Your message dated Fri, 03 May 2013 06:02:04 +0000 with message-id <e1uy94g-0000gs...@franck.debian.org> and subject line Bug#702267: fixed in stunnel4 3:4.29-1+squeeze1 has caused the Debian Bug report #702267, regarding stunnel: CVE-2013-1762 buffer overflow in NTLM authentication of the CONNECT protocol negotiation to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 702267: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702267 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: stunnel Severity: grave Tags: security Hi, the following vulnerability was published for stunnel. Please see https://www.stunnel.org/CVE-2013-1762.html for details. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1762 http://security-tracker.debian.org/tracker/CVE-2013-1762 Please adjust the affected versions in the BTS as needed. -- Nico Golde - XMPP: n...@jabber.ccc.de - GPG: 0xA0A0AAAA
pgpQNRv3AuM76.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: stunnel4 Source-Version: 3:4.29-1+squeeze1 We believe that the bug you reported is fixed in the latest version of stunnel4, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 702...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated stunnel4 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 27 Apr 2013 17:00:30 +0200 Source: stunnel4 Binary: stunnel4 stunnel Architecture: source all amd64 Version: 3:4.29-1+squeeze1 Distribution: squeeze-security Urgency: high Maintainer: Luis Rodrigo Gallardo Cruz <rodr...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: stunnel - dummy upgrade package stunnel4 - Universal SSL tunnel for network daemons Closes: 702267 Changes: stunnel4 (3:4.29-1+squeeze1) squeeze-security; urgency=high . * Non-maintainer upload by the Security Team. * Add CVE-2013-1762.patch patch. CVE-2013-1762: Fix buffer overflow vulnerability due to incorrect integer conversion in the NTLM authentication of the CONNECT protocol negotiation. (Closes: #702267) Checksums-Sha1: 0744d0f395850c69fc789e996ae5b9c0ac206b88 1882 stunnel4_4.29-1+squeeze1.dsc f93ac9054c62b1db0dcf44f668d323d82cc0f413 544292 stunnel4_4.29.orig.tar.gz f818c63d964796744ca1c9d90ab08d056c17b0ae 28688 stunnel4_4.29-1+squeeze1.diff.gz 7eef6cdbd9f490725fd0773ad4b02767a144e57b 24258 stunnel_4.29-1+squeeze1_all.deb 080c60927ddfc555b76c4725971afc5afc38d709 152420 stunnel4_4.29-1+squeeze1_amd64.deb Checksums-Sha256: f7736582f45f2a842a2e200d28a415b40688f92f605ff6252ae591dd9cdac152 1882 stunnel4_4.29-1+squeeze1.dsc 018064e852a2a125bcfb4b81baa77b5701ccf6aabe6a47564bfc046b18d11f9b 544292 stunnel4_4.29.orig.tar.gz 84810e651c24aa624ca7f1c53b468db3aeb3a129ad651be90b1ec4951a66fc09 28688 stunnel4_4.29-1+squeeze1.diff.gz 149c4debca0447c2a8ab641d541d0762997069b18fd7fdf0208499b30f2b4a9e 24258 stunnel_4.29-1+squeeze1_all.deb 4ee5224257e53c91f5427491923a6197215782b19ac7722a746518fbaf504f57 152420 stunnel4_4.29-1+squeeze1_amd64.deb Files: c2ebd448af547e99dd3fafb572a13a19 1882 net optional stunnel4_4.29-1+squeeze1.dsc 14dc3f8412947f0548975cbce74d6863 544292 net optional stunnel4_4.29.orig.tar.gz 4ab12e6da1b2087381ac86c51db54a48 28688 net optional stunnel4_4.29-1+squeeze1.diff.gz 1ee80939f09a516a4e01e87d3dcdf643 24258 net extra stunnel_4.29-1+squeeze1_all.deb 1d45df973acbfbc993b3942fdd7a5dbc 152420 net optional stunnel4_4.29-1+squeeze1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJRe+mGAAoJEHidbwV/2GP+2DkP/jvebEH8Dlr+lao7a/8gjKlO uCsmxvG+A0jxr0h/D1l6s8SegTd/JjUhg2U2gcRua92/QPzVwsdDltRjBPDv7twL fhyDPiVvhzg8CIGolwRS+gFkclhSEP8CQo1MxCL9dMPPyu5myVkcBszJpCSwdBy1 htmdNxVcq9JB6b7aeCwj6NfHPY0B/L+iXUamOOdrouIvoexp0mX26qE+F2mlLbTx kyI4X4gq4RZtHCVZwabakm/cW7x+NahNS3NgnMrsvByjWChDVJQmUZJS0cVqOCTb ZuXLRwP3zhZV43phtPb4gmA8tBq3OtVRNWYnJvqappH4YGnqxQe7ja6hq9q9Gne2 sACzJuM2uEDAwAa+AqsrynaoFS3Yf63UF8jCe+SUp+F0H/f/xTeuFyQ6HAjIycPA oSqZpv/EBVa7ibbYHZz+HVGHf9tJejohhAUBHelFFF5bfXp8aDxTnfbC+cjQTdyo uVOI3QgpXc2BENJ+Jofg9YZauUSHE9eegWa08CH45xyWDdXe10FnOUAkGKwHyTJ5 cUzWF1NgY2VP0OcOfd/fBQpFq5LBSJf1aIj7/oKhE1kdZfhFR1WjHcD3oAwET96d GVBt+avVMvKGIn3AkQr/bWud6S73P+lKbopunr9MfDoHwkr5t+Bkhdtaqc5+cccv 782USdepQd3ps2BtfIxC =hX00 -----END PGP SIGNATURE-----
--- End Message ---
