Debian Bug report logs -
#1065443
iwd: CVE-2024-28084
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 4 Mar 2024 20:30:02 UTC
Severity: important
Tags: security, upstream
Found in version iwd/2.15-1
Fixed in version iwd/2.16-1
Done: Jonas Smedegaard <dr@jones.dk>
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, Jonas Smedegaard <dr@jones.dk>:
Bug#1065443; Package src:iwd.
(Mon, 04 Mar 2024 20:30:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, Jonas Smedegaard <dr@jones.dk>.
(Mon, 04 Mar 2024 20:30:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: iwd
Version: 2.15-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Hi,
The following vulnerability was published for iwd.
CVE-2024-28084[0]:
| p2putil.c in iNet wireless daemon (IWD) through 2.15 allows
| attackers to cause a denial of service (daemon crash) or possibly
| have unspecified other impact because of initialization issues in
| situations where parsing of advertised service information fails.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-28084
https://www.cve.org/CVERecord?id=CVE-2024-28084
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Reply sent
to Jonas Smedegaard <dr@jones.dk>:
You have taken responsibility.
(Tue, 05 Mar 2024 05:54:02 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Tue, 05 Mar 2024 05:54:03 GMT) (full text, mbox, link).
Message #10 received at 1065443-close@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Source: iwd
Source-Version: 2.16-1
Done: Jonas Smedegaard <dr@jones.dk>
We believe that the bug you reported is fixed in the latest version of
iwd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1065443@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonas Smedegaard <dr@jones.dk> (supplier of updated iwd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 05 Mar 2024 06:28:42 +0100
Source: iwd
Architecture: source
Version: 2.16-1
Distribution: unstable
Urgency: high
Maintainer: Jonas Smedegaard <dr@jones.dk>
Changed-By: Jonas Smedegaard <dr@jones.dk>
Closes: 1065443
Changes:
iwd (2.16-1) unstable; urgency=high
.
[ upstream ]
* new release;
fixes CVE-2024-28084;
closes: bug#1065443, thanks to Salvatore Bonaccorso
.
[ Jonas Smedegaard ]
* set urgency=high due to security bugfix
Checksums-Sha1:
67cb5ea595752f48fa93569bd637507decfa7f70 1953 iwd_2.16-1.dsc
a91bb8880b980f7834928eaecd3a15dde346aebb 1083684 iwd_2.16.orig.tar.xz
4957ce21a21c2f0a42643254e4cdb427d4fef2c8 17648 iwd_2.16-1.debian.tar.xz
81ba15a750f7862c885764840584aef40a216229 7006 iwd_2.16-1_amd64.buildinfo
Checksums-Sha256:
09210c21a8633a344fe3b6be084645c8d665eef1d05e090a729b5c60ecf64125 1953 iwd_2.16-1.dsc
c1a82032e994861e794cf3b5a16d07ae1aa03a6674f716c73408ffeae2a233ba 1083684 iwd_2.16.orig.tar.xz
674234ab518587c852acc92115e1b406177515e5dfddc1d9cb374c4429553fee 17648 iwd_2.16-1.debian.tar.xz
a5f02ffec92c0a5d5663b92f27cf387ae3e5e8d76c29b59fe593ad7e0eb7b544 7006 iwd_2.16-1_amd64.buildinfo
Files:
0945f7d01fa5065b5fb4199efb6f5f91 1953 net optional iwd_2.16-1.dsc
cd00f677dd178d0a9d4f1ab697d2e2cc 1083684 net optional iwd_2.16.orig.tar.xz
47cabf7e42707fb1ffd906018d7e2009 17648 net optional iwd_2.16-1.debian.tar.xz
b99d1ad292acc809b2a5d7b866cbbf37 7006 net optional iwd_2.16-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmXmrggACgkQLHwxRsGg
ASEfMBAAmDYhaV3/tfJR42KdBjNiCtLFz1Hz++okwYkKH7KG+PVlU2Ycj1U9Mu/8
FpslpKTUos5qSItI7/GlFA9HHMJG2YANLZK1GIh4UE5RaKZ6825K4+uX7xYY30/B
RkxqxLXNC7f9eY7c5OgIJL4cz/8mqFtQJLGOBzJkTfEClOyoPhsnWFRNApvsNYmb
Dctd1jwS6aPDukURwjPyb96kZRFa36Om76J8+OqYIJROlo5T6yMdscA/db5Jrm1s
1wZ6YnSqmMy46wk7cmDovFO/MPCCoShFX1D2eIcW0UGRxifdQKjl7GMZmX/6TfWx
eCbcYjqFak5tvURsqlKnVpXZFVSD/pKNLeyOeYhRGZHdWhTHDe+o1liiuGIsROmX
N77hBsk1gdOzEGgFS/NL47x3XSfjXm8OogIOeTU7C4+CZV1sEBaBzh5bhE785Lz0
WrtN6KJGO6w6EY4bCs6A+2Z0dKvCZpGVl5KrfiZzN3xC5jJFhJyUTOLax3sTfdQl
ygpysBjv15fJeEr8ZqgQQg7L5Qq25fzqbxQNvBlmY8Ye27EGjXf38gS5Dbvc7XDW
zIObi6flmASyXWFM9URYrT4VzFA8aY7jFkbwfP/lFsWd3Ur7ckk9xXEXDXb4Wc7f
6nUf0V+/6zMm5nHIfnv7+SCp/414+JWvsyN/nJOsiPlde84tfaI=
=uJq9
-----END PGP SIGNATURE-----
[Message part 2 (application/pgp-signature, inline)]
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Tue Mar 5 07:44:05 2024;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon