Bug#567926: marked as done (gpgsm: passphrase changing issue with X509 certificates (Werner Koch 26th of January 2010))

Mon, 17 May 2010 14:54:32 -0700 

Your message dated Mon, 17 May 2010 21:52:03 +0000
with message-id <e1oe8ef-0000zw...@ries.debian.org>
and subject line Bug#567926: fixed in gnupg2 2.0.14-1.1
has caused the Debian Bug report #567926,
regarding gpgsm: passphrase changing issue with X509 certificates (Werner Koch 
26th of January 2010)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
567926: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567926
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: gpgsm
Version: 2.0.14-1
Severity: grave
Justification: causes non-serious data loss

Werner Koch discovered a problem with passphrases for x509
certificates in 2.0.14, he also send around a patch on
2010-01-26, e.g. see:
http://marc.info/?l=gnupg-users&m=126451730710129&w=2

This has a data loss scenario, given a few conditions you 
cannot use your keys anymore:
| If you now try to use the key and enter the passphrase,
| gpg-agent uses the wrong iteration count from the file (65536) and thus
| can't unprotect the key.

Bernhard

--- End Message ---
--- Begin Message --- 
Source: gnupg2
Source-Version: 2.0.14-1.1

We believe that the bug you reported is fixed in the latest version of
gnupg2, which is due to be installed in the Debian FTP archive:

gnupg-agent_2.0.14-1.1_i386.deb
  to main/g/gnupg2/gnupg-agent_2.0.14-1.1_i386.deb
gnupg2_2.0.14-1.1.debian.tar.bz2
  to main/g/gnupg2/gnupg2_2.0.14-1.1.debian.tar.bz2
gnupg2_2.0.14-1.1.dsc
  to main/g/gnupg2/gnupg2_2.0.14-1.1.dsc
gnupg2_2.0.14-1.1_i386.deb
  to main/g/gnupg2/gnupg2_2.0.14-1.1_i386.deb
gpgsm_2.0.14-1.1_i386.deb
  to main/g/gnupg2/gpgsm_2.0.14-1.1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 567...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Martijn van Brummelen <mart...@brumit.nl> (supplier of updated gnupg2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 07 May 2010 06:23:55 +0200
Source: gnupg2
Binary: gnupg-agent gpgsm gnupg2
Architecture: source i386
Version: 2.0.14-1.1
Distribution: unstable
Urgency: low
Maintainer: Eric Dorland <e...@debian.org>
Changed-By: Martijn van Brummelen <mart...@brumit.nl>
Description: 
 gnupg-agent - GNU privacy guard - password agent
 gnupg2     - GNU privacy guard - a free PGP replacement (new v2.x)
 gpgsm      - GNU privacy guard - S/MIME version
Closes: 567926
Changes: 
 gnupg2 (2.0.14-1.1) unstable; urgency=low
 .
   * Non-maintainer upload.
   * Added encode-s2k.patch(Encode the s2kcount and do not use a
     static value of 96.(thanks to Werner Koch) (closes: #567926).
Checksums-Sha1: 
 3b16b4e3e73c2a60f97ec2998bf69ed20aa39322 2048 gnupg2_2.0.14-1.1.dsc
 09cb95a88f298b5fd6ab71de66d395d592413efb 39287 gnupg2_2.0.14-1.1.debian.tar.bz2
 e34d78d99298a94a4cccc1f9109913ee530bf7c8 291318 gnupg-agent_2.0.14-1.1_i386.deb
 239b1721579692ee574f73e4553db2e500fc1b81 468858 gpgsm_2.0.14-1.1_i386.deb
 c0b03693b23faba9fab5c57a0ddaeedbc3403444 2209108 gnupg2_2.0.14-1.1_i386.deb
Checksums-Sha256: 
 9e3bf1888347114f21754b729ea8409774b02c7a005f3c30e244b01b14734524 2048 
gnupg2_2.0.14-1.1.dsc
 3c6e9901f714b6040352eecbc542b264ff4416c04c83277b941af206ee018b7c 39287 
gnupg2_2.0.14-1.1.debian.tar.bz2
 526020afe2f5e22d9d7681628ed3262d3cf45b863bd3f002ec656292ab5b4371 291318 
gnupg-agent_2.0.14-1.1_i386.deb
 b272b9a523127381b1241e0a595a0f3e704eda8b651e2de67475862076cafacf 468858 
gpgsm_2.0.14-1.1_i386.deb
 6374d91b417569fa933b34dc82b7b5d4b8197a3bfd0fe9f403deddabba71c1d9 2209108 
gnupg2_2.0.14-1.1_i386.deb
Files: 
 517238bc584161258cbf5fefd2df7e59 2048 utils optional gnupg2_2.0.14-1.1.dsc
 04d029968e4cf769a4ea14ca4f52acb2 39287 utils optional 
gnupg2_2.0.14-1.1.debian.tar.bz2
 e007cd2f585bb4734067542bdb9711d9 291318 utils optional 
gnupg-agent_2.0.14-1.1_i386.deb
 f4ec65539a71e93bea0380be4989361d 468858 utils optional 
gpgsm_2.0.14-1.1_i386.deb
 1b3963df69de7eeec9f0d0af97976e9b 2209108 utils optional 
gnupg2_2.0.14-1.1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCgAGBQJL7bpoAAoJEKv/7bJACMb55HQQAJSo98Dqo93ea9UsIYMkvrJ/
vYJIDyZVcvqzQlDCWYSAaL85sMXc1LuFe2o4bEw/YBjx3hyElOOFBiIfJaB0GrkU
eEg/iACtJr+hZCWOhsX9A0MpPGFI69UOaIBri3lbYbcQ7UJCdZV4guwmtf/bLLWy
W3qf1DGkH3geoanVweeQgHaoq0ILaXdzxXcLXwc1PhEL5dvUnD2Jt3NedF456bDE
R6OTSPoRuxySOSyAcmzE64i1RSPEurByO0R8iAnLEZmYmGBgp3fEjq4lDkWrM+/F
bow7HTLq1Sj0m5E9flhyP6wgDkTI89ZtGlPeEoKsktOxai3tT2YcG9xZRBBdR5Dc
mznw/BiEahUlCUqhvQMCbpQWlS5k07jMNeqGbLRp6E5ZiQ4jJe2VwdyhMBTpy3pb
a8T9f9+LDuA55Zb3gM4uMRQjwcjwLi7irNCsIumZ2hHQ/399NRkYNXGrSeFBQyZd
gT21007lF7+3xD2jA7XFCE3tjzSTc+y7B5pNBobAMXic2YyeNwj2lGkCFRWl+49Y
Y+b0x3TdOP3qT5M8c/TYabXwutefsEIH5oAU16UpBt4JVFuiA+EuTw3wN/8DcZ/e
qmC9aTTERIO9yJ6+CpYNpsokTeGT+J68ajX6LEJH+e0fJjXIkPBFEU7WjoVAbVlm
WJERvv7JZHi+sSObX8w6
=Emh3
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to