Debian Bug report logs -
#756389
libndp: CVE-2014-3554: buffer overflow
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 29 Jul 2014 12:27:01 UTC
Severity: grave
Tags: patch, security, upstream
Found in version libndp/1.3-1
Fixed in version libndp/1.4-1
Done: Andrew Ayer <agwa@andrewayer.name>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Andrew Ayer <agwa@andrewayer.name>:
Bug#756389; Package src:libndp.
(Tue, 29 Jul 2014 12:27:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Andrew Ayer <agwa@andrewayer.name>.
(Tue, 29 Jul 2014 12:27:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: libndp
Version: 1.3-1
Severity: grave
Tags: security upstream patch
Hi,
the following vulnerability was published for libndp.
CVE-2014-3554[0]:
buffer overflow
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-3554
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1118583
Regards,
Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org:
Bug#756389; Package src:libndp.
(Tue, 29 Jul 2014 17:30:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Andrew Ayer <agwa@andrewayer.name>:
Extra info received and forwarded to list.
(Tue, 29 Jul 2014 17:30:04 GMT) (full text, mbox, link).
Message #10 received at 756389@bugs.debian.org (full text, mbox, reply):
Hi,
An updated package has been prepared. Just waiting for my sponsor to
upload.
Regards,
Andrew
Reply sent
to Andrew Ayer <agwa@andrewayer.name>:
You have taken responsibility.
(Wed, 30 Jul 2014 01:06:09 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Wed, 30 Jul 2014 01:06:09 GMT) (full text, mbox, link).
Message #15 received at 756389-close@bugs.debian.org (full text, mbox, reply):
Source: libndp
Source-Version: 1.4-1
We believe that the bug you reported is fixed in the latest version of
libndp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 756389@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andrew Ayer <agwa@andrewayer.name> (supplier of updated libndp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 29 Jul 2014 06:34:39 -0700
Source: libndp
Binary: libndp-dbg libndp-dev libndp-tools libndp0
Architecture: source amd64
Version: 1.4-1
Distribution: unstable
Urgency: high
Maintainer: Andrew Ayer <agwa@andrewayer.name>
Changed-By: Andrew Ayer <agwa@andrewayer.name>
Description:
libndp-dbg - Library for Neighbor Discovery Protocol (debug symbols)
libndp-dev - Library for Neighbor Discovery Protocol (development files)
libndp-tools - Library for Neighbor Discovery Protocol (tools)
libndp0 - Library for Neighbor Discovery Protocol
Closes: 754917 756389
Changes:
libndp (1.4-1) unstable; urgency=high
.
* Fix grammatical/syntactic errors in extended description.
Thanks to Filipus Klutiero (Closes: #754917)
* Set single-debian-patch and add a patch header.
* New upstream release. Fixes CVE-2014-3554. (Closes: #756389)
Checksums-Sha1:
22ca9e28541c141abc6a496b93bcb217369b25d8 1972 libndp_1.4-1.dsc
1325e9458a8f801ba35783e1fc334fd26dc8de39 337802 libndp_1.4.orig.tar.gz
f3c6af53586aa3df6cadc65317064ee0904fddbb 3080 libndp_1.4-1.debian.tar.xz
31e208c2a78ab488590ed8ab0088660ec2f8e591 36350 libndp-dbg_1.4-1_amd64.deb
d5208c075abf39c69568b3273e4de9f2a4bc7979 11200 libndp-dev_1.4-1_amd64.deb
f8bedae34ff3bc2cf105674e13e32eb506d0b5cf 9478 libndp-tools_1.4-1_amd64.deb
a64cfef3bdd078292b537b906212e748f85ed19c 10314 libndp0_1.4-1_amd64.deb
Checksums-Sha256:
5cc58efcb90a03c4d462c9dba0fd102ed7c59b919de8b963ef0c6dc669c60d3d 1972 libndp_1.4-1.dsc
3a0be247ec024bd72fe5b40ea9491519c4023c7faf078311196fab817b2fd55f 337802 libndp_1.4.orig.tar.gz
95bd5885ee3218796647142be17784f5740f6314d89bf049b096d83777a44caf 3080 libndp_1.4-1.debian.tar.xz
70eac452075a0ed6eb59e059aa971c5a69f1267ba17b46fca571856fa81541c8 36350 libndp-dbg_1.4-1_amd64.deb
47d0c588d2f01cfea189041cbcb2496fb67066fe0fbc8782663f14ee747a13b4 11200 libndp-dev_1.4-1_amd64.deb
4586e6df031708467cc649d312a5379f0bfc6077da3e33ae917f7306a7118407 9478 libndp-tools_1.4-1_amd64.deb
ce7a4728e00d3728a7b14758373ebcca46a1ad18c3919482a94943bc7b14a5a2 10314 libndp0_1.4-1_amd64.deb
Files:
feb44b89ee54c79c4ff051f291831e03 36350 debug extra libndp-dbg_1.4-1_amd64.deb
43b59998a753999ca3bfcaeb692b108e 11200 libdevel optional libndp-dev_1.4-1_amd64.deb
13c446452b10cab7e3e09190b5f5e9e1 9478 net optional libndp-tools_1.4-1_amd64.deb
26ff46c33ce8b0226ecf76293b153790 10314 libs optional libndp0_1.4-1_amd64.deb
8cd3c8da947ffa35fabfbe796ab35bc0 1972 net optional libndp_1.4-1.dsc
52c708d4b8729ae6e3781b3737a85e16 337802 net optional libndp_1.4.orig.tar.gz
12b8a5fc72003f00778ea0665c1a4867 3080 net optional libndp_1.4-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJT2EGeAAoJEGrh4w1gjyLcP9kP/iFWodFj0oks7+yQ0uZY/8hb
WHjC72anuN15OKW10fHHemADlvsCAqqjpvJuR7b5/zR0fFJVCwXpbMFSv9tkrFjX
eBJflISnkCbNPQ08ifKgag9+aVX50pam+0vosORkY1PEZYwsbBnM+PZFPRaNjCdh
RyiPIkjzyEjCabIYysxxak8B3X4e0IZTVSxypmTu2cnueZr3pD3YHdjXXbf3TH13
WeJataePBBPf2oXPBGZRlO8+FE6s2nt0a3REIcVBkjb8GD6yKH1Oj0S0vYBdxsIF
JanMzjJ2stAtYRDh46yNznLbpIpydilF677pjCli/TF9CZOV2VK6XeWpq+hUExVR
mL1hjBKaS/nEhuw7Tld5MHMreg4HCd1lWVZ8ewy/1ZS1sBi4UdXiDwwY+agavyLB
bNTxmrXqqWocspXHTm9kA62HFqeSo6cCH5FCBVp5yUJkpmW0/aAgw/9BpXmQ1PlM
HAs1uDFmnpF9D1IRB3O/iIMFYXxbrliX5PHNNC3O9kr4Jm7Jy4Th0xffWVTkmkV1
wHTWJol6Fv0yDA5/l1aBbrLFUgD089HQ4BdS6Ou1IFWuXcL23f68GnvrI5e+J7Rr
9oPImUI3I6L1vEersAJQ675BQk3o1I1hmGLPHhOYvrWa12YHxgQO84cjc1cw2lSi
pIY3T9fEWnVoacNiAuW7
=l3eU
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 29 Aug 2014 07:33:11 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:25:56 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon