[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1119940: marked as done (trixie-pu: package suricata/1:7.0.10-1)

Your message dated Sat, 15 Nov 2025 11:21:45 +0000
with message-id <736c7150dc08501cc89945035c406eaf9688e144.camel@adam-barratt.org.uk>
and subject line Closing requests for updates included in 13.2
has caused the Debian Bug report #1116945,
regarding trixie-pu: package suricata/1:7.0.10-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1116945: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116945
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: suricata@packages.debian.org, satta@debian.org, dev@andreas-dolp.de
Control: affects -1 + src:suricata
User: release.debian.org@packages.debian.org
Usertags: pu

Dear stable release managers,

I'd like to hand in another security patch for suricata 7.0.10
in Debian trixie. In accordance with the security team, the
CVE will not warrant a DSA and should be included in the next
point release.

We'd like to release this patch together with #1116945 as
suricata 1:7.0.10-1+deb13u1 for suite 'trixie' in 13.2.

[ Reason ]
Security fix for CVE-2025-59147 [1]
Upstream ticket: [2]

[ Impact ]
Crafted traffic sending multiple SYN packets with different
sequence numbers within the same flow tuple can cause Suricata
to not pickup the TCP session.
In IDS mode this can lead to a detection and logging bypass.
In IPS mode this will lead to the flow getting blocked. [4]

[ Tests ]
In the original upstream ticket [3] there are pcaps and rules
attached. Testing against the vulnerable and the fixed version
seems to fix the vulnerability as expected. Unit-tests in
autopkgtest run successfully for the patched version.

[ Risks ]
Program crashes if fix would contain errors, but not patching
the vulnerabilities can lead to bypassing detection and that
would miss the point of an IDS/IPS.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Applied patch containing upstream commit e91b03c9, but slightly
modified to fit for Suricata 7.0.10. [5]

[ Other info ]
[1] https://security-tracker.debian.org/tracker/CVE-2025-59147
[2] https://redmine.openinfosecfoundation.org/issues/7852
[3] https://redmine.openinfosecfoundation.org/issues/7657
[4] https://github.com/OISF/suricata/security/advisories/GHSA-v8hv-6v7x-4c2r
[5] https://github.com/OISF/suricata/commit/e91b03c9.patch

Attachment: 0001-Fix-CVE-2025-59147-in-7.0.10-for-trixie.patch
Description: application/mbox

File lists identical (after any substitutions)

Control files: lines which differ (wdiff format)
------------------------------------------------
Installed-Size: [-8989-] {+8925+}
Version: [-1:7.0.10-1-] {+1:7.0.10-1+deb13u1+}

--- End Message ---
--- Begin Message --- 
Package: release.debian.org
Version: 13.2

Hi,

The updates referenced in each of these bugs were included in today's
13.2 trixie point release.

Regards,

Adam

--- End Message ---
Reply to: