[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#990748: marked as done (linuxptp: CVE-2021-3570)

Your message dated Wed, 14 Jul 2021 07:32:07 +0000
with message-id <E1m3ZNH-000BxE-Pc@fasolo.debian.org>
and subject line Bug#990748: fixed in linuxptp 1.9.2-1+deb10u1
has caused the Debian Bug report #990748,
regarding linuxptp: CVE-2021-3570
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
990748: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990748
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: linuxptp
Version: 3.1-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: found -1 1.9.2-1

Hi,

The following vulnerability was published for linuxptp.

CVE-2021-3570[0]:
| linuxptp: missing length check of forwarded messages

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-3570
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3570

Please adjust the affected versions in the BTS as needed.

Note, I did set the severity here straight to RC as I think the fix
should go in bullseye. I can try to help with a NMU if needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: linuxptp
Source-Version: 1.9.2-1+deb10u1
Done: Salvatore Bonaccorso <carnil@debian.org>

We believe that the bug you reported is fixed in the latest version of
linuxptp, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 990748@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated linuxptp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 07 Jul 2021 14:15:56 +0200
Source: linuxptp
Architecture: source
Version: 1.9.2-1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 990748
Changes:
 linuxptp (1.9.2-1+deb10u1) buster-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Validate the messageLength field of incoming messages (CVE-2021-3570)
     (Closes: #990748)
Checksums-Sha1:
 d52841988636e2008c92db824b14e76feda9f79a 2184 linuxptp_1.9.2-1+deb10u1.dsc
 6eb9dddfa54ce3154a6f2035a1b18fe66459b50f 161388 linuxptp_1.9.2.orig.tar.gz
 114e0dc9c94d5c8618e38be84be43ea2b9706c6c 5684 linuxptp_1.9.2-1+deb10u1.debian.tar.xz
 07512a216aaa69f06e1fcc02b0be95617a875ef5 5551 linuxptp_1.9.2-1+deb10u1_source.buildinfo
Checksums-Sha256:
 7f18c1b16e338e74f494380aad74d9318a9102da69503ffbcd7d866ed31c8022 2184 linuxptp_1.9.2-1+deb10u1.dsc
 7f662e65c66c37ff211dc525476626875c2b74162ded05c8a25d036fb963b8d0 161388 linuxptp_1.9.2.orig.tar.gz
 b13d043f27c9368b89b018735672e48ba60783a852f015722734fa4332b89bea 5684 linuxptp_1.9.2-1+deb10u1.debian.tar.xz
 e31de4ce6505132649469dc8b1ecad52f75147514d1d1b19939c80847075b4fc 5551 linuxptp_1.9.2-1+deb10u1_source.buildinfo
Files:
 acbfe93c505f5fc86f503f48d9e6e2dc 2184 utils optional linuxptp_1.9.2-1+deb10u1.dsc
 7c6672c59b888fa92ffd31398221b243 161388 utils optional linuxptp_1.9.2.orig.tar.gz
 e515c9df5f7406ab986ae2f607c62c45 5684 utils optional linuxptp_1.9.2-1+deb10u1.debian.tar.xz
 51cbae06e64b783f5c77d378e016b9ae 5551 utils optional linuxptp_1.9.2-1+deb10u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmDlmytfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EKbIQAI7DS0eBsiPoWi/UEtT2LiU3EdBO4DZT
5C2bVaZil8IO7N3ViQZEpCEt6EfiHl8YXd/Zc3nLmV6t2FIRz/5gcpGUjr2y9f38
01CMJRwMjjVPP5NF150qYqa7obTr9Wr6M+ipIHixO5aYTXkehLmV/uAG/Rosox7k
i4ix47dy2/3kwNnda8B/9wsaIdTIvK35YXWkF6rj2fqa8SG8Gt7Vvtz6fLbHQ2cK
tAl4sl2NabVhHhRK6KWV/7r18r6YtFkbm1R/z5LpXigfiQHqWNMUCxWxNRuEAcXa
/Ti5iiG5W/f4RRjRG3LQ+CGibyZyCA4BvHb05L3seE2yWHNrQJ4vmAO5TZSJYZtQ
wv9k9+md7ulM8VPeWxHAd3uLu/sLHglkngSbQQoNJGIwpbjN4YQ7G3pv3Y2nrCyG
Cfouj4e2ivWFGRMu8iw/34XLlAMusAMRXh8Lnm8IJilB8x8LTGounF8G+jax3vTD
8hXsFvKlcLbuC/8gGveZcnP0uvDc7kFNoVhHGmjhZQ90XLMDhrBnZYrFHZfTYYuh
/3WzcRFJeDME+7lHPuwkSOXSBUfxHK+IDthtVZNQ/H87aoDSSCDoh0ZDivbQnOes
r3scmuiD7TJacR+lquZm9v/c32erONLvsdGveVdm/5+MJ9SBxCM5nCT6EFE8df9M
wc7auD+gAqrJ
=K5Dk
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: