debcrafters-packages team mailing list archive

Thread
Date
[Bug 2130147] [NEW] Merge iputils from Debian Unstable for resolute

To: debcrafters-packages@xxxxxxxxxxxxxxxxxxx
From: Lena Voytek <2130147@xxxxxxxxxxxxxxxxxx>
Date: Tue, 28 Oct 2025 20:20:50 -0000
Reply-to: Bug 2130147 <2130147@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
Public bug reported:

Scheduled-For: ubuntu-25.11
Ubuntu: 3:20240905-3ubuntu3
Debian Unstable: 3:20250605-1

A new release of iputils is available for merging from Debian Unstable.

If it turns out this needs a sync rather than a merge, please change the
tagging from ['dcr-merge'] to ['dcr-sync'], and (optionally) update the
title as desired.

If this merge pulls in a new upstream version, also consider adding an
entry to the resolute Release Notes:
https://discourse.ubuntu.com/t/resolute-raccoon-release-notes/

### New Debian Changes ###

iputils (3:20250605-1) unstable; urgency=medium

  * New upstream release
    - Fix CVE-2025-47268: Signed 64-bit integer overflow in RTT calculation
      (Closes: #1104746)
    - Fix CVE-2025-48964: Integer Overflow in ping Statistics via Zero
      Timestamp (Closes: #1109728)

 -- Noah Meyerhans <noahm@xxxxxxxxxx>  Thu, 24 Jul 2025 08:58:19 -0400


### Old Ubuntu Delta ###

iputils (3:20240905-3ubuntu3) questing; urgency=medium

  * Rebuild to include updated RISC-V base ISA RVA23

 -- Heinrich Schuchardt <heinrich.schuchardt@xxxxxxxxxxxxx>  Fri, 05 Sep
2025 15:16:58 +0000

iputils (3:20240905-3ubuntu2) questing; urgency=medium

  * SECURITY UPDATE: DoS via crafted ICMP Echo Reply packet
    - debian/patches/CVE-2025-47268: fix signed 64-bit integer overflow in
      RTT calculation in iputils_common.h, ping/ping_common.c.
    - debian/patches/CVE-2025-48964.patch: fix moving average rtt
      calculation in iputils_common.h, ping/ping.h, ping/ping_common.c.
    - CVE-2025-47268
    - CVE-2025-48964

 -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>  Thu, 24 Jul 2025
07:45:14 -0400

iputils (3:20240905-3ubuntu1) questing; urgency=medium

  * Merge with Debian unstable (LP: #2112014). Remaining changes:
    - d/iputils-pings.postinst: Revert the setcap removal on ping as the
      current solution based on net.ipv4.ping_group_range doesn't work by
      default in containers. (LP #2089938)

 -- Ankush Pathak <ankush.pathak@xxxxxxxxxxxxx>  Mon, 09 Jun 2025
13:31:16 +0530

** Affects: iputils (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: dcr-merge

** Changed in: iputils (Ubuntu)
    Milestone: None => ubuntu-25.11

-- 
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to iputils in Ubuntu.
https://bugs.launchpad.net/bugs/2130147

Title:
  Merge iputils from Debian Unstable for resolute

Status in iputils package in Ubuntu:
  New

Bug description:
  Scheduled-For: ubuntu-25.11
  Ubuntu: 3:20240905-3ubuntu3
  Debian Unstable: 3:20250605-1

  A new release of iputils is available for merging from Debian
  Unstable.

  If it turns out this needs a sync rather than a merge, please change
  the tagging from ['dcr-merge'] to ['dcr-sync'], and (optionally)
  update the title as desired.

  If this merge pulls in a new upstream version, also consider adding an
  entry to the resolute Release Notes:
  https://discourse.ubuntu.com/t/resolute-raccoon-release-notes/

  ### New Debian Changes ###

  iputils (3:20250605-1) unstable; urgency=medium

    * New upstream release
      - Fix CVE-2025-47268: Signed 64-bit integer overflow in RTT calculation
        (Closes: #1104746)
      - Fix CVE-2025-48964: Integer Overflow in ping Statistics via Zero
        Timestamp (Closes: #1109728)

   -- Noah Meyerhans <noahm@xxxxxxxxxx>  Thu, 24 Jul 2025 08:58:19 -0400


  ### Old Ubuntu Delta ###

  iputils (3:20240905-3ubuntu3) questing; urgency=medium

    * Rebuild to include updated RISC-V base ISA RVA23

   -- Heinrich Schuchardt <heinrich.schuchardt@xxxxxxxxxxxxx>  Fri, 05
  Sep 2025 15:16:58 +0000

  iputils (3:20240905-3ubuntu2) questing; urgency=medium

    * SECURITY UPDATE: DoS via crafted ICMP Echo Reply packet
      - debian/patches/CVE-2025-47268: fix signed 64-bit integer overflow in
        RTT calculation in iputils_common.h, ping/ping_common.c.
      - debian/patches/CVE-2025-48964.patch: fix moving average rtt
        calculation in iputils_common.h, ping/ping.h, ping/ping_common.c.
      - CVE-2025-47268
      - CVE-2025-48964

   -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>  Thu, 24 Jul 2025
  07:45:14 -0400

  iputils (3:20240905-3ubuntu1) questing; urgency=medium

    * Merge with Debian unstable (LP: #2112014). Remaining changes:
      - d/iputils-pings.postinst: Revert the setcap removal on ping as the
        current solution based on net.ipv4.ping_group_range doesn't work by
        default in containers. (LP #2089938)

   -- Ankush Pathak <ankush.pathak@xxxxxxxxxxxxx>  Mon, 09 Jun 2025
  13:31:16 +0530

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iputils/+bug/2130147/+subscriptions