Debian Bug report logs - #401742
l2tpns Heartbeat Packets Buffer Overflow Vulnerability

version graph

Package: l2tpns; Maintainer for l2tpns is Jonathan McDowell <noodles@earth.li>; Source for l2tpns is src:l2tpns.

Reported by: Stefan Fritsch <sf@sfritsch.de>

Date: Tue, 5 Dec 2006 17:03:29 UTC

Severity: grave

Tags: security

Found in version 2.1.19-1

Fixed in version 2.1.21-1

Done: Stefan Fritsch <sf@sfritsch.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Jonathan McDowell <noodles@earth.li>:
Bug#401742; Package l2tpns. Full text and rfc822 format available.

Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Jonathan McDowell <noodles@earth.li>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Stefan Fritsch <sf@sfritsch.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: l2tpns Heartbeat Packets Buffer Overflow Vulnerability
Date: Tue, 05 Dec 2006 17:36:32 +0100
Package: l2tpns
Severity: grave
Tags: security
Justification: user security hole


A vulnerabilit has been found in l2tpns. See
http://secunia.com/advisories/23230/
for details.

According to secunia, it is fixed in 2.1.21.



Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#401742; Package l2tpns. Full text and rfc822 format available.

Acknowledgement sent to Jonathan McDowell <noodles@earth.li>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #10 received at 401742@bugs.debian.org (full text, mbox):

From: Jonathan McDowell <noodles@earth.li>
To: Stefan Fritsch <sf@sfritsch.de>, 401742@bugs.debian.org
Subject: Re: Bug#401742: l2tpns Heartbeat Packets Buffer Overflow Vulnerability
Date: Tue, 5 Dec 2006 17:15:37 +0000
On Tue, Dec 05, 2006 at 05:36:32PM +0100, Stefan Fritsch wrote:
> Package: l2tpns
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> 
> A vulnerabilit has been found in l2tpns. See
> http://secunia.com/advisories/23230/
> for details.
> 
> According to secunia, it is fixed in 2.1.21.

I have already uploaded 2.1.21 to unstable and have contacted the
security team about a backport to 2.0.14 (in sarge).

J.

-- 
"Bother," said Pooh, as Tennents Live put him on the dole.
This .sig brought to you by the letter L and the number 10
Product of the Republic of HuggieTag



Reply sent to Stefan Fritsch <sf@sfritsch.de>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Stefan Fritsch <sf@sfritsch.de>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #15 received at 401742-done@bugs.debian.org (full text, mbox):

From: Stefan Fritsch <sf@sfritsch.de>
To: Jonathan McDowell <noodles@earth.li>
Cc: 401742-done@bugs.debian.org
Subject: Re: Bug#401742: l2tpns Heartbeat Packets Buffer Overflow Vulnerability
Date: Tue, 5 Dec 2006 20:19:26 +0100
version 2.1.21-1

On Tuesday 05 December 2006 18:15, Jonathan McDowell wrote:
> I have already uploaded 2.1.21 to unstable and have contacted the
> security team about a backport to 2.0.14 (in sarge).

Nice! So let's close the bug.



Bug marked as found in version 2.1.19-1. Request was from Stefan Fritsch <sf@sfritsch.de> to control@bugs.debian.org. Full text and rfc822 format available.

Bug marked as fixed in version 2.1.21-1, send any further explanations to Stefan Fritsch <sf@sfritsch.de> Request was from Stefan Fritsch <sf@sfritsch.de> to control@bugs.debian.org. Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 25 Jun 2007 09:26:24 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 23 21:33:51 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.