Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2017-3224

Related Vulnerabilities: CVE-2017-3224  

Source

Debian Bug report logs - #871617
CVE-2017-3224

Package: src:quagga; Maintainer for src:quagga is Brett Parker <iDunno@sommitrealweird.co.uk>;

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Wed, 9 Aug 2017 23:15:02 UTC

Severity: important

Tags: security

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Scott Leggett <scott@sl.id.au>:
Bug#871617; Package src:quagga. (Wed, 09 Aug 2017 23:15:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Scott Leggett <scott@sl.id.au>. (Wed, 09 Aug 2017 23:15:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2017-3224
Date: Thu, 10 Aug 2017 01:10:46 +0200
Source: quagga
Severity: important
Tags: security

Please see http://www.kb.cert.org/vuls/id/793496

Cheers,
        Moritz

Information forwarded to debian-bugs-dist@lists.debian.org, Scott Leggett <scott@sl.id.au>:
Bug#871617; Package src:quagga. (Sat, 30 Sep 2017 16:27:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
Extra info received and forwarded to list. Copy sent to Scott Leggett <scott@sl.id.au>. (Sat, 30 Sep 2017 16:27:05 GMT) (full text, mbox, link).

Message #10 received at 871617@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>
To: 871617@bugs.debian.org, scott@sl.id.au
Subject: Re: CVE-2017-3224
Date: Sat, 30 Sep 2017 18:24:55 +0200
On Thu, Aug 10, 2017 at 01:10:46AM +0200, Moritz Muehlenhoff wrote:
> Source: quagga
> Severity: important
> Tags: security
> 
> Please see http://www.kb.cert.org/vuls/id/793496

What's the status, is that fixed upstream?

> 
> Cheers,
>         Moritz
>  
>

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#871617; Package src:quagga. (Sun, 08 Oct 2017 11:24:06 GMT) (full text, mbox, link).

Acknowledgement sent to Scott Leggett <scott@sl.id.au>:
Extra info received and forwarded to list. (Sun, 08 Oct 2017 11:24:06 GMT) (full text, mbox, link).

Message #15 received at 871617@bugs.debian.org (full text, mbox, reply):

From: Scott Leggett <scott@sl.id.au>
To: Moritz Muehlenhoff <jmm@debian.org>, 871617@bugs.debian.org
Subject: Re: Bug#871617: CVE-2017-3224
Date: Sun, 8 Oct 2017 22:12:35 +1100
[Message part 1 (text/plain, inline)]
On 2017-09-30.18:24, Moritz Muehlenhoff wrote:
> On Thu, Aug 10, 2017 at 01:10:46AM +0200, Moritz Muehlenhoff wrote:
> > Source: quagga
> > Severity: important
> > Tags: security
> > 
> > Please see http://www.kb.cert.org/vuls/id/793496
> 
> What's the status, is that fixed upstream?

Hi Moritz,

Sorry I didn't respond earlier on this.

No, this is not fixed in any version of quagga.

I have discussed this CVE with upstream and they don't see it as a very
high impact bug.

-- 
Regards,
Scott.

[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Brett Parker <iDunno@sommitrealweird.co.uk>:
Bug#871617; Package src:quagga. (Fri, 08 Feb 2019 21:57:08 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Mühlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Brett Parker <iDunno@sommitrealweird.co.uk>. (Fri, 08 Feb 2019 21:57:08 GMT) (full text, mbox, link).

Message #20 received at 871617@bugs.debian.org (full text, mbox, reply):

From: Moritz Mühlenhoff <jmm@inutil.org>
To: Scott Leggett <scott@sl.id.au>
Cc: 871617@bugs.debian.org
Subject: Re: Bug#871617: CVE-2017-3224
Date: Fri, 8 Feb 2019 22:55:17 +0100
On Sun, Oct 08, 2017 at 10:12:35PM +1100, Scott Leggett wrote:
> On 2017-09-30.18:24, Moritz Muehlenhoff wrote:
> > On Thu, Aug 10, 2017 at 01:10:46AM +0200, Moritz Muehlenhoff wrote:
> > > Source: quagga
> > > Severity: important
> > > Tags: security
> > > 
> > > Please see http://www.kb.cert.org/vuls/id/793496
> > 
> > What's the status, is that fixed upstream?
> 
> Hi Moritz,
> 
> Sorry I didn't respond earlier on this.
> 
> No, this is not fixed in any version of quagga.
> 
> I have discussed this CVE with upstream and they don't see it as a very
> high impact bug.

Has this been fixed in the mean time?

Cheers,
        Moritz

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 15:19:47 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started