Debian Bug report logs -
#836320
mactelnet: CVE-2016-7115
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 1 Sep 2016 15:57:01 UTC
Severity: grave
Tags: security, upstream
Found in versions mactelnet/0.3.4-1, mactelnet/0.4.0-1
Fixed in versions mactelnet/0.3.4-1+deb7u1, mactelnet/0.4.4-4
Done: Håkon Nessjøen <haakon.nessjoen@gmail.com>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Håkon Nessjøen <haakon.nessjoen@gmail.com>:
Bug#836320; Package src:mactelnet.
(Thu, 01 Sep 2016 15:57:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Håkon Nessjøen <haakon.nessjoen@gmail.com>.
(Thu, 01 Sep 2016 15:57:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: mactelnet
Version: 0.4.0-1
Severity: grave
Tags: security upstream
Hi,
the following vulnerability was published for mactelnet.
CVE-2016-7115[0]:
| Buffer overflow in the handle_packet function in mactelnet.c in the
| client in MAC-Telnet 0.4.3 and earlier allows remote TELNET servers to
| execute arbitrary code via a long string in an MT_CPTYPE_PASSSALT
| control packet.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-7115
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Marked as found in versions mactelnet/0.3.4-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Sun, 25 Sep 2016 18:24:05 GMT) (full text, mbox, link).
Marked as fixed in versions mactelnet/0.3.4-1+deb7u1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Sun, 25 Sep 2016 18:24:05 GMT) (full text, mbox, link).
Reply sent
to Håkon Nessjøen <haakon.nessjoen@gmail.com>:
You have taken responsibility.
(Sat, 31 Dec 2016 18:54:05 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sat, 31 Dec 2016 18:54:05 GMT) (full text, mbox, link).
Message #14 received at 836320-close@bugs.debian.org (full text, mbox, reply):
Source: mactelnet
Source-Version: 0.4.4-4
We believe that the bug you reported is fixed in the latest version of
mactelnet, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 836320@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Håkon Nessjøen <haakon.nessjoen@gmail.com> (supplier of updated mactelnet package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 11 Oct 2016 14:36:00 +0200
Source: mactelnet
Binary: mactelnet-client mactelnet-server
Architecture: source amd64
Version: 0.4.4-4
Distribution: unstable
Urgency: low
Maintainer: Håkon Nessjøen <haakon.nessjoen@gmail.com>
Changed-By: Håkon Nessjøen <haakon.nessjoen@gmail.com>
Description:
mactelnet-client - Console tools for telneting and pinging via MAC addresses
mactelnet-server - Telnet daemon for accepting connections via MAC addresses
Closes: 836320
Changes:
mactelnet (0.4.4-4) unstable; urgency=low
.
* Updated debhelper build-depends version, to reflect compat level.
.
mactelnet (0.4.4-3) unstable; urgency=low
.
* Updated compat level
* Changed vcs url to https
* Added PIE hardening
.
mactelnet (0.4.4-2) unstable; urgency=low
.
* Updated standards version to 3.9.8
* Added automake/autoconf to build-depends
.
mactelnet (0.4.4-1) unstable; urgency=low
.
* Upstream release 0.4.4
* Includes upstream bugfix of CVE 2016-7115 (closes: #836320)
Checksums-Sha1:
aae48244d65e46eff31d21e26ce16b308ea539cc 2042 mactelnet_0.4.4-4.dsc
d532e557e9eefced282bc405ab24200e18e396fb 231408 mactelnet_0.4.4.orig.tar.gz
e33d389da0b2227fee5626fd84326acc8b84e7e4 6804 mactelnet_0.4.4-4.debian.tar.xz
d8bd07b937ba2a0609e7b3f552b078d936768517 79188 mactelnet-client-dbgsym_0.4.4-4_amd64.deb
e5f4f89770c1e9ce6e3173f8adefcb97c2a0ed49 26598 mactelnet-client_0.4.4-4_amd64.deb
d3b9f3d65e65de7dbbf6d2eaaea321f7fa1dc00e 44048 mactelnet-server-dbgsym_0.4.4-4_amd64.deb
15a93fbd7dfdf07152957c4eb1a15e5544da8107 22472 mactelnet-server_0.4.4-4_amd64.deb
91a7b45f961e4f2ec2087a5261f07e0119d4c23d 6158 mactelnet_0.4.4-4_amd64.buildinfo
Checksums-Sha256:
2e5ac3d898f5b56c802c5110321494fd908f15c810d22e0d5520e8e636a3a0f0 2042 mactelnet_0.4.4-4.dsc
5317847045d1cdc33f4b210ebc70b2bdd1755a860edbaeffff52ef94693c846e 231408 mactelnet_0.4.4.orig.tar.gz
ffb3fed47debf4b21556503252feab4407d9b9e5a0451a41381a3268dfc87543 6804 mactelnet_0.4.4-4.debian.tar.xz
7ff40b45d3840ca0e6564aad25f4b942318d013ea2fdd4363e55aad6884ffa49 79188 mactelnet-client-dbgsym_0.4.4-4_amd64.deb
99aec5a46bd28f01aa0fdcb012cf99789027ff75526bfe4d8c564ad953d76462 26598 mactelnet-client_0.4.4-4_amd64.deb
fb7a374335d0eebeffbd4395274b47e82956a7115b5ab948b557ccf7b0c95192 44048 mactelnet-server-dbgsym_0.4.4-4_amd64.deb
b284280f77c0877a935d4ffd8394376617f45a04fa1971d7cd95c9fd291074e4 22472 mactelnet-server_0.4.4-4_amd64.deb
3a7fcb3a929ef53a8f50663659bd252ae9f90b0a4025efef5464e8b00f0815c2 6158 mactelnet_0.4.4-4_amd64.buildinfo
Files:
d3e1d87b9dcfe07c4a04239aee31f4b2 2042 net extra mactelnet_0.4.4-4.dsc
0b8827c6aeee2daeb8fc4e3147567d6f 231408 net extra mactelnet_0.4.4.orig.tar.gz
9ab080cbed65fc9c6109049cf1d5b69b 6804 net extra mactelnet_0.4.4-4.debian.tar.xz
a1ab119d6442060c91bbc2fc3d8db838 79188 debug extra mactelnet-client-dbgsym_0.4.4-4_amd64.deb
c012e2127748ac46d1080267546e8eea 26598 net extra mactelnet-client_0.4.4-4_amd64.deb
543524a6b9985760d9dd167363a295d4 44048 debug extra mactelnet-server-dbgsym_0.4.4-4_amd64.deb
7f20073b618f64f0de7afc6f0396130f 22472 net extra mactelnet-server_0.4.4-4_amd64.deb
763a676dd4bcf11e7b0002440eac8ca8 6158 net extra mactelnet_0.4.4-4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJYZ/g+AAoJEKwekLrEM/aPg8kP/iM25Y0qkKLEyNxbik5YWtnk
5XjfA1Dclj+qldLj6vteY706W8Dni/N1mUZ66YZlUqmqJZWA3SR4SsPjgfuMq8Vq
N3rhNGcXQKLbevDZDAO5zJscy3o182LPa+qYOtRf7AVAEK6QaW6PourEi1sNcjXY
ZdQ2IALJ9TXp8Cua2SGGl5phT1EcrtWrXZ4W5bsCLq0iz9shDSVbwTsxiJ5rST+C
CjRwQtMruBt2ohb+ECEubx5WP3b/lw45Lg8znkDbLLOE0YZaMs/f6WBJCuHjfL76
A7ggntgPtldZEMypJ8+KhgltdYxQvz1KLoM3NQI53urclQrBSS+gq6usD+FBc37K
YKh4pjlEWyoF3HBpkKYrH+00yCoIhF5jCwUP8OXq1jXb89kwwC6tbPRUjhN2kELe
cb8O0V3LqjaKYGzUhPQYLrHWjVl6It1FjiQD2M86hs45RHCdkOl8lwqE7EIbaCXM
Pc93EXdrCB9PUlib8qUbYNZexoOwRXbUWz1J8+npHt+oiMyY2yK5jaKXqcU/SIo6
LLJZAEeCYIupPPidMavAU1JxMfnZcCBpTNnDf0pxW18SFT68hIQQqMHVI454jbTa
2jEQts8nfIGd2hozMkS+fQ2uDeu5vDbSleDYC1poPn6L7m9UT4+ilZ1F/BA+4HTJ
+5NN37IoLHK7lvnDeo4f
=ZKCx
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 16 Jul 2017 07:33:03 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:22:14 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon