Your message dated Mon, 06 Jan 2014 22:47:45 +0000 with message-id <e1w0ixv-0002by...@franck.debian.org> and subject line Bug#732754: fixed in openssl 1.0.1e-2+deb7u1 has caused the Debian Bug report #732754, regarding openssl: CVE-2013-6449: crash when using TLS 1.2 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 732754: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732754 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: openssl Version: 1.0.1e-2 Severity: grave Tags: security upstream patch Hi, the following vulnerability was published for openssl. CVE-2013-6449[0]: crash when using TLS 1.2 It was reported in Apache Traffic Server[1] and upstream at [2], see also [3]. I was not able to reproduce any crash myself, just checking against the openssl source package to verify upstrem patches apply. See [4] and [5] for the patches applied. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449 http://security-tracker.debian.org/tracker/CVE-2013-6449 [1] https://issues.apache.org/jira/browse/TS-2355 [2] http://rt.openssl.org/Ticket/Display.html?id=3200&user=guest&pass=guest [3] https://bugzilla.redhat.com/show_bug.cgi?id=1045363 [4] http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ca98926 [5] http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0294b2b Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: openssl Source-Version: 1.0.1e-2+deb7u1 We believe that the bug you reported is fixed in the latest version of openssl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 732...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Kurt Roeckx <k...@roeckx.be> (supplier of updated openssl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 23 Dec 2013 17:47:19 +0100 Source: openssl Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg Architecture: source all amd64 Version: 1.0.1e-2+deb7u1 Distribution: stable-security Urgency: medium Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org> Changed-By: Kurt Roeckx <k...@roeckx.be> Description: libcrypto1.0.0-udeb - crypto shared library - udeb (udeb) libssl-dev - SSL development libraries, header files and documentation libssl-doc - SSL development documentation documentation libssl1.0.0 - SSL shared libraries libssl1.0.0-dbg - Symbol tables for libssl and libcrypto openssl - Secure Socket Layer (SSL) binary and related cryptographic tools Closes: 732710 732754 Changes: openssl (1.0.1e-2+deb7u1) stable-security; urgency=medium . * Fix CVE-2013-6449 (Closes: #732754) * Fix CVE-2013-6450 * disable rdrand by default. It was used as only source of entropy when available. (Closes: #732710) * Disable Dual EC DRBG. Checksums-Sha1: df07fffd312e26f10a9d937aea135f94abae2d1b 2228 openssl_1.0.1e-2+deb7u1.dsc 3f1b1223c9e8189bfe4e186d86449775bd903460 4459777 openssl_1.0.1e.orig.tar.gz 99bd93a87a9c55fa19385c02a0cfa4d2e3610f90 95169 openssl_1.0.1e-2+deb7u1.debian.tar.gz 66bf040c8ac7be5d4f2f9942249400a4ab1e69bc 1197168 libssl-doc_1.0.1e-2+deb7u1_all.deb a9ce52aaf530bbcea63936fa1b597d6bb1482ad3 699348 openssl_1.0.1e-2+deb7u1_amd64.deb 40451425e3ff2d71872e601283181360cb3d49bf 1224380 libssl1.0.0_1.0.1e-2+deb7u1_amd64.deb b424473f0171644e10ca4e852b4938552661a4e5 604560 libcrypto1.0.0-udeb_1.0.1e-2+deb7u1_amd64.udeb b15315f13cb1ca52d36cfe8ca63b780434587adf 1706732 libssl-dev_1.0.1e-2+deb7u1_amd64.deb ec35f89f4db0b37b03545c49825336fa2ac9e867 3016388 libssl1.0.0-dbg_1.0.1e-2+deb7u1_amd64.deb Checksums-Sha256: 2118c53bc0172a06b09af316faba4851905eaeb8bddfcf0c5946742810a23814 2228 openssl_1.0.1e-2+deb7u1.dsc f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3 4459777 openssl_1.0.1e.orig.tar.gz d67d7b56c95c683f56a9eebeb87324442adae69175fe6f7f4664ddf06ece3f53 95169 openssl_1.0.1e-2+deb7u1.debian.tar.gz c6b0fe25495b2f57c932373fa0229afdceef014261f58f53eaa19cc5df8d9d1a 1197168 libssl-doc_1.0.1e-2+deb7u1_all.deb ef37da8352f3d2cfc614a9254ec4ea3654716bfd7d8b0b9ca640b8d589739e26 699348 openssl_1.0.1e-2+deb7u1_amd64.deb 30e9582a97a4bddb73af6b756f82ce68e8f890826fd8429c6b34c6d599ad6914 1224380 libssl1.0.0_1.0.1e-2+deb7u1_amd64.deb dbacc547aced8efe203043aa45fbbfb29d4e2fce0ed39a818a64d4969927a534 604560 libcrypto1.0.0-udeb_1.0.1e-2+deb7u1_amd64.udeb a143bf420a8eac6fffe7e2b6f410168e5c4146f9a9f5a0f00bfb90172d1afcbb 1706732 libssl-dev_1.0.1e-2+deb7u1_amd64.deb 3644feb52253ac27431f46552d3c9c27fbddc083e0982e8e39b955fd84748144 3016388 libssl1.0.0-dbg_1.0.1e-2+deb7u1_amd64.deb Files: 2dc22b937c4c0a4810046a6b28de569d 2228 utils optional openssl_1.0.1e-2+deb7u1.dsc 66bf6f10f060d561929de96f9dfe5b8c 4459777 utils optional openssl_1.0.1e.orig.tar.gz 93bfd76b302c59941cf49d8dd212f6ce 95169 utils optional openssl_1.0.1e-2+deb7u1.debian.tar.gz b0eccec9f4be71f565cb7f8465241c52 1197168 doc optional libssl-doc_1.0.1e-2+deb7u1_all.deb 746752adf3775df5e20e6ee7e77a6cd3 699348 utils optional openssl_1.0.1e-2+deb7u1_amd64.deb 691cf5a95087a04fd90753caa2e9e71f 1224380 libs important libssl1.0.0_1.0.1e-2+deb7u1_amd64.deb e42306fa3914cd5f0a330bc445999e66 604560 debian-installer optional libcrypto1.0.0-udeb_1.0.1e-2+deb7u1_amd64.udeb 8a58f858edefec12e45da82767ca712b 1706732 libdevel optional libssl-dev_1.0.1e-2+deb7u1_amd64.deb 5fef5bd1dc433beab29e442a9c504fb1 3016388 debug extra libssl1.0.0-dbg_1.0.1e-2+deb7u1_amd64.deb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBCgAGBQJSuHWFAAoJEKGfLDAaVSLd1ogP/0tyAtUyzBmDcqRNMa9zUmQX ih9+J5Mk5OCyEwEplpw3b3PqOojzdEdm/fbzETTHdjT+lt4JWHP3Ug/66AMjhtzT pLGorVLk5p7OSeBplTk+7wTdgLI4bu4PRRIl/N0hHfueSY3HJr/Jbeo+2oJNXxWN rmrAS3iJNRJqo8dzFKLQghsx75+tbUYGAisxqEc6fwvYPIAUPARmTM+370n2R2V0 NlcxDquHIIhCFX1jh23dz36c/ANJ7GcwGxQktwBFRhMRASVYApCxDZZj2pa2Ksvd laQCvqeONIZMcAnE3oqciZQNyanp3tq4JtY2TN8U8DGw07nzH6sUN/ibe2DaI0C5 Vy4EqJPPJfPTd5DFN7ugzGV5tyjhs659+SriFdHd02WGPGRqIFVLmKHE1JsO/Cvz a8mLE7HcAbqyWyxVjuV8nzv0Pl5UXAnm6Ok36VJm/Bdk0JLfPYQ+RyXP46YbQJX2 XvFPr/7pP0OnQ5fGu3eqOJ42/Vfth/0oGAmrYq0GxV8PQmiiSo/wUTDh4kIPcUD3 IEUii0PZUGFaht2ShluXD3ax95q2IuTTz16qTE6betSxS8fE+RDxJ9BXvZsKB/4C S2O35yJ4/6bOwiR7onELT54wsXyJr5+4XtAo5CSroE1/e2u26RWBbKfK+g+munuj tm5K7Rj5CeoCp93Pkbaf =itBf -----END PGP SIGNATURE-----
--- End Message ---
