Your message dated Sat, 11 Feb 2012 18:47:37 +0000
with message-id <e1rwhyz-000827...@franck.debian.org>
and subject line Bug#658821: fixed in gmp 2:5.0.4+dfsg-1
has caused the Debian Bug report #658821,
regarding Serious bug affecting cryptographic applications
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
658821: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658821
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libgmp10
Version: 2:5.0.3+dfsg-1
Severity: grave
File: libgmp
Tags: upstream
Date: Tue, 31 Jan 2012 10:31:41 +0100
From: Torbjorn Granlund <t...@gmplib.org>
To: gmp-annou...@gmplib.org
Subject: Buffer overrun in GMP 5.0.3
We have a buffer overrun in GMP 5.0.3, furthermore the functions
affected are mpz_powm_sec and mpn_powm_sec, i.e. GMP's modexp
functions specifically recommended for cryptographic applications.
Extra safe turned extra unsafe with this release.
We will make a new release before the end of this week.
Only GMP 5.0.3 is affected; earlier GMP releases did not have this bug.
We apologise for the problems this creates.
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libgmp10 depends on:
ii libc6 2.13-26
ii multiarch-support 2.13-26
libgmp10 recommends no packages.
libgmp10 suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: gmp
Source-Version: 2:5.0.4+dfsg-1
We believe that the bug you reported is fixed in the latest version of
gmp, which is due to be installed in the Debian FTP archive:
gmp_5.0.4+dfsg-1.diff.gz
to main/g/gmp/gmp_5.0.4+dfsg-1.diff.gz
gmp_5.0.4+dfsg-1.dsc
to main/g/gmp/gmp_5.0.4+dfsg-1.dsc
gmp_5.0.4+dfsg.orig.tar.gz
to main/g/gmp/gmp_5.0.4+dfsg.orig.tar.gz
lib32gmp-dev_5.0.4+dfsg-1_amd64.deb
to main/g/gmp/lib32gmp-dev_5.0.4+dfsg-1_amd64.deb
lib32gmp10_5.0.4+dfsg-1_amd64.deb
to main/g/gmp/lib32gmp10_5.0.4+dfsg-1_amd64.deb
lib32gmpxx4_5.0.4+dfsg-1_amd64.deb
to main/g/gmp/lib32gmpxx4_5.0.4+dfsg-1_amd64.deb
libgmp-dev_5.0.4+dfsg-1_amd64.deb
to main/g/gmp/libgmp-dev_5.0.4+dfsg-1_amd64.deb
libgmp10-doc_5.0.4+dfsg-1_all.deb
to main/g/gmp/libgmp10-doc_5.0.4+dfsg-1_all.deb
libgmp10_5.0.4+dfsg-1_amd64.deb
to main/g/gmp/libgmp10_5.0.4+dfsg-1_amd64.deb
libgmp3-dev_5.0.4+dfsg-1_amd64.deb
to main/g/gmp/libgmp3-dev_5.0.4+dfsg-1_amd64.deb
libgmpxx4ldbl_5.0.4+dfsg-1_amd64.deb
to main/g/gmp/libgmpxx4ldbl_5.0.4+dfsg-1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 658...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steve M. Robbins <s...@debian.org> (supplier of updated gmp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 11 Feb 2012 11:41:31 -0600
Source: gmp
Binary: libgmp10 libgmpxx4ldbl libgmp-dev lib32gmp10 lib32gmpxx4 lib32gmp-dev
lib64gmp10 lib64gmpxx4 lib64gmp-dev libgmp10-doc libgmp3-dev
Architecture: source all amd64
Version: 2:5.0.4+dfsg-1
Distribution: unstable
Urgency: low
Maintainer: Debian Science Team
<debian-science-maintain...@lists.alioth.debian.org>
Changed-By: Steve M. Robbins <s...@debian.org>
Description:
lib32gmp-dev - Multiprecision arithmetic library developers tools (32bit)
lib32gmp10 - Multiprecision arithmetic library (32bit)
lib32gmpxx4 - Multiprecision arithmetic library (C++ bindings, 32bit)
lib64gmp-dev - Multiprecision arithmetic library developers tools (64bit)
lib64gmp10 - Multiprecision arithmetic library (64bit library)
lib64gmpxx4 - Multiprecision arithmetic library (C++ bindings, 64bit)
libgmp-dev - Multiprecision arithmetic library developers tools
libgmp10 - Multiprecision arithmetic library
libgmp10-doc - Multiprecision arithmetic library example code
libgmp3-dev - Multiprecision arithmetic library developers tools
libgmpxx4ldbl - Multiprecision arithmetic library (C++ bindings)
Closes: 658821
Changes:
gmp (2:5.0.4+dfsg-1) unstable; urgency=low
.
* New upstream version.
- Fix for buffer overruns. Closes: #658821.
.
* rules: add build-arch, build-indep rules.
Checksums-Sha1:
d9ee7ef2c87f1516f3c5b7b479cddb7110cddbdd 1833 gmp_5.0.4+dfsg-1.dsc
9d4065341317638438a7515e4ad73213a87dc0d1 2851233 gmp_5.0.4+dfsg.orig.tar.gz
b17ac8954e77c47dee55e47dbe8921be4b95d187 18391 gmp_5.0.4+dfsg-1.diff.gz
e69e56075c9ed71b43d58b052033cbf08778b986 157784
libgmp10-doc_5.0.4+dfsg-1_all.deb
4f9700b60b3afa6c46b6fb5f13c4ae36b9a8d43e 247590 libgmp10_5.0.4+dfsg-1_amd64.deb
e1b1adb9c0c65fff917c7bd516904403884b374e 21120
libgmpxx4ldbl_5.0.4+dfsg-1_amd64.deb
f8875337b1d98efff1fe8e650c0bd0bdb2b2aa71 605232
libgmp-dev_5.0.4+dfsg-1_amd64.deb
1e576d80eebe058c4fd39a54beb6fa25a6e590f7 235186
lib32gmp10_5.0.4+dfsg-1_amd64.deb
baf8767edf61efad7caa4a3dba0e8505ccfab357 20674
lib32gmpxx4_5.0.4+dfsg-1_amd64.deb
4daaf14c140aa8895625606c9b2a8ef8bc51701e 302270
lib32gmp-dev_5.0.4+dfsg-1_amd64.deb
a8a391377d274aa8c40cb1c4e44f061c80a0394a 13340
libgmp3-dev_5.0.4+dfsg-1_amd64.deb
Checksums-Sha256:
6e1494f492546b0250a59b9c35d76de79269c5b0aa0e963984ededfdd3c42b9d 1833
gmp_5.0.4+dfsg-1.dsc
b19e033027be9526b1f19fe4e16d297f5bb057a2386e25825568be12ec27e674 2851233
gmp_5.0.4+dfsg.orig.tar.gz
be271cac62801ade0c8f5db0a284ffddf0ec74c431f5fbc4b2cbe172dfd7e30b 18391
gmp_5.0.4+dfsg-1.diff.gz
3bbb01af82619bd3755a7ac63c174ba3ea847f434a5a4699d803c705ac72b3b6 157784
libgmp10-doc_5.0.4+dfsg-1_all.deb
1c82092a3d243a31bbc0a81da47a2d27e714ff17674bd56d6589df9a506e35f0 247590
libgmp10_5.0.4+dfsg-1_amd64.deb
89418261a49c2947347e3e61d82615cfb4e1be749f3055949d39352ed487fbdd 21120
libgmpxx4ldbl_5.0.4+dfsg-1_amd64.deb
aa21a4dd62c824329d7c510a67cde17552e10eba5ddc62cea1fbabafc01397ce 605232
libgmp-dev_5.0.4+dfsg-1_amd64.deb
160246aaf35633c47eebb349604bf2cd41dfeaaba37e6160529c6be418115b34 235186
lib32gmp10_5.0.4+dfsg-1_amd64.deb
00116817dd90402b91c3db5a9bf9cc0b131fe00fbd30e1bd1dc17272f6d67d2a 20674
lib32gmpxx4_5.0.4+dfsg-1_amd64.deb
d4186960a9c203e84c352dce02d9129089ba261aa70d22cb3e054d567ca0cf10 302270
lib32gmp-dev_5.0.4+dfsg-1_amd64.deb
f9d15977cc0648b95804e8f23cc28e3aff4e6a8a493c1832e0a4ab372ee6de2c 13340
libgmp3-dev_5.0.4+dfsg-1_amd64.deb
Files:
605860ba7cf75e644e115b952277d835 1833 libs optional gmp_5.0.4+dfsg-1.dsc
6db3906c514314ca3b7f472363b4cbd2 2851233 libs optional
gmp_5.0.4+dfsg.orig.tar.gz
e4e1be4f82432db98061811486550998 18391 libs optional gmp_5.0.4+dfsg-1.diff.gz
3dd954064993776e9bc06dd481792803 157784 doc optional
libgmp10-doc_5.0.4+dfsg-1_all.deb
3594c15fdce697659152f8e36f3dcda2 247590 libs optional
libgmp10_5.0.4+dfsg-1_amd64.deb
302bc879073ff6e08df93777f1dfdd32 21120 libs optional
libgmpxx4ldbl_5.0.4+dfsg-1_amd64.deb
f0a8bb25e42b5c51bfd6edf2c7d6afc3 605232 libdevel optional
libgmp-dev_5.0.4+dfsg-1_amd64.deb
ff1923b9717c714f70ed701cf0cb5f5b 235186 libs optional
lib32gmp10_5.0.4+dfsg-1_amd64.deb
94cefd2531497cd3e190b667396572f8 20674 libs optional
lib32gmpxx4_5.0.4+dfsg-1_amd64.deb
dbe1d00bb31ac67116d471fa7250152f 302270 libdevel optional
lib32gmp-dev_5.0.4+dfsg-1_amd64.deb
19174e126a6a75db3a78842928df5e66 13340 libdevel optional
libgmp3-dev_5.0.4+dfsg-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFPNrRO0i2bPSHbMcURAkeCAJ9Hb64FnPtC/F88BS1eaXLd70U60QCeM21C
tCxT8IU7Y4E6VIck/utwe8k=
=zmjN
-----END PGP SIGNATURE-----
--- End Message ---
