Your message dated Mon, 22 Apr 2013 21:16:42 +0000 with message-id <e1uuo6m-0004qq...@franck.debian.org> and subject line Bug#702267: fixed in stunnel4 3:4.53-1.1 has caused the Debian Bug report #702267, regarding stunnel: CVE-2013-1762 buffer overflow in NTLM authentication of the CONNECT protocol negotiation to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 702267: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702267 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: stunnel Severity: grave Tags: security Hi, the following vulnerability was published for stunnel. Please see https://www.stunnel.org/CVE-2013-1762.html for details. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1762 http://security-tracker.debian.org/tracker/CVE-2013-1762 Please adjust the affected versions in the BTS as needed. -- Nico Golde - XMPP: n...@jabber.ccc.de - GPG: 0xA0A0AAAA
pgpGe2BWKjtsV.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: stunnel4 Source-Version: 3:4.53-1.1 We believe that the bug you reported is fixed in the latest version of stunnel4, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 702...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated stunnel4 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 22 Apr 2013 19:47:34 +0200 Source: stunnel4 Binary: stunnel4 Architecture: source amd64 Version: 3:4.53-1.1 Distribution: unstable Urgency: high Maintainer: Luis Rodrigo Gallardo Cruz <rodr...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: stunnel4 - Universal SSL tunnel for network daemons Closes: 702267 Changes: stunnel4 (3:4.53-1.1) unstable; urgency=high . * Non-maintainer upload. * Add CVE-2013-1762.patch patch. CVE-2013-1762: Fix buffer overflow in NTLM authentication of the CONNECT protocol negotiation. (Closes: #702267) Checksums-Sha1: 4b9c83a9fcfb9f852df7fef11fa11d099f0a454a 1911 stunnel4_4.53-1.1.dsc aa808f8b37dd7602555111a7334f7daf2066a90b 32834 stunnel4_4.53-1.1.debian.tar.gz 5aeaa7aed02ff1038a6892b6f2c7aa9fe5769a71 178460 stunnel4_4.53-1.1_amd64.deb Checksums-Sha256: 9c6d4a47a42eb8ae24a51b04f24c14d0ffe36b824bda0e8cf2771dc9500b118c 1911 stunnel4_4.53-1.1.dsc c00f52dfeaef48e41f7065e99575cfe7ac8be5ea21ab7dab0e0c464a08a753da 32834 stunnel4_4.53-1.1.debian.tar.gz 7d2c5751f994e6f7f99585aee3da42af80ae0058e1eac5413f6704bd0d814e41 178460 stunnel4_4.53-1.1_amd64.deb Files: b3ee7b47c0f1f41a70935ac2ffa53391 1911 net optional stunnel4_4.53-1.1.dsc dba1136ca101247a08e009a2fe63476b 32834 net optional stunnel4_4.53-1.1.debian.tar.gz 8bf9a88ac93838a9eef40831c9d77a37 178460 net optional stunnel4_4.53-1.1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJRdZOxAAoJEHidbwV/2GP+VAcP/0aSHSwWDy70vuJjW9WpDVi7 ZGCJ3kRao76lXehwJpkpBAINH5j1z/MsMLT0pmhVIpzufvUka78kPYAabu/C8unC OMznX+p/EKoPBvYD709uyhb9GM9I5TrSjCF8EeYsFkNz6eZrLp4xCyfH2lj9lFLz uYn+SEfdRh5GSPnzMV3MMZXUI7rGPhIZeIjviZDYSkFd8mltWYwcLf7kJih4shoV Jxq4VSwUypFh3+T1Y7nvAV9wdD9oWjy7S1dZGs/zEyOrGksVbt4sFMK2WP1B9DiP kGAruMZFaaaK31rHd6yVFzFioGjdAje4fwTcz457pMJwm6SUrRZdSkSl7o2rEDNP 6HHuXXkzSecZoYdLaeNhJhF48Pgo1gdyBoB1Q5ccWeyuNezK4kt1OlHMtoVoZ4Lz P7V+duWJh0TBRy/d86y6HYCLW3w7+SSL76WFo92sRiXpmwPhy8/z7T7eLGdrmD9i Xl4LW4Rqbzj/ebUjlSW2/sLmHUgPLW+nW46J0RdZZNlyGf7z91xMJJrw5A3Chc5V kzg4Vdmhf3nxnz4OJs9Vnfotx48NGbPSubWKwo7GC1cC7WDrCu1TK7r8z+qeYuGY 7fibrNqk2m+EmX5qPoUrY6h+GVFwhx8zYFs6nEFY0AemgviKyCkiQF12Rn3WpyQt zCrN69uGYV7IL8QP9bh4 =Le4K -----END PGP SIGNATURE-----
--- End Message ---
