bonaccorso <carnil@debian.org>
- Bug#990748: marked as done (linuxptp: CVE-2021-3570)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#990748: marked as done (linuxptp: CVE-2021-3570)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Processed: linuxptp: CVE-2021-3570
Next by Date: Bug#990749: linuxptp: CVE-2021-3571
Previous by thread: Bug#990737: Audacity's new privacy policy may need to be addressed
Next by thread: Processed: linuxptp: CVE-2021-3570
Index(es):
- Date
- Thread