Bug#511262: marked as done (CVE-2009-0050: Insufficient certificate validation)

Fri, 16 Jan 2009 18:14:19 -0800 

Your message dated Sat, 17 Jan 2009 01:52:23 +0000
with message-id <e1lo0mj-0005y3...@ries.debian.org>
and subject line Bug#511262: fixed in lasso 0.6.5-3+etch1
has caused the Debian Bug report #511262,
regarding CVE-2009-0050: Insufficient certificate validation
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
511262: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511262
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: lasso
Severity: grave
Tags: security
Justification: user security hole

Please see the following references for lasso and the recent
OpenSSL issue:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0050 
http://www.ocert.org/advisories/ocert-2008-016.html

Cheers,
        Moritz

-- System Information:
Debian Release: 5.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

--- End Message ---
--- Begin Message --- 
Source: lasso
Source-Version: 0.6.5-3+etch1

We believe that the bug you reported is fixed in the latest version of
lasso, which is due to be installed in the Debian FTP archive:

lasso_0.6.5-3+etch1.diff.gz
  to pool/main/l/lasso/lasso_0.6.5-3+etch1.diff.gz
lasso_0.6.5-3+etch1.dsc
  to pool/main/l/lasso/lasso_0.6.5-3+etch1.dsc
liblasso-java_0.6.5-3+etch1_i386.deb
  to pool/main/l/lasso/liblasso-java_0.6.5-3+etch1_i386.deb
liblasso3-dev_0.6.5-3+etch1_i386.deb
  to pool/main/l/lasso/liblasso3-dev_0.6.5-3+etch1_i386.deb
liblasso3_0.6.5-3+etch1_i386.deb
  to pool/main/l/lasso/liblasso3_0.6.5-3+etch1_i386.deb
php4-lasso_0.6.5-3+etch1_i386.deb
  to pool/main/l/lasso/php4-lasso_0.6.5-3+etch1_i386.deb
python-lasso_0.6.5-3+etch1_i386.deb
  to pool/main/l/lasso/python-lasso_0.6.5-3+etch1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 511...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Frederic Peters <fpet...@debian.org> (supplier of updated lasso package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 09 Jan 2009 11:52:20 +0100
Source: lasso
Binary: liblasso3 python-lasso php4-lasso liblasso-java liblasso3-dev
Architecture: source i386
Version: 0.6.5-3+etch1
Distribution: stable-security
Urgency: high
Maintainer: Frederic Peters <fpet...@debian.org>
Changed-By: Frederic Peters <fpet...@debian.org>
Description: 
 liblasso-java - Liberty ID-FF library - Java bindings
 liblasso3  - Liberty ID-FF library - runtime library
 liblasso3-dev - Liberty ID-FF library - development kit
 php4-lasso - Liberty ID-FF library - PHP 4 bindings
 python-lasso - Liberty ID-FF library - Python bindings
Closes: 511262
Changes: 
 lasso (0.6.5-3+etch1) stable-security; urgency=high
 .
   * Backported security fixes from 2.2.2
     * Correctly check for signature validity (CVE-2009-0050) (Closes: #511262)
Files: 
 a2975d5f40cc77b4416189c91b640626 1149 libs optional lasso_0.6.5-3+etch1.dsc
 6263375e5910577258a04882b50d58cd 1420093 libs optional lasso_0.6.5.orig.tar.gz
 1795008d78e35b8e3a098e5f72fabe68 7571 libs optional lasso_0.6.5-3+etch1.diff.gz
 68f12ada6b09b127957371f95f77df77 161366 libdevel optional 
liblasso3-dev_0.6.5-3+etch1_i386.deb
 0926b46ed2e93ddf24693fdf61828521 86676 libs optional 
liblasso3_0.6.5-3+etch1_i386.deb
 105a00318a2b57dea1c3957c976ba73e 166418 python optional 
python-lasso_0.6.5-3+etch1_i386.deb
 b4ba5bb2f5d38d3b60493433425c3a11 184638 web optional 
php4-lasso_0.6.5-3+etch1_i386.deb
 594c2da1dfaea16e7f52245b5eed87aa 182136 libs optional 
liblasso-java_0.6.5-3+etch1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJJZztgAAoJEGz0hbPcukPfzOwH/0+wztgPo672XoBMt/pl7xtq
/zOrgqcT/vlWsRtsKElHs0H3ZSYm9SURLeP6YVOjCLcQJvxN01BaMDbaj64SFdoe
Kuq2VxZpR9KMKPC20ZDhaIEwh6Sat3GQH1ReLTmmFiYff2g+Cg0s9ItdN12zcsVp
wCiY952jNdKwT1/I9Hd3OjSVtG5eMMFuePSC6F2ExuH4T7pFJCfZbBhaXTh8jdMQ
qfqa6rTAXkAigDemDLbHTBBoBcepFFLX13etj+N7NLZS02VZaDoFTbkXyM8FlApV
DUfi07ENqn3dg1LOL9kM9jBnnqA/N1JdNmYoYLGW5uOJfJEbF8wbcZSgaZdXrlo=
=mFZ6
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to