Debian Package Tracker

general

source: tcpreplay (main)
version: 4.3.1-2
maintainer: Christoph Biedl [DMD]
arch: any
std-ver: 4.3.0
VCS: unknown

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 3.4.4-2+deb8u1
stable: 3.4.4-3
testing: 4.3.1-1
unstable: 4.3.1-2

versioned links

3.4.4-2+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.4.4-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.2.6-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.3.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.3.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

tcpreplay

action needed

A new upstream version is available: 4.3.2 high

A new upstream version 4.3.2 is available, you should consider packaging it.

Created: 2019-03-13 Last update: 2019-04-23 10:03

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2019-03-23 Last update: 2019-04-23 14:33

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2018-11-20 Last update: 2019-04-23 09:31

8 ignored security issues in stretch low

There are 8 open security issues in stretch.

8 issues skipped by the security teams:

CVE-2018-17582: Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The get_next_packet() function in the send_packets.c file uses the memcpy() function unsafely to copy sequences from the source buffer pktdata to the destination (*prev_packet)->pktdata. This will result in a Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a file.
CVE-2018-20552: Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree in tree.c.
CVE-2018-13112: get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packets, as demonstrated by tcpprep.
CVE-2018-17974: An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlt_en10mb_encode() of the file plugins/dlt_en10mb/en10mb.c, due to inappropriate values in the function memmove(). The length (pktlen + ctx -> l2len) can be larger than source value (packet + ctx->l2len) because the function fails to ensure the length of a packet is valid. This leads to Denial of Service.
CVE-2018-17580: A heap-based buffer over-read exists in the function fast_edit_packet() in the file send_packets.c of Tcpreplay v4.3.0 beta1. This can lead to Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a crafted pcap file.
CVE-2018-18408: A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets triggered in the function post_args() at tcpbridge.c, causing a denial of service or possibly unspecified other impact.
CVE-2018-20553: Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_l2len in common/get.c.
CVE-2018-18407: A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, during the incremental checksum operation. The issue gets triggered in the function csum_replace4() in incremental_checksum.h, causing a denial of service.

Please fix them.

Created: 2018-07-04 Last update: 2019-03-13 18:17

8 ignored security issues in jessie low

There are 8 open security issues in jessie.

8 issues skipped by the security teams:

CVE-2018-17582: Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The get_next_packet() function in the send_packets.c file uses the memcpy() function unsafely to copy sequences from the source buffer pktdata to the destination (*prev_packet)->pktdata. This will result in a Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a file.
CVE-2018-20552: Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree in tree.c.
CVE-2018-13112: get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packets, as demonstrated by tcpprep.
CVE-2018-17974: An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlt_en10mb_encode() of the file plugins/dlt_en10mb/en10mb.c, due to inappropriate values in the function memmove(). The length (pktlen + ctx -> l2len) can be larger than source value (packet + ctx->l2len) because the function fails to ensure the length of a packet is valid. This leads to Denial of Service.
CVE-2018-17580: A heap-based buffer over-read exists in the function fast_edit_packet() in the file send_packets.c of Tcpreplay v4.3.0 beta1. This can lead to Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a crafted pcap file.
CVE-2018-18408: A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets triggered in the function post_args() at tcpbridge.c, causing a denial of service or possibly unspecified other impact.
CVE-2018-20553: Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_l2len in common/get.c.
CVE-2018-18407: A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, during the incremental checksum operation. The issue gets triggered in the function csum_replace4() in incremental_checksum.h, causing a denial of service.

Please fix them.

Created: 2018-07-04 Last update: 2019-03-13 18:17

testing migrations

excuses:
- 41 days old (5 needed)
- Piuparts tested OK - https://piuparts.debian.org/sid/source/t/tcpreplay.html
- Not touching package due to block request by freeze (please contact debian-release if update is needed)
- Not considered

news

[rss feed]

[2019-03-13] Accepted tcpreplay 4.3.1-2 (source) into unstable (Christoph Biedl)
[2019-02-22] tcpreplay 4.3.1-1 MIGRATED to testing (Debian testing watch)
[2019-02-12] Accepted tcpreplay 4.3.1-1 (source) into unstable (Christoph Biedl)
[2017-08-07] tcpreplay 4.2.6-1 MIGRATED to testing (Debian testing watch)
[2017-08-02] Accepted tcpreplay 4.2.6-1 (source armel) into unstable (Christoph Biedl)
[2017-06-20] tcpreplay 4.2.5-1 MIGRATED to testing (Debian testing watch)
[2017-05-16] Accepted tcpreplay 4.2.6-1~exp1 (source powerpc) into experimental (Christoph Biedl)
[2017-05-09] Accepted tcpreplay 4.2.5-1 (source powerpc) into unstable (Christoph Biedl)
[2017-04-30] Accepted tcpreplay 4.2.4-1 (source powerpc) into unstable (Christoph Biedl)
[2016-07-09] tcpreplay 3.4.4-3 MIGRATED to testing (Debian testing watch)
[2016-07-08] Accepted tcpreplay 3.4.4-2+deb8u1 (source) into proposed-updates->stable-new, proposed-updates (Christoph Biedl) (signed by: Salvatore Bonaccorso)
[2016-07-07] Accepted tcpreplay 3.4.3-2+wheezy2 (source amd64) into oldstable (signed by: Salvatore Bonaccorso)
[2016-07-03] Accepted tcpreplay 3.4.4-3 (source amd64) into unstable (Noël Köthe) (signed by: Noèl Köthe)
[2013-05-05] tcpreplay 3.4.4-2 MIGRATED to testing (Debian testing watch)
[2012-07-16] tcpreplay 3.4.3-2+wheezy1 MIGRATED to testing (Debian testing watch)
[2012-07-13] Accepted tcpreplay 3.4.3-2+wheezy1 (source amd64) (Noël Köthe) (signed by: Noèl Köthe)
[2012-07-07] Accepted tcpreplay 3.4.4-2 (source amd64) (Noël Köthe) (signed by: Noèl Köthe)
[2012-07-06] Accepted tcpreplay 3.4.4-1 (source amd64) (Noël Köthe) (signed by: Noèl Köthe)
[2009-08-06] tcpreplay 3.4.3-2 MIGRATED to testing (Debian testing watch)
[2009-07-25] Accepted tcpreplay 3.4.3-2 (source amd64) (Noèl Köthe)
[2009-07-09] tcpreplay 3.4.3-1 MIGRATED to testing (Debian testing watch)
[2009-06-26] Accepted tcpreplay 3.4.3-1 (source amd64) (Noèl Köthe)
[2009-03-04] tcpreplay 3.4.1-1 MIGRATED to testing (Debian testing watch)
[2009-02-21] Accepted tcpreplay 3.4.1-1 (source amd64) (Noèl Köthe)
[2009-02-16] tcpreplay 3.3.2-1 MIGRATED to testing (Debian testing watch)
[2008-11-15] Accepted tcpreplay 3.3.2-1 (source amd64) (Noèl Köthe)
[2008-06-02] tcpreplay 3.3.1-1 MIGRATED to testing (Debian testing watch)
[2008-05-22] Accepted tcpreplay 3.3.1-1 (source amd64) (Noèl Köthe)
[2008-01-31] tcpreplay 3.2.4-1 MIGRATED to testing (Debian testing watch)
[2008-01-20] Accepted tcpreplay 3.2.4-1 (source amd64) (Noèl Köthe)

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 4.3.1-2
1 bug (1 patch)