Debian Bug report logs -
#857035
ettercap: CVE-2017-6430: Out-of-bounds read in etterfilter utility
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Barak A. Pearlmutter <bap@debian.org>:
Bug#857035; Package src:ettercap.
(Tue, 07 Mar 2017 12:15:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Barak A. Pearlmutter <bap@debian.org>.
(Tue, 07 Mar 2017 12:15:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: ettercap
Version: 1:0.8.1-3
Severity: important
Tags: security upstream patch
Forwarded: https://github.com/Ettercap/ettercap/issues/782
Hi,
the following vulnerability was published for ettercap.
CVE-2017-6430[0]:
Out-of-bounds read in etterfilter utility
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-6430
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6430
[1] https://github.com/Ettercap/ettercap/issues/782
Regards,
Salvatore
Reply sent
to Gianfranco Costamagna <locutusofborg@debian.org>:
You have taken responsibility.
(Tue, 07 Mar 2017 21:09:09 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Tue, 07 Mar 2017 21:09:09 GMT) (full text, mbox, link).
Message #10 received at 857035-close@bugs.debian.org (full text, mbox, reply):
Source: ettercap
Source-Version: 1:0.8.2-4
We believe that the bug you reported is fixed in the latest version of
ettercap, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 857035@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gianfranco Costamagna <locutusofborg@debian.org> (supplier of updated ettercap package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 07 Mar 2017 20:27:49 +0100
Source: ettercap
Binary: ettercap-common ettercap-text-only ettercap-graphical ettercap-dbg
Architecture: source
Version: 1:0.8.2-4
Distribution: unstable
Urgency: high
Maintainer: Barak A. Pearlmutter <bap@debian.org>
Changed-By: Gianfranco Costamagna <locutusofborg@debian.org>
Description:
ettercap-common - Multipurpose sniffer/interceptor/logger for switched LAN
ettercap-dbg - Debug symbols for Ettercap
ettercap-graphical - Ettercap GUI-enabled executable
ettercap-text-only - Ettercap console-mode executable
Closes: 790405 857035
Changes:
ettercap (1:0.8.2-4) unstable; urgency=high
.
* debian/patches/626dc56686f15f2dda13c48f78c2a666cb6d8506.patch:
- upstream fix fox CVE-2017-6430 (Closes: #857035)
* Remove mips64el luajit-5.1-dev to allow build here (Closes: #790405)
(and reorder, as well as removing sparc)
* Add luajit-5.1-dev to hurd
Checksums-Sha1:
8ff87518e2c8c6998184ddbeae26f98dec50c096 2402 ettercap_0.8.2-4.dsc
319d89733d03f268c99796248954218e561b1dc4 14472 ettercap_0.8.2-4.debian.tar.xz
Checksums-Sha256:
6d727ae1f816a6fd73e96f46840970d00130528d84d8953f22e47c127ac87dcd 2402 ettercap_0.8.2-4.dsc
6b77da87ced601e2a1f71ca03411e6f3366ebf27d2e63a1bb88d8a7dd5920c49 14472 ettercap_0.8.2-4.debian.tar.xz
Files:
132ef2b8e23d369eed034af981599786 2402 net optional ettercap_0.8.2-4.dsc
b18b59b661a4c7ec98436d4935b8d8a2 14472 net optional ettercap_0.8.2-4.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJYvxfjAAoJEPNPCXROn13ZpzEP/1uhdy2s/D/VjsYjWK5yz9fI
2y2O33D+UIIAA+OE9E85+sSdiRQ2RkcQDhh4jtF+I60UdXOy3jG4KJt/gD4BNtCa
4F+s+VlYj95tCo5VGDZlJ1z+TwhWvofyXKq1xW5E786bqOBRTjtO9gzbOCcP6pQn
a9RDCuEzd4NlXLsnV7a+rhsn+LFzSA9NOvn0oTbP/uEPsQcrndBCJ5T+0JB450BT
FoQmRdnn8qEDrEG2c1JG0TOk1NdR9zLcGywEH4P5fNxT18R8zkl1QCHwhR5SIvh7
N5NIC1aPI1tm92Eg/IP8a6ddf/68O+qjnv0nfJy63chBN8BjnxapZ577eT6/TbV0
tVnUFHJDmLfP7ruHtVAQ7opOYaYALG6YCMt+0pHcq1AHlfHrKOmLlQw7YKY5VwlA
okhUjKjJJHLQm9QyPoGKSQ/n/RjbKQT0YIlvoiv2FF4fRtPXJPNVasUJIo3yvPR0
8QQl5+SYYSRFiwJWXoki92i5cXrO+m8saN++swLHnS/t1FK5YAIuvvmyE+DRyIsG
Y4/qx83reTxSSCG3JUpZSU+lLamzUR3oPUQx8eSo2xMSocKqOwV1/pEEUPwYwGCY
FwmCl3nWnuqZTTeKOHJIehZc+jRJZuiHzRNYc+B5lqJxuPRoW9cv+e4BJrLdyI7w
hq1FseFtiiJJVivaYtaM
=6Y4R
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 07 Apr 2017 07:26:44 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:13:50 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon