Your message dated Sun, 06 Jan 2013 23:17:05 +0000 with message-id <e1trzsj-0006yp...@franck.debian.org> and subject line Bug#697108: fixed in gnupg 1.4.10-4+squeeze1 has caused the Debian Bug report #697108, regarding gnupg key import memory corruption to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 697108: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697108 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: gnupg Version: 1.4.12-6 Severity: grave Tags: security Please see http://seclists.org/bugtraq/2012/Dec/151 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: gnupg Source-Version: 1.4.10-4+squeeze1 We believe that the bug you reported is fixed in the latest version of gnupg, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 697...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thijs Kinkhorst <th...@debian.org> (supplier of updated gnupg package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 02 Jan 2013 20:43:39 +0100 Source: gnupg Binary: gnupg gnupg-curl gpgv gnupg-udeb gpgv-udeb Architecture: source amd64 Version: 1.4.10-4+squeeze1 Distribution: stable-security Urgency: high Maintainer: Debian GnuPG-Maintainers <pkg-gnupg-ma...@lists.alioth.debian.org> Changed-By: Thijs Kinkhorst <th...@debian.org> Description: gnupg - GNU privacy guard - a free PGP replacement gnupg-curl - GNU privacy guard - a free PGP replacement (cURL) gnupg-udeb - GNU privacy guard - a free PGP replacement (udeb) gpgv - GNU privacy guard - signature verification tool gpgv-udeb - minimal signature verification tool (udeb) Closes: 697108 Changes: gnupg (1.4.10-4+squeeze1) stable-security; urgency=high . * Apply upstream patch to fix memory and key database corruption when importing with invalid keys (CVE-2012-6085, closes: #697108). Checksums-Sha1: 71f37ec4c4d86055f13bd73140fe0fb9bec220b3 1737 gnupg_1.4.10-4+squeeze1.dsc 0db579b2dc202213424f55243906b71228dd18d1 4747259 gnupg_1.4.10.orig.tar.gz f33b218e4a82dc4a471180ca082490483e3cffd2 30669 gnupg_1.4.10-4+squeeze1.diff.gz cb7796c3c680ce8f09d188d7b633ef3a0ba74103 2147792 gnupg_1.4.10-4+squeeze1_amd64.deb cf90721469541e80b8ab5f473ef79d9a07d2b052 74720 gnupg-curl_1.4.10-4+squeeze1_amd64.deb 5ce4a346e269ddfc6f3f8ed2c6a908170087b4f9 221658 gpgv_1.4.10-4+squeeze1_amd64.deb b50aadde91e6e878f852486d9f01036fd0ad2944 413368 gnupg-udeb_1.4.10-4+squeeze1_amd64.udeb d3dd6c36a8bcd3c33e6befd673452ea939e58e9c 149522 gpgv-udeb_1.4.10-4+squeeze1_amd64.udeb Checksums-Sha256: 388e774c907386a8bedf17fab7c229bc5c9ba3e7435c8779e0d968aa4a852c4f 1737 gnupg_1.4.10-4+squeeze1.dsc 055e92b6735fb82a6c9f7d506cdd01ae7a733a1f3793d3694083e1f283f5e914 4747259 gnupg_1.4.10.orig.tar.gz 18ffc6bbf313d91beb16c05ddc0e249e91ddf1b80aa31645843e6473e4e9b406 30669 gnupg_1.4.10-4+squeeze1.diff.gz 23095d1a7f0d5f5ae8399e58d207dafda631270c7150180dc2f359c91a6490cd 2147792 gnupg_1.4.10-4+squeeze1_amd64.deb 29164e139b1ffb8a04e16184930e8166bd061d26e4a599d9863da8ae27d2687b 74720 gnupg-curl_1.4.10-4+squeeze1_amd64.deb c945456419879de35ead318a4daf0371fa6e4a31e93c4abc88f376e65be3f4f9 221658 gpgv_1.4.10-4+squeeze1_amd64.deb 4d49fb067b26a5fd54a475fa22de8743f264547de49c0c3255daa190ecf65282 413368 gnupg-udeb_1.4.10-4+squeeze1_amd64.udeb 7757fd546e4a685617f67f22ab1b0f50ae379b895dc159ec029bbeac07fda309 149522 gpgv-udeb_1.4.10-4+squeeze1_amd64.udeb Files: 7089bee710f73197e32012cc21136a0d 1737 utils important gnupg_1.4.10-4+squeeze1.dsc 991faf66d3352ac1452acc393c430b23 4747259 utils important gnupg_1.4.10.orig.tar.gz cbebdca9254fdca6b7c65c2248179ac0 30669 utils important gnupg_1.4.10-4+squeeze1.diff.gz 592f297378628f0e586aa5d937b3c239 2147792 utils important gnupg_1.4.10-4+squeeze1_amd64.deb efc342f97fd9874f6af2a22ebf4286d5 74720 utils optional gnupg-curl_1.4.10-4+squeeze1_amd64.deb add5d9bbb97282efd5b3219ace0b63cb 221658 utils important gpgv_1.4.10-4+squeeze1_amd64.deb 887984cbabece6c5ab18d23c36171781 413368 debian-installer extra gnupg-udeb_1.4.10-4+squeeze1_amd64.udeb af2a49c65c884fc6a60de6f7e26e0945 149522 debian-installer extra gpgv-udeb_1.4.10-4+squeeze1_amd64.udeb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJQ5JWaAAoJEFb2GnlAHawECsEH+wVDPJ09mWGjrLrWB52+AQyZ TUWtTbqrPbOh7wIeqJckCTZQ14UHEAFphLyXV2jJtO/sb4lMtvUExIqt3BtVS7vh mVRguof0kvhk8cvoOh6/mRC5rpWkKoaMHfwx19jXbFBgNTLcUDYUJ9VQx7PI1Jes Sug4wqqrar/uD3oR1UHYdhaNb/mgcws9lvOzlEy4wn/IXQEd7CLi8b7I1cujh6qe QO4bgnFetJuZUQW8MB4L6O0A+D2tJxmiyrEMAfIEk1OPijR4GtMdz0eZTt5LHfBQ e5sFo1XPECbkErnLgNtF65xYNVuLKcQ+g9afKt8gsh7xALv4Iwm+QYixtSnFLVw= =6OfQ -----END PGP SIGNATURE-----
--- End Message ---
