Re: Tcpdump security update

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Tcpdump security update

From:	Marius Bakke
Subject:	Re: Tcpdump security update
Date:	Mon, 30 Jan 2017 21:11:56 +0100
User-agent:	Notmuch/0.23.5 (https://notmuchmail.org) Emacs/25.1.1 (x86_64-unknown-linux-gnu)

Leo Famulari <address@hidden> writes:

> I communicated with the tcpdump team and verified that the Debian
> tarball provides the same data (same SHA256 hash) as what's provided
> directly by upstream. But the upstream link is still considered private
> so I'm using the Debian source URL as a courtesy.

Thanks for doing that! Please add a comment with the Debian URL
specifying that it's temporary due to this fix. Otherwise LGTM.

> The Debian security advisory is here:
>
> https://www.debian.org/security/2017/dsa-3775
> From 06b23b7747dedf6fc2386b3fc86bc459999ffa88 Mon Sep 17 00:00:00 2001
> From: Leo Famulari <address@hidden>
> Date: Mon, 30 Jan 2017 14:50:23 -0500
> Subject: [PATCH] gnu: tcpdump: Update to 4.9.0 [security fixes].
>
> Fixes CVE-2016-{7922,7923,7924,7925,7926,7927,7928,7929,7930,7931,7932,7933
> 7934,7935,7936,7937,7938,7939,7940,7973,7974,7975,7983,7984,7985,7986,7992,7993,
> 8574,8575} and CVE-2017-{5202,5203,5204,5205,5341,5342,5482,5483,5484,5485,
> 5486}.

Wow!

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Tcpdump security update, Leo Famulari, 2017/01/30
- Re: Tcpdump security update, Marius Bakke <=
- Re: Tcpdump security update, Marius Bakke, 2017/01/30
  - Re: Tcpdump security update, Leo Famulari, 2017/01/30

Prev by Date: Tcpdump security update
Next by Date: Re: Tcpdump security update
Previous by thread: Tcpdump security update
Next by thread: Re: Tcpdump security update
Index(es):
- Date
- Thread