Debian Bug report logs -
#887129
miniupnpd: CVE-2017-1000494
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Thomas Goirand <zigo@debian.org>:
Bug#887129; Package src:miniupnpd.
(Sun, 14 Jan 2018 09:27:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Thomas Goirand <zigo@debian.org>.
(Sun, 14 Jan 2018 09:27:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: miniupnpd
Version: 1.8.20140523-4
Severity: important
Tags: security upstream
Forwarded: https://github.com/miniupnp/miniupnp/issues/268
Hi,
the following vulnerability was published for miniupnpd.
CVE-2017-1000494[0]:
| Uninitialized stack variable vulnerability in NameValueParserEndElt
| (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause
| Denial of Service (Segmentation fault and Memory Corruption) or
| possibly have unspecified other impact
To demonstrate the issue one can compile miniupnpd, removing
hardening and addint noopt at teast and triggering the segfault by the
reproducers provided in the upstream issue.
Adapting the upstream commits [2], [3] to the older version seem to
adress the issue, please double check again.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-1000494
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000494
[1] https://github.com/miniupnp/miniupnp/issues/268
[2] https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a
[3] https://github.com/miniupnp/miniupnp/commit/a0573e251817ec090a8c9f9f41b56d720c835a6c
Regards,
Salvatore
Reply sent
to Thomas Goirand <zigo@debian.org>:
You have taken responsibility.
(Thu, 01 Feb 2018 17:10:15 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Thu, 01 Feb 2018 17:10:15 GMT) (full text, mbox, link).
Message #10 received at 887129-close@bugs.debian.org (full text, mbox, reply):
Source: miniupnpd
Source-Version: 2.0.20171212-1
We believe that the bug you reported is fixed in the latest version of
miniupnpd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 887129@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <zigo@debian.org> (supplier of updated miniupnpd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 01 Feb 2018 16:39:16 +0000
Source: miniupnpd
Binary: miniupnpd
Architecture: source amd64
Version: 2.0.20171212-1
Distribution: unstable
Urgency: medium
Maintainer: Thomas Goirand <zigo@debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description:
miniupnpd - UPnP and NAT-PMP daemon for gateway routers
Closes: 771918 850411 877564 885825 885960 887129
Changes:
miniupnpd (2.0.20171212-1) unstable; urgency=medium
.
[ Yangfl ]
* New upstream release (Closes: #850411).
- Fix V6SOCKETS_ARE_V6ONLY on Linux (Closes: #771918)
- Default reverted to UDA 1.1 (Closes: #885960)
- Fix CVE-2017-1000494 (Closes: #887129)
* Enable manufacturer info configuration (Closes: #877564).
* Allow IPv4 listening specify (Closes: #885825).
* Bumped Standards-Version.
.
[ Thomas Goirand ]
* Fixed VCS URLs to point to Salsa.
* Ran wrap-and-sort -bast.
* Fixed debian/gbp.conf.
Checksums-Sha1:
f2b4a629977bfc871127de2a0c16fa5c1709e944 1965 miniupnpd_2.0.20171212-1.dsc
4226fd7932555af2e60e065d3487bd5ccedefb66 222617 miniupnpd_2.0.20171212.orig.tar.gz
85de34d01be8f7e5edd4722b29e189cb2b337cc4 14868 miniupnpd_2.0.20171212-1.debian.tar.xz
d37db609081dc262d0252f451999862442721207 202372 miniupnpd-dbgsym_2.0.20171212-1_amd64.deb
d17c5ae6688bfe0e9f015f0e664e5410a2ec8b5c 6082 miniupnpd_2.0.20171212-1_amd64.buildinfo
071601b0c76d3c54c84281bac1ca4cc1f0f09941 97604 miniupnpd_2.0.20171212-1_amd64.deb
Checksums-Sha256:
a56e3d331f0f189cb1a2f40b39fbde722e738f43d3ca30413811517223e212f8 1965 miniupnpd_2.0.20171212-1.dsc
c76a839d22839ed344017d42f39d4585738db81716d0eb4c194ea26603a5ac49 222617 miniupnpd_2.0.20171212.orig.tar.gz
732f752bd518026496711bac77199043737000c80e510932c1ae455e32494470 14868 miniupnpd_2.0.20171212-1.debian.tar.xz
6f68e5239e5227da4604c92ffb796acb59a8ea06bd82f3a3df8ad60517a931e8 202372 miniupnpd-dbgsym_2.0.20171212-1_amd64.deb
a40c1cc0d0c7babb2aa0a1e3b0124400ab36db27e5a38f975c2ef2b234d05d93 6082 miniupnpd_2.0.20171212-1_amd64.buildinfo
f2823dac766f39fb143fbe1a8122fd0fe6d2ecfe78522e552b5d5a6513c893dc 97604 miniupnpd_2.0.20171212-1_amd64.deb
Files:
1fb20ff867e56473298f655993fc71b1 1965 net optional miniupnpd_2.0.20171212-1.dsc
d29507b3d4082a8b5f21e11f70bfbfc7 222617 net optional miniupnpd_2.0.20171212.orig.tar.gz
827f3460a1d8a918fc9fcd4a89d592e8 14868 net optional miniupnpd_2.0.20171212-1.debian.tar.xz
f4d2007b0a5593f1ae3d840b24c42673 202372 debug optional miniupnpd-dbgsym_2.0.20171212-1_amd64.deb
08a2874dddeaf9f308980a0849d95106 6082 net optional miniupnpd_2.0.20171212-1_amd64.buildinfo
09a6c290676c283ab2cf51659468896f 97604 net optional miniupnpd_2.0.20171212-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAlpzRKkACgkQ1BatFaxr
Q/5YlA//TbZXdTbqTX/ljtLPxN6sF8Q8wSjFH0DeZ4UBl/O6r5CUwCrGrQCWDAmd
1LTalhn46qCDRoOHP34VARiXowZqYjYop/nRDGZFNeMptpAh7SQHwipcXw2EvQ33
SLe8jkIiwY/+4UXD/fMQp8nzSX9g3h4fpgc6CTTUD1orqkpv9iVZ12sQ/nQPI3ty
KGvzrr2H2vYByhejeItMoT0857A0SPBrO6wKL8Wr9OjSyMUoHCSwRZtRMQx39aUy
jkkUk1keroO69pPL4fUSYMa8eCAGpT3T9FSfrfPL4hs1vQOY96P7oQEG6aDqmi7M
khCX6B9by5QTrZvRyG4zuXOUUpMR3B87txAtVsyru1SpHH21eLbhEwkqYPA5OEFC
pc4F3IuRS4vmrkaA2GQhCh+lH3wEUYR1gJjPfbYZbPgUIq/20fcS1nOo636TLgsI
hCWzk5iUmonr5ID7hsK0Vb26fbUuoRggYT8+nTeQow04Oxet3C9XlC8SFTAf+7QB
SHGiftjMh4N58awsnn/U1sJmPugM/ykEgsNx0kkAbY6SToRy13HA8stwP+gap+JT
UvbM6a/3RwLkMIGZF2SuT6h4glSGVPv7MHAV68NFpIvdCtSW2NIE0yQ7su7G2cef
Qw1piSoNF5iiOUq9TJ68jUQgESKZO+ZEPtwwdrL1h4LKbPHzVg4=
=OXVW
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org:
Bug#887129; Package src:miniupnpd.
(Wed, 07 Feb 2018 11:30:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Thomas Goirand <zigo@debian.org>:
Extra info received and forwarded to list.
(Wed, 07 Feb 2018 11:30:03 GMT) (full text, mbox, link).
Message #15 received at 887129@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dear security team,
I have built an update of miniupnpd for Stretch. However, it's unclear
to me if this should go through stretch-pu, or through stretch-security.
Please let me know.
In case you would like to get it through stretch-security, here's a
debdiff attached.
Note that Sid/Buster was updated through a newer upstream release
upload. I'm also working on getting miniupnpc and libnatpmp updated
however this will need transition management from the release team.
Cheers,
Thomas Goirand (zigo)
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEtKCq/KhshgVdBnYUq1PlA1hod6YFAlp64nsACgkQq1PlA1ho
d6ascw//WBlAIZpwqtx/TZaaYDB0LNnjiBKOWgxnAPwzewTH2X5IngLRKOGE6iME
sRYnPTHP9VDUpvXHcDROpPKa/CgRus1atss2P8wTv8B4gGR4//J28P9z8fTh7aBI
8pKlzjUrzGDZcricEUXs/Yga+B3yNOLBKT6XDfRdJmw76REzX4QJ5p/f63Pp5EKP
uL2DcvBBqg9dPaWpXcBTGIxSkWA3T22u9+lbaLQpl/Ra8F8B5+AZNWpTtDkJlYe6
BAMX+u+KUOVADiwsfQNuVLiitFOmqcn7oOoPgyG23cI4M6qSvduZiTpdHCVBsPSH
um+QjJ5f75cA54v+CdgGHQSl2YIAQ9tvv4triP6bYrKgX1U22q7Y3KYoBakCMkRN
SjF7Y6KooQ2smrWXessWbcq0JTE/vpRf2sA4OobHnbezUO/XEWs3dgduSfaz6wDO
NZEVPUi2JwsF1sLGMmwnDmUISp4tcAgPlkH7xwM2K/l78DXCtJl5Bz6E6E3PLlDB
A0j+sOy885ewML+CJlKoI/wiObNbHM4G2ql5FW5MD/CSC+Le43RCXDkWBHkNLfdR
wTrElauKY2tTKntysLzqM4SfXZIB4SWBuS58Guxc6Kiur/S59tb0adl24ok7Idsw
jtW6Bhkx/34B2NbVqavNQ1iW+ome71AExH3wRmsTAqo9vsuJkHo=
=zuEG
-----END PGP SIGNATURE-----
[miniupnpd_1.8.20140523-4.1+deb9u1.debdiff (text/plain, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Thomas Goirand <zigo@debian.org>:
Bug#887129; Package src:miniupnpd.
(Wed, 07 Feb 2018 11:39:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Thomas Goirand <zigo@debian.org>.
(Wed, 07 Feb 2018 11:39:07 GMT) (full text, mbox, link).
Message #20 received at 887129@bugs.debian.org (full text, mbox, reply):
Hi
On Wed, Feb 07, 2018 at 12:26:58PM +0100, Thomas Goirand wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Dear security team,
>
> I have built an update of miniupnpd for Stretch. However, it's unclear
> to me if this should go through stretch-pu, or through stretch-security.
> Please let me know.
>
> In case you would like to get it through stretch-security, here's a
> debdiff attached.
Cf. https://security-tracker.debian.org/CVE-2017-1000494
We marked the issue as no-dsa, so no DSA via security.d.o is planned.
Can you shedule fixes via upcoming point releases and contact the
stable release managers?
Regards,
Salvatore
Reply sent
to Thomas Goirand <zigo@debian.org>:
You have taken responsibility.
(Fri, 30 Mar 2018 19:51:08 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Fri, 30 Mar 2018 19:51:08 GMT) (full text, mbox, link).
Message #25 received at 887129-close@bugs.debian.org (full text, mbox, reply):
Source: miniupnpd
Source-Version: 1.8.20140523-4.1+deb9u1
We believe that the bug you reported is fixed in the latest version of
miniupnpd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 887129@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <zigo@debian.org> (supplier of updated miniupnpd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 07 Feb 2018 12:18:50 +0100
Source: miniupnpd
Binary: miniupnpd
Architecture: source amd64
Version: 1.8.20140523-4.1+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Thomas Goirand <zigo@debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description:
miniupnpd - UPnP and NAT-PMP daemon for gateway routers
Closes: 887129
Changes:
miniupnpd (1.8.20140523-4.1+deb9u1) stretch; urgency=medium
.
* Apply patch from upstream for CVE-2017-1000494 (Closes: #887129).
Checksums-Sha1:
ec5c353a732cc20aceb5e40fc043786fff291549 1973 miniupnpd_1.8.20140523-4.1+deb9u1.dsc
358b43f24952eb96801f6d7610c83f4adc270c79 18568 miniupnpd_1.8.20140523-4.1+deb9u1.debian.tar.xz
8a578348b186dff81e05b22ffb2f0430732e5545 6135 miniupnpd_1.8.20140523-4.1+deb9u1_amd64.buildinfo
05793effd67e8fe78b521d1e50704069bbc926c2 87014 miniupnpd_1.8.20140523-4.1+deb9u1_amd64.deb
Checksums-Sha256:
f47fb766e4560decb6dc74b2b62f93138fa96088574c1587d352d093af66358c 1973 miniupnpd_1.8.20140523-4.1+deb9u1.dsc
937bc48a02ff85699c08560512724ed0e53baba7bae985f8718adfe7355d58dc 18568 miniupnpd_1.8.20140523-4.1+deb9u1.debian.tar.xz
223e1d41ceccac67576829e568213780c9a757bd7bba632a494a35eacaa6e56d 6135 miniupnpd_1.8.20140523-4.1+deb9u1_amd64.buildinfo
28d5cd8b9235a38e1374081c15f9d9ad02f6cf6f83bbe13976541dca8c03c370 87014 miniupnpd_1.8.20140523-4.1+deb9u1_amd64.deb
Files:
221be2a1c8987fa6eea3c809ef87684b 1973 net optional miniupnpd_1.8.20140523-4.1+deb9u1.dsc
ef0dd74e24ffe40dc9ddcd52a2a806d3 18568 net optional miniupnpd_1.8.20140523-4.1+deb9u1.debian.tar.xz
358d548e2d60cfac24be60c589733648 6135 net optional miniupnpd_1.8.20140523-4.1+deb9u1_amd64.buildinfo
c208f5c80e4ea17859c25d8aacc63154 87014 net optional miniupnpd_1.8.20140523-4.1+deb9u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEtKCq/KhshgVdBnYUq1PlA1hod6YFAlp64P0ACgkQq1PlA1ho
d6aomw/9FWm4+sbAFO3hSI9nilP+yXJAkb4pnBbj319gcG7DOWc5J/TP0Fjv0c7m
PNdSacaCqk0MktHguQ2zJ6NdNbsemgBujLfNBA0GwacErKM2sMEVAiTWJHmTCkVQ
5icKSLhvgfetQ4SG3wUN0mapXX+5jG5lbxBH6EeOrFBO4R0FBo7p8LSeQKqlgXD0
hGyuYQ5jh9bHEWyD6gq1QTSr1nYbZxAfEG2KDCDQUc8r5/ZIKkF9Z6/8kwiMPb9k
6YX0ZcBCauXcdkCI/Jg8utQxOejfZZ/YmUUEUown3KOkNc21YZk74Kfgv2rIANMB
4Z5P7la5Sw8v3KDMndgB/GQkwidHSJ5mFM/ZvqSkLcOWXRK7biRf1NU7XRYCbgfG
slP7ZZqJoHZMJx/rHSkWv7NW8tT3EP22NWEG0iRrLr4aEUtH0yivdP67oATreScO
SSDTKC4MiAna2pjFMKU0lMWwFbimIcoUhU1Xs+s+KxQoFJVbLgANbjfh5mLf4Y/u
gA8OLZdk58RhOy9KPWv6PxsFo7A6WXIWe3uSNc9qQcGPjK+k7WxrLkSg5lMM0Myw
LDbmX+E1Jvir19dtAn1FybX0RYjB/bXS9iTKRdGHhXFSsjc3T+uKoA9+EtKokOjY
9/FOy/wrNhG6Sm3JjtpUJ3e7NdsOdR5+kFaaQ6ci42LBDYBnYJM=
=tGBf
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 22 Sep 2018 07:26:23 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:02:18 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon