Bug#324167: marked as done (OpenVPN 2.0-1 vulnerabilities)

Debian Bug Tracking System Mon, 29 Aug 2005 07:49:56 -0700

Your message dated Mon, 29 Aug 2005 07:17:07 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#324167: fixed in openvpn 2.0.2-1
has caused the attached Bug report to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 20 Aug 2005 16:59:48 +0000
>From [EMAIL PROTECTED] Sat Aug 20 09:59:48 2005
Return-path: <[EMAIL PROTECTED]>
Received: from sailormoon.luusa.org [212.201.68.186] 
        by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
        id 1E6WhA-0002aA-00; Sat, 20 Aug 2005 09:59:48 -0700
Received: from localhost (localhost.luusa.org [127.0.0.1])
        by sailormoon.luusa.org (Postfix) with ESMTP id 76A8AD6962
        for <[EMAIL PROTECTED]>; Sat, 20 Aug 2005 18:59:46 +0200 (CEST)
Received: from sailormoon.luusa.org ([127.0.0.1])
        by localhost (sailormoon.luusa.org [127.0.0.1]) (amavisd-new, port 
10024)
        with LMTP id 17677-02 for <[EMAIL PROTECTED]>;
        Sat, 20 Aug 2005 18:59:42 +0200 (CEST)
Received: from leh.stw-bonn.de (leh.stw-bonn.de [212.201.70.10])
        by sailormoon.luusa.org (Postfix) with ESMTP id 3639DD6961
        for <[EMAIL PROTECTED]>; Sat, 20 Aug 2005 18:59:42 +0200 (CEST)
From: Daniel Lehmann <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: OpenVPN 2.0-1 vulnerabilities
Date: Sat, 20 Aug 2005 18:59:40 +0200
User-Agent: KMail/1.8
MIME-Version: 1.0
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <[EMAIL PROTECTED]>
X-Virus-Scanned: by amavisd-new at luusa.org
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02

Package: openvpn
Version: 2.0-1
Severity: grave
Tags: security, fixed-upstream

OpenVPN 2.0-1 contains serveral security related problems as described in 
CAN-2005-2531 CAN-2005-2532 CAN-2005-2533 CAN-2005-2534.
Fixed upstream in Version 2.0.1, changelog avaible here: 
http://openvpn.net/changelog.html


---------------------------------------
Received: (at 324167-close) by bugs.debian.org; 29 Aug 2005 14:18:38 +0000
>From [EMAIL PROTECTED] Mon Aug 29 07:18:38 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
        id 1E9kRf-0005pR-00; Mon, 29 Aug 2005 07:17:07 -0700
From: Alberto Gonzalez Iniesta <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#324167: fixed in openvpn 2.0.2-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Mon, 29 Aug 2005 07:17:07 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 7

Source: openvpn
Source-Version: 2.0.2-1

We believe that the bug you reported is fixed in the latest version of
openvpn, which is due to be installed in the Debian FTP archive:

openvpn_2.0.2-1.diff.gz
  to pool/main/o/openvpn/openvpn_2.0.2-1.diff.gz
openvpn_2.0.2-1.dsc
  to pool/main/o/openvpn/openvpn_2.0.2-1.dsc
openvpn_2.0.2-1_i386.deb
  to pool/main/o/openvpn/openvpn_2.0.2-1_i386.deb
openvpn_2.0.2.orig.tar.gz
  to pool/main/o/openvpn/openvpn_2.0.2.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alberto Gonzalez Iniesta <[EMAIL PROTECTED]> (supplier of updated openvpn 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 28 Aug 2005 13:05:49 +0200
Source: openvpn
Binary: openvpn
Architecture: source i386
Version: 2.0.2-1
Distribution: unstable
Urgency: low
Maintainer: Alberto Gonzalez Iniesta <[EMAIL PROTECTED]>
Changed-By: Alberto Gonzalez Iniesta <[EMAIL PROTECTED]>
Description: 
 openvpn    - Virtual Private Network daemon
Closes: 309787 309944 312371 316139 317987 323594 324167
Changes: 
 openvpn (2.0.2-1) unstable; urgency=low
 .
   * The [VAC] upload. Thanks Vorbis Gdynia for the free internet access :)
   * New upstream release (Closes: #323594)
   * Fixed use of backslash in username authentication. (Closes: #309787)
   * Fixes several DoS vulnerabilities: CAN-2005-2531 CAN-2005-2532
     CAN-2005-2533 CAN-2005-2534. (Closes: #324167)
   * Changed group option from 'nobody' to 'nogroup' in all the
     *example* files... (Closes: #317987)
   * Included openvpn-plugin.h to allow building third party plugins.
     (Closes: #316139)
   * Stop openvpn's daemon later to allow some services stopping later to use
     it. Added debconf template to ask permission to make the change
     on older installations. (Closes: #312371)
   * Workaround to fix proper daemonize when 'log' option is used.
     (Closes: #309944) Thanks Jason Lunz for the patch.
   * Modified output of init.d script to make it more friendly when
     passphrase for a tunnel certificate is asked.
     Thanks Pavel VÃ¡vra for the patch.
Files: 
 33cba9bbc6d3c8691eaceac3f929638f 623 net optional openvpn_2.0.2-1.dsc
 862f8788f080f669b1ae00a74ef68001 663246 net optional openvpn_2.0.2.orig.tar.gz
 d5dbf77eea303a4b78b6e09d12ec8fd6 51411 net optional openvpn_2.0.2-1.diff.gz
 e2bef6b8a9be66dc13ffe345ce019ac2 317300 net optional openvpn_2.0.2-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDEbIZxRSvjkukAcMRAoNWAJ9EFt3zRuFavfmnbFsw4I9KCaKNtQCfZf4g
15FFPYKSAxVI/cIcrEclrrE=
=WunN
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#324167: marked as done (OpenVPN 2.0-1 vulnerabilities)

Reply via email to