Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ntopng: CVE-2017-5473

Related Vulnerabilities: CVE-2017-5473  

Source

Debian Bug report logs - #852109
ntopng: CVE-2017-5473

version graph

Package: ntopng; Maintainer for ntopng is Ludovico Cavedon <cavedon@debian.org>; Source for ntopng is src:ntopng (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Sat, 21 Jan 2017 18:15:02 UTC

Severity: grave

Tags: security, upstream

Found in version ntopng/2.4+dfsg1-1

Fixed in version ntopng/2.4+dfsg1-3

Done: Ludovico Cavedon <cavedon@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Ludovico Cavedon <cavedon@debian.org>:
Bug#852109; Package ntopng. (Sat, 21 Jan 2017 18:15:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Ludovico Cavedon <cavedon@debian.org>. (Sat, 21 Jan 2017 18:15:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ntopng: CVE-2017-5473
Date: Sat, 21 Jan 2017 19:13:31 +0100
Package: ntopng
Severity: grave
Tags: security
Justification: user security hole

Please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5473

Cheers,
        Moritz

Marked as found in versions ntopng/2.4+dfsg1-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sat, 21 Jan 2017 19:09:06 GMT) (full text, mbox, link).

Added tag(s) upstream. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sat, 21 Jan 2017 19:09:06 GMT) (full text, mbox, link).

Reply sent to Ludovico Cavedon <cavedon@debian.org>:
You have taken responsibility. (Sat, 04 Feb 2017 04:21:05 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Sat, 04 Feb 2017 04:21:05 GMT) (full text, mbox, link).

Message #14 received at 852109-close@bugs.debian.org (full text, mbox, reply):

From: Ludovico Cavedon <cavedon@debian.org>
To: 852109-close@bugs.debian.org
Subject: Bug#852109: fixed in ntopng 2.4+dfsg1-3
Date: Sat, 04 Feb 2017 04:18:32 +0000
Source: ntopng
Source-Version: 2.4+dfsg1-3

We believe that the bug you reported is fixed in the latest version of
ntopng, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 852109@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ludovico Cavedon <cavedon@debian.org> (supplier of updated ntopng package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 03 Feb 2017 19:43:00 -0800
Source: ntopng
Binary: ntopng ntopng-data
Architecture: source all amd64
Version: 2.4+dfsg1-3
Distribution: unstable
Urgency: high
Maintainer: Ludovico Cavedon <cavedon@debian.org>
Changed-By: Ludovico Cavedon <cavedon@debian.org>
Description:
 ntopng     - High-Speed Web-based Traffic Analysis and Flow Collection Tool
 ntopng-data - High-Speed Web-based Traffic Analysis and Flow Collection Tool (d
Closes: 852109
Changes:
 ntopng (2.4+dfsg1-3) unstable; urgency=high
 .
   * Import upstream patches fixing CVE-2017-5473. (Closes: #852109)
Checksums-Sha1:
 4e6654c8d1b71c3aecd9172c46adcb6b549d62ef 2208 ntopng_2.4+dfsg1-3.dsc
 66cae040f4d136515cf4ce2f36085ca511165e40 26488 ntopng_2.4+dfsg1-3.debian.tar.xz
 5febda8f6ba3150a95196e364ce91c5ef0f527c3 1273792 ntopng-data_2.4+dfsg1-3_all.deb
 5472d789263c91343a871c238e85f8b9025ec70c 2118192 ntopng-dbgsym_2.4+dfsg1-3_amd64.deb
 462b08c6829d43fd317dfce2726b10208cdcf721 7808 ntopng_2.4+dfsg1-3_amd64.buildinfo
 cc9f2a83b9c9baecaca128cdfe256a089fbdd700 242372 ntopng_2.4+dfsg1-3_amd64.deb
Checksums-Sha256:
 d70cf4b226701a6d02d861873b37ff843f6f5c1e2143f29588d57f563f4278e9 2208 ntopng_2.4+dfsg1-3.dsc
 e956358e1187e138ab2c0255a208cb5570eaea14017cc7bb1c9fe8db68764f74 26488 ntopng_2.4+dfsg1-3.debian.tar.xz
 3e40b26051a288641da10e71a10cb135d656c3e3f427457aa817e407a3c070ee 1273792 ntopng-data_2.4+dfsg1-3_all.deb
 37f147e46aa611b2607ac67e3510d320c070737f6bf0de4f3300cad645b926f1 2118192 ntopng-dbgsym_2.4+dfsg1-3_amd64.deb
 db618b2e3ce083857804c6db7cf098d1c4b95412b59d824e006362d5d0399264 7808 ntopng_2.4+dfsg1-3_amd64.buildinfo
 d5ebc62714a7e85276e528b9b45e71f443ce0b14467af282dd967c37740692ca 242372 ntopng_2.4+dfsg1-3_amd64.deb
Files:
 043e810bf2777823a61deeb0acb7820d 2208 net extra ntopng_2.4+dfsg1-3.dsc
 8abd10150f7835d4c16405ed92a5a155 26488 net extra ntopng_2.4+dfsg1-3.debian.tar.xz
 06ec3f745992ee174a3e61c22ba2738a 1273792 net extra ntopng-data_2.4+dfsg1-3_all.deb
 ab9ce203415d82b390b8cdcb86b87d81 2118192 debug extra ntopng-dbgsym_2.4+dfsg1-3_amd64.deb
 82efccec762681df3e60365da9fe9309 7808 net extra ntopng_2.4+dfsg1-3_amd64.buildinfo
 993d3a81c64f4149a227d0d7dae5aa01 242372 net extra ntopng_2.4+dfsg1-3_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEExi9RJLiVCtv386tME8C1Zno4sLAFAliVUHMACgkQE8C1Zno4
sLCang/+NQScsGBD25JU9Q+0gXiWU1ev3u0/HlmXecdv/fFrYfyp7agda7Pqi+Ga
BLVRIHXMsgDnf4m8raWeg4FpCPgtE7xJ0xAoZJqAKnp1xYZeUReQSUjJUAQWHlU0
15n/blEDUOjxucrELM4OieDWqM9V9Gq589yR3ngku7kNj90hE1Ztxxxm+tjkOxiP
Ku4XGE3lwajrU8K7jPuL8p7FAipOuA9NZucX222edx4RyRi3vhRnR8S8Zzgo8U5d
NQExfX76sGYijknFbjiRVK8A9B1DI3yDoUtyQ2bmL1uMOYRMQKu4Te2/U4upmCGQ
sfPuEmFR/wLDDZwGqEuxuoSP/dDlHm+JUlVSrk8bIf2Nbnv+q3LfQdgXq8KORhLo
PyMvmIeV0bephi6EQSTuSepBX3BPwPOa8Wk3SddQC+IWveIYT5T7QdN/i2D4lpTF
PR6LxElGeNH5q9G/o9cgyH+9rHmBcoxAKMiFkxB8RyucObZtMzvarKXT+COqUcpf
DN/7TEBOMlmmsXkystE1A6W902eOzG6KBCD+kuG98NE4ZukwEK6imx8qTwu6QXV8
MIxbu7ChQdRFbGjd9ryq0Dfn34cV1ZpcoegRKkfrOC451uQG8Tke/Q3SKCUPotNE
doqPfQ0Z2UC1bwXw/WAqv9Qiwhp8bxexG4FWBPVXjthTqlLduaA=
=dDic
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 06 Mar 2017 07:25:13 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 18:46:04 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started