CVE-2017-11108

Debian Bug report logs - #867718
CVE-2017-11108

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2017-11108

Date: Sat, 08 Jul 2017 23:23:46 +0200

Package: tcpdump
Severity: important
Tags: security

This was assigned CVE-2017-11108:
https://bugzilla.redhat.com/show_bug.cgi?id=1468504

Cheers,
        Moritz

Message #16 received at 867718@bugs.debian.org (full text, mbox, reply):

From: Antoine Beaupre <anarcat@orangeseeds.org>

To: Moritz Muehlenhoff <jmm@debian.org>

Cc: 867718@bugs.debian.org

Subject: Re: Bug#867718: CVE-2017-11108

Date: Wed, 19 Jul 2017 18:21:47 -0400

[Message part 1 (text/plain, inline)]

For what it's worth, I can reproduce this in stretch by rebuilding with
ASAN (-lasan -fsanitize=address -fno-omit-frame-pointer).

I can also reproduce this in wheezy by running it in valgrind:

$ valgrind /usr/sbin/tcpdump -ntr poc
==26648== Memcheck, a memory error detector
==26648== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==26648== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==26648== Command: /usr/sbin/tcpdump -ntr poc
==26648== 
reading from file poc, link-type EN10MB (Ethernet)
IP 192.168.1.94.61358 > 239.255.255.250.1900: UDP, length 133
ARP, Reply 192.168.1.1 is-at 00:e0:20:1c:27:77, length 46
==26648== Invalid read of size 2
==26648==    at 0x1AA1F7: ??? (in /usr/sbin/tcpdump)
==26648==    by 0x17C810: ??? (in /usr/sbin/tcpdump)
==26648==    by 0x15E4F2: ??? (in /usr/sbin/tcpdump)
==26648==    by 0x13FCBD: ??? (in /usr/sbin/tcpdump)
==26648==    by 0x13C33E: ??? (in /usr/sbin/tcpdump)
==26648==    by 0x404446F: ??? (in /usr/lib/x86_64-linux-gnu/libpcap.so.1.3.0)
==26648==    by 0x4035ECE: pcap_loop (in /usr/lib/x86_64-linux-gnu/libpcap.so.1.3.0)
==26648==    by 0x13AE68: main (in /usr/sbin/tcpdump)
==26648==  Address 0x59d168f is 3 bytes after a block of size 60 alloc'd
==26648==    at 0x4C28BED: malloc (vg_replace_malloc.c:263)
==26648==    by 0x4044F1B: ??? (in /usr/lib/x86_64-linux-gnu/libpcap.so.1.3.0)
==26648==    by 0x4044722: pcap_fopen_offline (in /usr/lib/x86_64-linux-gnu/libpcap.so.1.3.0)
==26648==    by 0x40448EF: pcap_open_offline (in /usr/lib/x86_64-linux-gnu/libpcap.so.1.3.0)
==26648==    by 0x13AB4B: main (in /usr/sbin/tcpdump)
==26648== 
STP 802.1aq, Rapid STP, CIST Flags [Learn, Forward, Agreement], length 175[|stp 175]
IP 192.168.1.131.5353 > 224.0.0.251.5353: 0 [2q] [2n][|domain]
IP 192.168.1.209.5353 > 224.0.0.251.5353: 0*- [0q] 2/0/0[|domain]

Also: there's something fishy with that POC file. I can extract the rar
file in a stretch virtualbox instance, but not out of the box, nor under
wheezy. Something odd there.

I'm trying to figure out exactly how to fix this, at this stage. It
doesn't look like upstream responded just yet, but I can already say the
following.

 1. tcpdump does try to derefence a pointer with an address value that
    is user-controlled (mstp_len) in print-stp.c:478

 2. even when tcpdump doesn't crash, it fails to render the packet
    properly. with -vvv, i get this:

    STP 802.1aq, Rapid STP, CIST Flags [Learn, Forward, Agreement], length 175
	    port-role Designated, CIST root-id 8000.20:bb:c0:7b:d1:2e, CIST ext-pathcost 0
	    CIST regional-root-id 8000.20:bb:c0:7b:d1:2e, CIST port-id 8002,
	    message-age 0.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
	    v3len 8, [|stp 175]

    notice the trailing comma there: after the `v3len` field, there
    would normally be other things there, but some overflow detection
    kicks in stp_print_mstp_bpdu(), which, in turns, calls the magic
    ND_TCHECK macro which detects the overflow and bails out properly

 3. therefore, -vvv doesn't trigger the bug

 4. conclusion: it may be simply a matter of calling the proper
    ND_TCHECK macro before dereferencing the pointer.

Therefore, the following debdiff should fix this.

A.

[tcpdump_4.9.0-1~deb7u2.debdiff (text/plain, attachment)]

[signature.asc (application/pgp-signature, inline)]

Message #21 received at 867718@bugs.debian.org (full text, mbox, reply):

From: Antoine Beaupré <anarcat@orangeseeds.org>

To: 867718@bugs.debian.org

Subject: Re: Bug#867718: CVE-2017-11108

Date: Thu, 20 Jul 2017 10:27:44 -0400

Control: forwarded -1 https://github.com/the-tcpdump-group/tcpdump/issues/616
Control: tags -1 +patch

Opened an issue upstream, as recommended by the RedHat security
folks. Also sent a pull request for the fix:

https://github.com/the-tcpdump-group/tcpdump/pull/617

I'll sit on this one until we get a review from upstream now.

Message #30 received at 867718@bugs.debian.org (full text, mbox, reply):

From: Romain Francoise <rfrancoise@debian.org>

To: Antoine Beaupré <anarcat@orangeseeds.org>

Cc: 867718@bugs.debian.org

Subject: Re: Bug#867718: CVE-2017-11108

Date: Thu, 20 Jul 2017 22:09:17 +0200

On Thu, Jul 20, 2017 at 10:27:44AM -0400, Antoine Beaupré wrote:
> Opened an issue upstream, as recommended by the RedHat security
> folks. Also sent a pull request for the fix:
>
> https://github.com/the-tcpdump-group/tcpdump/pull/617

It's likely that this was wasted effort--tcpdump is the token
application for afl testing and the upstream team gets lots of reports.
The fix probably already exists in the embargoed repository (which I
don't have access to). The next security release will include it along
with others (see the 4.9.0 changelog to get an idea).

> I'll sit on this one until we get a review from upstream now.

I'm also monitoring the situation, but thanks for your work.

-- 
Romain Francoise <rfrancoise@debian.org>
https://people.debian.org/~rfrancoise/

Message #35 received at 867718@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Moritz Muehlenhoff <jmm@debian.org>, 867718@bugs.debian.org

Subject: Re: Bug#867718: CVE-2017-11108

Date: Sun, 23 Jul 2017 15:05:40 +0200

Control: tags -1 + fixed-upstream

This issue has been fixed upstream in 4.9.1, according to
http://www.tcpdump.org/tcpdump-changes.txt

Regards,
Salvatore

Message #42 received at 867718@bugs.debian.org (full text, mbox, reply):

From: Romain Francoise <rfrancoise@debian.org>

To: Salvatore Bonaccorso <carnil@debian.org>

Cc: Moritz Muehlenhoff <jmm@debian.org>, 867718@bugs.debian.org

Subject: Re: Bug#867718: CVE-2017-11108

Date: Wed, 26 Jul 2017 12:46:11 +0200

On Sun, Jul 23, 2017 at 03:05:40PM +0200, Salvatore Bonaccorso wrote:
> This issue has been fixed upstream in 4.9.1, according to
> http://www.tcpdump.org/tcpdump-changes.txt

Yes, thanks, I will upload to unstable shortly.

If this is still no-dsa, I will try to get it fixed in stable via s-p-u.

Thanks,
-- 
Romain Francoise <rfrancoise@debian.org>
https://people.debian.org/~rfrancoise/

Message #47 received at 867718@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: Romain Francoise <rfrancoise@debian.org>

Cc: Salvatore Bonaccorso <carnil@debian.org>, Moritz Muehlenhoff <jmm@debian.org>, 867718@bugs.debian.org

Subject: Re: Bug#867718: CVE-2017-11108

Date: Wed, 26 Jul 2017 13:17:47 +0200

On Wed, Jul 26, 2017 at 12:46:11PM +0200, Romain Francoise wrote:
> On Sun, Jul 23, 2017 at 03:05:40PM +0200, Salvatore Bonaccorso wrote:
> > This issue has been fixed upstream in 4.9.1, according to
> > http://www.tcpdump.org/tcpdump-changes.txt
> 
> Yes, thanks, I will upload to unstable shortly.
> 
> If this is still no-dsa, I will try to get it fixed in stable via s-p-u.

That particular CVE ID is no-dsa by itself, but there's been
new issues reported (not yet in the BTS, also not sure whether upstream
has acted on those):

https://security-tracker.debian.org/tracker/CVE-2017-11541
https://security-tracker.debian.org/tracker/CVE-2017-11542
https://security-tracker.debian.org/tracker/CVE-2017-11543
https://security-tracker.debian.org/tracker/CVE-2017-11544
https://security-tracker.debian.org/tracker/CVE-2017-11545

Next point updates are quite some time afar, so let's wait a bit until
those new ones have been investigated further.

Cheers,
        Moritz 

Message #52 received at 867718@bugs.debian.org (full text, mbox, reply):

From: Henri Salo <henri@nerv.fi>

To: Moritz Muehlenhoff <jmm@inutil.org>, 867718@bugs.debian.org

Subject: Re: Bug#867718: CVE-2017-11108

Date: Wed, 26 Jul 2017 15:27:05 +0300

On Wed, Jul 26, 2017 at 01:17:47PM +0200, Moritz Muehlenhoff wrote:
> That particular CVE ID is no-dsa by itself, but there's been
> new issues reported (not yet in the BTS, also not sure whether upstream
> has acted on those):
> 
> https://security-tracker.debian.org/tracker/CVE-2017-11541
> https://security-tracker.debian.org/tracker/CVE-2017-11542
> https://security-tracker.debian.org/tracker/CVE-2017-11543
> https://security-tracker.debian.org/tracker/CVE-2017-11544
> https://security-tracker.debian.org/tracker/CVE-2017-11545

This is also in upstream issue tracker:

  https://github.com/the-tcpdump-group/tcpdump/issues/619

These are only issues when using older versions of libpcap. This has been
verified by me and ack'd by the researcher. For example this setup was not
affected:

tcpdump version 4.10.0-PRE-GIT_2017_07_24
libpcap version 1.8.1
OpenSSL 1.0.1t  3 May 2016
Compiled with AddressSanitizer/GCC.

Tcpdump is clearly asking people to test with the latest releases or SCM code
so I don't think they will start analyzing these cases any further. I can
reproduce these issues in Debian if needed? I'm unable to start making patches
or backports though.

> Next point updates are quite some time afar, so let's wait a bit until
> those new ones have been investigated further.

Tcpdump is planning to publish new release soon, which fixes security issues.

-- 
Henri Salo

Message #57 received at 867718-close@bugs.debian.org (full text, mbox, reply):

From: Romain Francoise <rfrancoise@debian.org>

To: 867718-close@bugs.debian.org

Subject: Bug#867718: fixed in tcpdump 4.9.1-1

Date: Sat, 26 Aug 2017 17:19:33 +0000

Source: tcpdump
Source-Version: 4.9.1-1

We believe that the bug you reported is fixed in the latest version of
tcpdump, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 867718@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Romain Francoise <rfrancoise@debian.org> (supplier of updated tcpdump package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 26 Aug 2017 18:48:32 +0200
Source: tcpdump
Binary: tcpdump
Architecture: source
Version: 4.9.1-1
Distribution: unstable
Urgency: medium
Maintainer: Romain Francoise <rfrancoise@debian.org>
Changed-By: Romain Francoise <rfrancoise@debian.org>
Description:
 tcpdump    - command-line network traffic analyzer
Closes: 867718
Changes:
 tcpdump (4.9.1-1) unstable; urgency=medium
 .
   * New upstream release, fixes CVE-2017-11108 (closes: #867718).
   * Bump Standards-Version to 4.1.0.
   * debian/watch: add pgpsigurlmangle option.
   * Add upstream signing key in debian/upstream.
Checksums-Sha1:
 059a77ac6f360e4d1a05f1334ffb764194bfe3cf 2182 tcpdump_4.9.1-1.dsc
 9cad93f6dd2cc52bc6ef90765d278b9fa090e027 1258108 tcpdump_4.9.1.orig.tar.gz
 418c8eefd33b8a6748db6c683ef6648b1f17b86d 442 tcpdump_4.9.1.orig.tar.gz.asc
 84eace348048b716f40a1db0c885adb7a89b6e54 14728 tcpdump_4.9.1-1.debian.tar.xz
 7a44f03c926b76642e243561108d9e34a2806789 4996 tcpdump_4.9.1-1_source.buildinfo
Checksums-Sha256:
 2939fc70d23c11ac39fdebe7af0058bf432fc1c07f65979edf0faf1803d23f28 2182 tcpdump_4.9.1-1.dsc
 f9448cf4deb2049acf713655c736342662e652ef40dbe0a8f6f8d5b9ce5bd8f3 1258108 tcpdump_4.9.1.orig.tar.gz
 8a3891658980a1e09d1f1b04b528174a2f788f22044ff10b200579dceaa9a7ab 442 tcpdump_4.9.1.orig.tar.gz.asc
 c7a391f5d69d68bd79ffc9e3f18e66bd606f79696881361fc7638d5a8eebc14d 14728 tcpdump_4.9.1-1.debian.tar.xz
 e69cd42af5b38653f91d68ad3f8baed1745be5990a23afc334b786e372d53bc3 4996 tcpdump_4.9.1-1_source.buildinfo
Files:
 2fcb0edc312a98efca9e56fa396668b2 2182 net optional tcpdump_4.9.1-1.dsc
 1e0293210b0dea5ef18e88e4150394b7 1258108 net optional tcpdump_4.9.1.orig.tar.gz
 f922bdd5b2583e4ec29a4e7bdd4883f9 442 net optional tcpdump_4.9.1.orig.tar.gz.asc
 42055beb3fa490e5fd1c7d326ab1cd84 14728 net optional tcpdump_4.9.1-1.debian.tar.xz
 39d6b2b74afe2fcd82ec8236c56e0113 4996 net optional tcpdump_4.9.1-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEvjSXQsqYfs1+d+QtrRX0NfBfli0FAlmhqAkACgkQrRX0NfBf
li3Cgw//eX8NrwV3wW6Y3zY8CBbOJyfOYLtSPYcQvwrbmdmI8NUgOQGIITdeePDG
w0urGmANc6SYCaUSsJ9Z9x6qQICHpaNiVdW47n2jgRlVZgZ/KfDw0NEbJpb2EweK
xwlOzoiEfrej+r+iAtSmfMKKBBX6wOMVIFil0+BOXAAFIQgAFWed/RrUrxv0bw/p
oh43Fx919mRx5+gJ5WxNLJwAqN5Uq7mb2YaAAyDtV/7fl5Z9V+Qh+uYEZUpiNG6o
RJlfrMYpAz/hdjPes4oK3I38rhiFfp4hsKEOvYnXjshlFxBT4zkxaByYYRjC+r9t
9QsxF7ZmF0l0oRWRgddG9cM4SoM7xckTSLMQ16Q2TPBx2nOdnSpUITEbEv0FJciv
i1pPAPqa9euJnerM6srWQE4cC74N3U2ygR6BgfhEuXLxcN0Dy+moJN/DYZZOOB6W
Y3uFJULuEas+KzLH+YVQo/AbXcV4r8X5E5g1jPkOWXYJREqoctb0PS8XgSf2iguc
BNnUZJuAt/S5uggTAKaNcvvi5tg1A6UN1pXEFwRNMAR7lZNfRaBK4mDnp2QGX0VZ
UFvhhVULpjm34cRwy4hO3+iagTW9F6L4QACyXJe+DeMp0sFzP53/O/h4bRhOVGxB
xrIPmnLLpAcm6XGXP8Q7ufbtQR6iW4e9x3dZbFFuCltB2F69a9M=
=Glfy
-----END PGP SIGNATURE-----

Message #62 received at 867718@bugs.debian.org (full text, mbox, reply):

From: Romain Francoise <rfrancoise@debian.org>

To: Henri Salo <henri@nerv.fi>

Cc: Moritz Muehlenhoff <jmm@inutil.org>, 867718@bugs.debian.org

Subject: Re: Bug#867718: CVE-2017-11108

Date: Sat, 26 Aug 2017 22:20:30 +0200

Hi,

On Wed, Jul 26, 2017 at 03:27:05PM +0300, Henri Salo wrote:
> These are only issues when using older versions of libpcap. This has
> been verified by me and ack'd by the researcher. For example this
> setup was not affected:
>
> tcpdump version 4.10.0-PRE-GIT_2017_07_24
> libpcap version 1.8.1
> OpenSSL 1.0.1t  3 May 2016
> Compiled with AddressSanitizer/GCC.

Do you know which change in libpcap protects tcpdump from these issues?
And which combinations of tcpdump/libpcap versions are vulnerable?

If these are exploitable we definitely need to backport the protection
to the libpcap in stable...

Thanks,
-- 
Romain Francoise <rfrancoise@debian.org>
https://people.debian.org/~rfrancoise/

Message #67 received at 867718@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Romain Francoise <rfrancoise@debian.org>, 867718@bugs.debian.org

Cc: Henri Salo <henri@nerv.fi>, Moritz Muehlenhoff <jmm@inutil.org>

Subject: Re: Bug#867718: CVE-2017-11108

Date: Sun, 27 Aug 2017 10:23:13 +0200

Hi Romain,

On Sat, Aug 26, 2017 at 10:20:30PM +0200, Romain Francoise wrote:
> Hi,
> 
> On Wed, Jul 26, 2017 at 03:27:05PM +0300, Henri Salo wrote:
> > These are only issues when using older versions of libpcap. This has
> > been verified by me and ack'd by the researcher. For example this
> > setup was not affected:
> >
> > tcpdump version 4.10.0-PRE-GIT_2017_07_24
> > libpcap version 1.8.1
> > OpenSSL 1.0.1t  3 May 2016
> > Compiled with AddressSanitizer/GCC.
> 
> Do you know which change in libpcap protects tcpdump from these issues?
> And which combinations of tcpdump/libpcap versions are vulnerable?
> 
> If these are exploitable we definitely need to backport the protection
> to the libpcap in stable...

I'm unsure if those are already really fixed with libpcap 1.8.1.
Unless I did something wrong while checking, at least CVE-2017-11541
and CVE-2017-11542 can be reproduced with an ASAN build of tcpdump
4.9.1 using libpcap 1.8.1 from sid:

https://github.com/hackerlib/hackerlib-vul/issues/1#issuecomment-325183980

I have not tried with HEAD of libpcap git and not tried to bisect.

But this bug was about CVE-2017-11108, so maybe we should better move
the discussion around CVE-2017-11541, CVE-2017-11542 and
CVE-2017-11543 to a new bugreport?

Regards,
Salvatore

p.s.: I'm happy to be corrected/stand corrected to improve what I did
      possibly wrong while checking, so please let me know please.

Message #72 received at 867718-close@bugs.debian.org (full text, mbox, reply):

From: Romain Francoise <rfrancoise@debian.org>

To: 867718-close@bugs.debian.org

Subject: Bug#867718: fixed in tcpdump 4.9.2-1~deb9u1

Date: Sat, 23 Sep 2017 10:03:35 +0000

Source: tcpdump
Source-Version: 4.9.2-1~deb9u1

We believe that the bug you reported is fixed in the latest version of
tcpdump, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 867718@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Romain Francoise <rfrancoise@debian.org> (supplier of updated tcpdump package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 09 Sep 2017 20:33:48 +0200
Source: tcpdump
Binary: tcpdump
Architecture: amd64 source
Version: 4.9.2-1~deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Romain Francoise <rfrancoise@debian.org>
Changed-By: Romain Francoise <rfrancoise@debian.org>
Closes: 867718 873804 873805 873806
Description: 
 tcpdump    - command-line network traffic analyzer
Changes:
 tcpdump (4.9.2-1~deb9u1) stretch-security; urgency=high
 .
   * New upstream release, fixing 90 new CVEs. See the upstream changelog
     for the full list (closes: #867718, #873804, #873805, #873806).
Checksums-Sha1: 
 184e2da682ff3031440bc15a57d7d793835790ca 1953 tcpdump_4.9.2-1~deb9u1.dsc
 f7dccebe94c3d07ac8744d43297ea2b98b35a13f 2298386 tcpdump_4.9.2.orig.tar.gz
 2f2cbaff068f220c33306bd9612928a14a9cafd9 12464 tcpdump_4.9.2-1~deb9u1.debian.tar.xz
 242c59d65f5d2d6ad8f858d8bdf3c87f9788e487 5227 tcpdump_4.9.2-1~deb9u1_source.buildinfo
 ce0d5ff191ef78d54edd7a4484479cf65fc6725d 880512 tcpdump-dbgsym_4.9.2-1~deb9u1_amd64.deb
 e8e95e1f90e072f79541ad82bdf9ea4bfa0420f0 4815 tcpdump_4.9.2-1~deb9u1_amd64.buildinfo
 79a47754723b3a548aff192cea9ad8d440276d85 414652 tcpdump_4.9.2-1~deb9u1_amd64.deb
Checksums-Sha256: 
 e11b0b9ba1ebc10c5ed21e13f372ffb08cd2502d404b680f1e6989c155c64e05 1953 tcpdump_4.9.2-1~deb9u1.dsc
 798b3536a29832ce0cbb07fafb1ce5097c95e308a6f592d14052e1ef1505fe79 2298386 tcpdump_4.9.2.orig.tar.gz
 96a5bdd93c7a30b328bc2096723b64eb0eb440a3b096052db624b4d4ac0c937d 12464 tcpdump_4.9.2-1~deb9u1.debian.tar.xz
 9fdd1d71136ecb377873df7e504735fdd29d04fe78d8c5cb7c93078ddac585cc 5227 tcpdump_4.9.2-1~deb9u1_source.buildinfo
 fe8a42e3861317a4baa1dd5ef475c3d6440b7c1d4f72d1e7f73700ced9b17048 880512 tcpdump-dbgsym_4.9.2-1~deb9u1_amd64.deb
 8e2639b080429c8dd7168e76e8a667380af560efa25335a6ba9ce97a1b0aceb1 4815 tcpdump_4.9.2-1~deb9u1_amd64.buildinfo
 94541bfca7de7bdd3ec51f0ae5b3b92b1e9aaa90ec83e3645520ef23c8c710fa 414652 tcpdump_4.9.2-1~deb9u1_amd64.deb
Files: 
 67875543ce43caa4db110b4430400cd7 1953 net optional tcpdump_4.9.2-1~deb9u1.dsc
 9bbc1ee33dab61302411b02dd0515576 2298386 net optional tcpdump_4.9.2.orig.tar.gz
 6a5d675c6c9debb2ca1cc678b55303d8 12464 net optional tcpdump_4.9.2-1~deb9u1.debian.tar.xz
 8a15410d22a255da2a2a59a84ad34dfb 5227 net optional tcpdump_4.9.2-1~deb9u1_source.buildinfo
 cb78b163a3ddb2570fd317c86a9dc14d 880512 debug extra tcpdump-dbgsym_4.9.2-1~deb9u1_amd64.deb
 2fe0abaeb5f680b9095c3e1a64516264 4815 net optional tcpdump_4.9.2-1~deb9u1_amd64.buildinfo
 c876351c2d46812d30eec389a07c27c1 414652 net optional tcpdump_4.9.2-1~deb9u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEvjSXQsqYfs1+d+QtrRX0NfBfli0FAlm4HUIACgkQrRX0NfBf
li1eOw//UDtMFd5P2GMrEtHLMdcwRF+sgv9PYT8D/sNIJNZYjOoSLQE5iL2rGklu
HZ8NNVE2/yUDqIPIB2pOyCekJx41O85g32vdcnvvkbUxSvGFplW0QlSkly6IBvs1
vE1Qh4HxASDj/Nn4n/nEHhBe6e/HehHdS1NuaeRQ7+xmanDBpokk9RJ1KGAf/Xry
CdtMr5EPvpH244EbKgcCzBPwC1Dh9MmXE/S8ZJ7cUnCcx/v2u6CHkeqDq+KZK53H
HKsB5efK6g75Y+8L94kUW/R/mv5QNEsysICBPK8usXwP5cybs4RN1JFO3NDpI4vi
BiFbFJk0unioA5Lrwo60ZJQwdqNd/Y/8D5C1qCtKzIZgII1Inig8o1QBElvT6OCt
vDgpvzAApetN7nDDRYjCq4uzTYqsZ5AN+G1q2rNjG2XIR2eFilnX6bXpL/oswBh0
J3/XmIV+H5094Y/zVK5R1JMEn0PshE8F1cwWSlftyRWh4L/4BEUvLV9+vA/o8lpa
Pyu0uhOr3HurQ6eNjLeBSejv4vNZDfshZ47VL+qyxFwB4gmB6mEYRz2ky4GiuOC9
HS7a6nDPWNA2DQlc7qfmPfi34b0gQxvSlMLyJLNziL/Fv9IkcmfroVFHfiDM0UqF
sqpEkVTJYQzMEGE8qact6CLIMtpEnZu4OqKTxJFy5v2jtpRTgrM=
=s+Xb
-----END PGP SIGNATURE-----

Message #77 received at 867718-close@bugs.debian.org (full text, mbox, reply):

From: Romain Francoise <rfrancoise@debian.org>

To: 867718-close@bugs.debian.org

Subject: Bug#867718: fixed in tcpdump 4.9.2-1~deb8u1

Date: Sat, 23 Sep 2017 20:02:47 +0000

Source: tcpdump
Source-Version: 4.9.2-1~deb8u1

We believe that the bug you reported is fixed in the latest version of
tcpdump, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 867718@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Romain Francoise <rfrancoise@debian.org> (supplier of updated tcpdump package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 09 Sep 2017 21:39:47 +0200
Source: tcpdump
Binary: tcpdump
Architecture: amd64 source
Version: 4.9.2-1~deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Romain Francoise <rfrancoise@debian.org>
Changed-By: Romain Francoise <rfrancoise@debian.org>
Closes: 867718 873804 873805 873806
Description: 
 tcpdump    - command-line network traffic analyzer
Changes:
 tcpdump (4.9.2-1~deb8u1) jessie-security; urgency=high
 .
   * New upstream release, fixing 90 new CVEs. See the upstream changelog
     for the full list (closes: #867718, #873804, #873805, #873806).
Checksums-Sha1: 
 5511b408ac90d1157b4f54a598150c0c92a7a16b 1950 tcpdump_4.9.2-1~deb8u1.dsc
 09569a91048a05d99fd201acb17244dd09227b3a 12832 tcpdump_4.9.2-1~deb8u1.debian.tar.xz
 3fa24d9d0c6f59df0a684ada33e05aad64630ec8 5171 tcpdump_4.9.2-1~deb8u1_source.buildinfo
 bff0a5af307e9aff5e91b3a0b8ae9bbcc4c56a3e 414518 tcpdump_4.9.2-1~deb8u1_amd64.deb
Checksums-Sha256: 
 e39b80bcd6c082f1b72428b9a20a591de48a399db5e6b94438bb2ff02e2f0e97 1950 tcpdump_4.9.2-1~deb8u1.dsc
 4a778f95c28072499b2156d61123b179b7dd606342d675546e6b7cd0eeb5e6d5 12832 tcpdump_4.9.2-1~deb8u1.debian.tar.xz
 c3d5b796b9624f8ca238bdbb50764548980f5eff2ef675669aa6c383c8c93cdd 5171 tcpdump_4.9.2-1~deb8u1_source.buildinfo
 6bcf465812a09a327caf18360685bece7cb183f45dd6ac3d9bc28f16976edf75 414518 tcpdump_4.9.2-1~deb8u1_amd64.deb
Files: 
 6c9fdef5786f8deec27ab1a9fe4c599b 1950 net optional tcpdump_4.9.2-1~deb8u1.dsc
 26efb3f35c818ddb09363db9690c3882 12832 net optional tcpdump_4.9.2-1~deb8u1.debian.tar.xz
 3fc5218e1bf121e2ed4a9adb21b80f0c 5171 net optional tcpdump_4.9.2-1~deb8u1_source.buildinfo
 9b260d56dbd89931d275c539d1a689d1 414518 net optional tcpdump_4.9.2-1~deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEvjSXQsqYfs1+d+QtrRX0NfBfli0FAlm4HTgACgkQrRX0NfBf
li1bpRAAm+UVbGXKd3pJ3+eXrJSWnLmtTNWa+R0uW64Kc9rGJMUrHLxw1UlZdZrJ
LdUiTT5g+66z+LtJOwtv91Nzc5nfviADyJM1gNc4gVt4xGUVcKCOku4ii18MuQnB
h0GQxJVtMXnE8bcYuDwgT3HSdFBV5WLMZ+wOxW2nsrxtjmq2QnYR8xi72US01uuU
kbSiihPGR0neS1jkEcavnJ/Ra2wf+j6ky91mmtu0WuNW5MsXidrmKMhb5kttBieF
SZeBBGhVB7UehS1jyGdyRzlkiYV1+GkpOE9tAEFoqjYh4QFMJHw3L1tfejd28CH3
gWwo7SaW+w8+1WRQj1j0wJ1VCRQSlThr2sqlbiBCfoEWbtIWajo1pYuEQHuNq5n5
dryUMf5hDMM/1UdwmsibpZJsZ1xWojN5KA0fnSevDZYQDaIiDejb8qk/ZRuj6zn7
SXYfEbpr2NctUnVui8ZW708uwKxm0nbLKwNzT1asnO7uoJkvof7X93y2a/4sQ9ZS
5D/VQo2suWcJv758iyjCHdRseLUtoHM6xzWOQEI4HV9qSv5DPcmSCYx2GwVdELgL
cniRRZtDhQtodbgkRHHmodOPn1ffGBNGmnBEiM8+CEVrPiIPx138wyOoudC3mViw
GRjNA2i6+9oLBbfhoNXcVZkAlWfCFMjG7Gryn8bjyOUSWfFRLCI=
=Z8T3
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.