Bug#990748: marked as done (linuxptp: CVE-2021-3570)

To: Salvatore Bonaccorso <carnil@debian.org>
Subject: Bug#990748: marked as done (linuxptp: CVE-2021-3570)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Wed, 07 Jul 2021 07:21:03 +0000
Message-id: <[🔎] handler.990748.D990748.162564230821273.ackdone@bugs.debian.org>
Reply-to: 990748@bugs.debian.org
References: <E1m11pB-000BKj-Ez@fasolo.debian.org> <[🔎] 162555488366.2391.743226786352981400.reportbug@eldamar.lan>

Your message dated Wed, 07 Jul 2021 07:18:25 +0000
with message-id <E1m11pB-000BKj-Ez@fasolo.debian.org>
and subject line Bug#990748: fixed in linuxptp 3.1-2.1
has caused the Debian Bug report #990748,
regarding linuxptp: CVE-2021-3570
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
990748: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990748
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: linuxptp: CVE-2021-3570
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 06 Jul 2021 09:01:23 +0200
Message-id: <[🔎] 162555488366.2391.743226786352981400.reportbug@eldamar.lan>

Source: linuxptp
Version: 3.1-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: found -1 1.9.2-1

Hi,

The following vulnerability was published for linuxptp.

CVE-2021-3570[0]:
| linuxptp: missing length check of forwarded messages

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-3570
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3570

Please adjust the affected versions in the BTS as needed.

Note, I did set the severity here straight to RC as I think the fix
should go in bullseye. I can try to help with a NMU if needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

To: 990748-close@bugs.debian.org
Subject: Bug#990748: fixed in linuxptp 3.1-2.1
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Wed, 07 Jul 2021 07:18:25 +0000
Message-id: <E1m11pB-000BKj-Ez@fasolo.debian.org>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>

Source: linuxptp
Source-Version: 3.1-2.1
Done: Salvatore Bonaccorso <carnil@debian.org>

We believe that the bug you reported is fixed in the latest version of
linuxptp, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 990748@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated linuxptp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 06 Jul 2021 20:16:00 +0200
Source: linuxptp
Architecture: source
Version: 3.1-2.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 990748 990749
Changes:
 linuxptp (3.1-2.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Validate the messageLength field of incoming messages (CVE-2021-3570)
     (Closes: #990748)
   * tc: Fix length of follow-up message of one-step sync (CVE-2021-3571)
     (Closes: #990749)
Checksums-Sha1: 
 d5d1de11982e69f4401dabdbc26145f74caa2349 2178 linuxptp_3.1-2.1.dsc
 fdb1be98a8bcbcc931c222594721d122fa90e4d2 6148 linuxptp_3.1-2.1.debian.tar.xz
Checksums-Sha256: 
 ae7846d06e265131f59473bac721fd832ddf31bf0b40db44f1fdc6114300a2ab 2178 linuxptp_3.1-2.1.dsc
 bff0d4814ec71affc14061325fcec4724e596855193f9fbff0778cfd09538114 6148 linuxptp_3.1-2.1.debian.tar.xz
Files: 
 218bd5e194fa70271ddb376a14f94df4 2178 utils optional linuxptp_3.1-2.1.dsc
 522094d2822da3a1f9bb13b6d38b21a2 6148 utils optional linuxptp_3.1-2.1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmDlUztfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EuJAP/2qDJ1pAVXC1HMgUDhwBLJrkkdOMjRZW
AMg0Ft0m3Cni9o37E6dMn2Sf07rHwudxvq/CU1XZJbgMVcgeKXd09VWIziyA0Egs
/6KN9e7AkMkhzHKyyf7i1L9XH21w/9C/mKy1YhQfHN+lPouKdk1V0Xn5b2LMiraD
bUE637tBN24ryqpKCx9BcR7rUP3wfWgi+FOd+OsX7ZgHqcBATxM7NaCgy38kEbmM
uSbwCIfYx7x57KvjFkwEneEHevM+cpnbLVCAn3RRGcxfRtFlSp4fQ9rDhofPQVzM
exVU8QMAYtMBiLO/rL61NGLuaPFFrnPCAPrQPrLstH+CCXUuj++YfVANQw1uTht6
Js6KJhLIW1wroNy6OFdQUnrgIEz6eiI4c1FWJ/PPEJ/8qpCCb7YBChlipXeXGLgy
PoeZ8AJYRZ+X0Z9UKqPJsKodqERkH1jYyCQMBjt7Lu2xadMauOEXOVMROTMxtNBr
gOyUciVsYxjCj9ycWRdZBQcytVR+QaTauTApxh8pml3IgppPdcu1x9Twg4yYiYYv
6MZFVNMnmf3p789HWWjF2OAtjgx034gboy9ieJSJT2M6Mx36f1Q/hWcy4uMUSd48
wRqajZOy8ub/UMfy6G/xkig3ve0JncXPtcMjjrPnzT5ogdJ7h8gIvDAgqE7i8kET
M2zkQ//EO1Wc
=bbTi
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#990748: linuxptp: CVE-2021-3570
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Bug#990749: linuxptp: diff for NMU version 3.1-2.1
Next by Date: Bug#990749: marked as done (linuxptp: CVE-2021-3571)
Previous by thread: Bug#990748: Proposed patch/debdiff
Next by thread: Bug#990748: marked as done (linuxptp: CVE-2021-3570)
Index(es):
- Date
- Thread