- Package:
- src:suricata
- Source:
- suricata
- Submitter:
- Salvatore Bonaccorso
- Date:
- 2023-04-11 04:57:05 UTC
- Severity:
- important
- Tags:
Details: https://redmine.openinfosecfoundation.org/issues/2019 Fixed by: https://github.com/inliniac/suricata/commit/4a04f814b15762eb446a5ead4d69d021512df6f8 (3.2.1) No CVE assigned yet. Can you please update the bug once known. Regards, Salvatore
Hi, Any update with getting a CVE on this? :) Regards,
Hello Chris, No, unfortuantely we haven't heard back yet. Regards, Salvatore
Control: retitle -1 suricata: CVE-2017-7177: IPv4 defrag evasion issue It's CVE-2017-7177. I have updated the security-tracker. Regards, Salvatore
Yes, thanks Salvatore. All seems right. The upload with the fix is in unstable, in his way for stretch. I would like to ask, What are your plans regarding wheezy?
Hi Arturo, Just jumping in here as I just had a look at backporting this patch. I think there might be some issues with the upstream patch anyway, eg.: https://github.com/inliniac/suricata/commit/4a04f814b15762eb446a5ead4d69d021512df6f8#commitcomment-21401303 Apart from that, how about:
Hi, (re: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856649) Can we just close this bug? This has been addressed for years, and I am not sure we need to keep these open forever. Thanks and best regards Sascha
Hi, Can you pin point the upstream version where this was fixed? Regards, Salvatore
Hi Salvatore, It's upstream version 3.2.1, which is confirmed by the tags listed in the commit on GitHub and the target version of the fix in upstream's Redmine. That version was uploaded to unstable later in March 2017 [2]. Just FYI: we're at 6.0.10 now. Best regards Sascha [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856649#5 [2] https://tracker.debian.org/news/841144/accepted-suricata-321-1-source-into-unstable/
Hi Sascha, Wow that is embarassing :-(. Yes let's close this bug. Metadata was already tracking it correctly, but there is no point in keeping the bug open. Thanks for prodding again. Regards, Salvatore
Hi Sascha, Wow that is embarassing :-(. Yes let's close this bug. Metadata was already tracking it correctly, but there is no point in keeping the bug open. Thanks for prodding again. Regards, Salvatore