Your message dated Mon, 11 Feb 2013 19:02:40 +0000 with message-id <e1u4yeg-0004iz...@franck.debian.org> and subject line Bug#699889: fixed in openssl 1.0.1e-1 has caused the Debian Bug report #699889, regarding several issues in Security Advisory 5 Feb 2013 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 699889: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699889 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: openssl Severity: serious Tags: security Hi, Several issues were announced in the OpenSSL security advisory of 05 Feb 2013 (http://www.openssl.org/news/secadv_20130205.txt): SSL, TLS and DTLS Plaintext Recovery Attack (CVE-2013-0169) TLS 1.1 and 1.2 AES-NI crash (CVE-2012-2686) (does not affect stable) OCSP invalid key DoS issue (CVE-2013-0166) Can you see to it that these are addressed in unstable and testing, and also prepare an update to stable-security? Thanks, Thijs
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---Source: openssl Source-Version: 1.0.1e-1 We believe that the bug you reported is fixed in the latest version of openssl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 699...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Kurt Roeckx <k...@roeckx.be> (supplier of updated openssl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 11 Feb 2013 19:39:44 +0100 Source: openssl Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg Architecture: source all amd64 Version: 1.0.1e-1 Distribution: unstable Urgency: high Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org> Changed-By: Kurt Roeckx <k...@roeckx.be> Description: libcrypto1.0.0-udeb - crypto shared library - udeb (udeb) libssl-dev - SSL development libraries, header files and documentation libssl-doc - SSL development documentation documentation libssl1.0.0 - SSL shared libraries libssl1.0.0-dbg - Symbol tables for libssl and libcrypto openssl - Secure Socket Layer (SSL) binary and related cryptographic tools Closes: 699889 Changes: openssl (1.0.1e-1) unstable; urgency=high . * New upstream version (Closes: #699889) - Fixes CVE-2013-0169, CVE-2012-2686, CVE-2013-0166 - Drop renegiotate_tls.patch, applied upstream - Export new CRYPTO_memcmp symbol, update symbol file * Add ssltest_no_sslv2.patch so that "make test" works. Checksums-Sha1: 22e2c2c0a1a85956b734c89d648a76fbfed2f8bc 2200 openssl_1.0.1e-1.dsc 3f1b1223c9e8189bfe4e186d86449775bd903460 4459777 openssl_1.0.1e.orig.tar.gz e17c70318951e57e39edb14fea1388366e980a90 90244 openssl_1.0.1e-1.debian.tar.gz 9c12adcb2e48bc61c949ef5ac61994dc86a7bbf7 1199882 libssl-doc_1.0.1e-1_all.deb 3158d5d5f4d35eb4d8c73f94d00dbc4db7eac18a 698936 openssl_1.0.1e-1_amd64.deb e4c3322e64f4f2b5c30254d41eecd1a2c47d3154 1218866 libssl1.0.0_1.0.1e-1_amd64.deb e67b410520c84c3906805f4c37f1cd5aae3a6913 603588 libcrypto1.0.0-udeb_1.0.1e-1_amd64.udeb 1a8bf475a2572f8ec62f538c279882d493fcb0ec 1705006 libssl-dev_1.0.1e-1_amd64.deb 764f1b48720249122b172d6c2531aaa1584b2337 3015276 libssl1.0.0-dbg_1.0.1e-1_amd64.deb Checksums-Sha256: d4fdd58217ca555f34a9fed748d86a379eb9902824c5e5c9229ec65e45abb59a 2200 openssl_1.0.1e-1.dsc f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3 4459777 openssl_1.0.1e.orig.tar.gz c7e3b4bb396a98328c5404e44415ec78e7bb032d726d6ed0e3234b5f45300186 90244 openssl_1.0.1e-1.debian.tar.gz 4d5a29dfccbd0058b1c9fe5fd2fc7758c85c38a33bab14048d318bb76a4b965d 1199882 libssl-doc_1.0.1e-1_all.deb 2c0698c04a92039e25032a7d2f7098135e555cfd82764e7b9f3f2f1ae084e724 698936 openssl_1.0.1e-1_amd64.deb 283421e4f8b9c4ea6a08a3ab4cf44b934ce974b914f84dc9426e43eef0432584 1218866 libssl1.0.0_1.0.1e-1_amd64.deb d62d35cb15b287fcf4dc31d99fa3810c8d5919320dbf19321b14482554264d4d 603588 libcrypto1.0.0-udeb_1.0.1e-1_amd64.udeb 745a2c50c3b4684ecc698e87ac192ebcbcca059be9825fc1b67909855d3bf264 1705006 libssl-dev_1.0.1e-1_amd64.deb dddd577057c922ed67c62aeab7098e9cb52eb973607b01f5cd336f4f5463b8fb 3015276 libssl1.0.0-dbg_1.0.1e-1_amd64.deb Files: d0052cfd83910cf681760936b99c7285 2200 utils optional openssl_1.0.1e-1.dsc 66bf6f10f060d561929de96f9dfe5b8c 4459777 utils optional openssl_1.0.1e.orig.tar.gz 4d58a6f4013f732c7fa610865c4c6d9b 90244 utils optional openssl_1.0.1e-1.debian.tar.gz 5af67dcdf92f72d2f065ee1c7719f25e 1199882 doc optional libssl-doc_1.0.1e-1_all.deb bd63f54fbb483e05f1ef601aea25c86b 698936 utils optional openssl_1.0.1e-1_amd64.deb 39b388c28169928dea56a54a300f779a 1218866 libs important libssl1.0.0_1.0.1e-1_amd64.deb 914c286bd97a215056ee344b1346a594 603588 debian-installer optional libcrypto1.0.0-udeb_1.0.1e-1_amd64.udeb 04cf5b8095500306014bb76a6b307bdd 1705006 libdevel optional libssl-dev_1.0.1e-1_amd64.deb b8efa3b264f086a3ba758a2ffc13d08b 3015276 debug extra libssl1.0.0-dbg_1.0.1e-1_amd64.deb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJRGT9YAAoJEKGfLDAaVSLdQecP/1Ns65as18xQh3sTkQ2AOaPv TV82LWnUQkSvfS8RSvjaMx5m2zHHkzkpBOvT4ZnvOuS5cOs38uTZqh+CxeoafbVt +zoQ0dp6WQ1uTCLV5qkiJGWEhyXdboVb4BwFy8Gx6LSQvVaCxw8xZgSvId7M1MRX I7jpDqnLRJoxADgX8WCiS4AAoSRX1x/o+R6SgnwCZJcZ0cYhzQb6yi34/Yx1F3Yr 2VYe78rMXypW0e3tIOwzyH+AuFP6IuBc+qOi4pe1ykPHgGK9eesAzcWqTFUkL7Kb hmWEUiFSsNG1WfPK2LWpoATnREigsDK0QU7FehXzRX3L/rLaqQ1GxN30yHbNLON8 NKuetpykVlyOGwHemey+GdYY9Vbx478N/0Uf8qM8iuwvVTYys44PSAmxQT7lA2oo iB1x26SSyMWSjged1Z6c4Lb/iJgHQHBo7Fbk6hcispscXv1k2O2E6HhR1sFBzR+m j9xKFPNIh+ttGWCEIHHrc0NJgSNybsfjGQeigqhS1OKsBCfZHznbPuHe5mM8qTVk A/GqsnQacPnSJo/kUcFrm+qTXg1FooWld/XzhKfKwDbQhCDQbrLT1th0jZ7pS2AU qsbXbxvnbMUxn5s/U9/9SmrnrfZCkU83zu7Uc2GRIna5/52FmXtVPUvwqWgPsi+r 7o7Rh0UOW7uaL2qcAjw8 =iatw -----END PGP SIGNATURE-----
--- End Message ---
