Your message dated Wed, 10 Dec 2014 07:05:41 +0000 with message-id <e1xyblb-0003ca...@franck.debian.org> and subject line Bug#772632: fixed in resiprocate 1:1.9.7-4 has caused the Debian Bug report #772632, regarding OpenSSL security/interop recommendations to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 772632: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772632 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: repro Version: 1.9.7-1 Severity: serious After discussion on debian-security, two specific issues have been identified[1] that have an impact on security support and interoperability with TLS: a) avoiding the TLSv1_method in the OpenSSL API and just using SSLv23_method b) not trying to use TLS 1.2 when acting as a client as there are sometimes problems with the way some servers respond[2] Point (a) was fixed more comprehensively in the upstream 1.9.8 release but can be fixed with a more concise and targetted patch for jessie. Point (b) was not addressed upstream yet but is also trivial to address in a manner that is suitable for the freeze process. 1. https://lists.debian.org/debian-security/2014/12/msg00032.html 2. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666051#28
--- End Message ---
--- Begin Message ---Source: resiprocate Source-Version: 1:1.9.7-4 We believe that the bug you reported is fixed in the latest version of resiprocate, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 772...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Daniel Pocock <dan...@pocock.pro> (supplier of updated resiprocate package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 09 Dec 2014 11:34:48 +0100 Source: resiprocate Binary: libresiprocate-1.9 libresiprocate-1.9-dev librecon-1.9 librecon-1.9-dev libresiprocate-turn-client-1.9 libresiprocate-turn-client-1.9-dev repro resiprocate-turn-server sipdialer Architecture: source amd64 Version: 1:1.9.7-4 Distribution: unstable Urgency: medium Maintainer: Debian VoIP Team <pkg-voip-maintain...@lists.alioth.debian.org> Changed-By: Daniel Pocock <dan...@pocock.pro> Description: librecon-1.9 - reSIProcate conversation manager - shared libraries librecon-1.9-dev - reSIProcate conversation manager - development files libresiprocate-1.9 - reSIProcate SIP stack - shared libraries libresiprocate-1.9-dev - reSIProcate SIP stack - development files libresiprocate-turn-client-1.9 - reSIProcate TURN client (reTurn) - shared libraries libresiprocate-turn-client-1.9-dev - reSIProcate TURN client (reTurn) - development files repro - reSIProcate SIP stack - lightweight SIP proxy daemon resiprocate-turn-server - reSIProcate SIP stack - ICE/TURN server sipdialer - reSIProcate SIP stack - click-to-call utility Closes: 772632 Changes: resiprocate (1:1.9.7-4) unstable; urgency=medium . * Use SSLv23_method instead of TLSv1_method and avoid TLS 1.2 when acting as client. (Closes: #772632) Checksums-Sha1: 8cb990203a5ea140fb63e27b128fe7b8eea22c62 2863 resiprocate_1.9.7-4.dsc 036d68407f6b64fc8a9a39767c0a9c3d482a482b 28340 resiprocate_1.9.7-4.debian.tar.xz 088cb57d8e613e1d5c8fe2d3a3ce3622de4adb45 1214418 libresiprocate-1.9_1.9.7-4_amd64.deb 7a3f09a6916a456b655c9e3fea9b210e12680cf8 272866 libresiprocate-1.9-dev_1.9.7-4_amd64.deb a2e55cac89a60d1501d4aa154f79d43436b99277 303262 librecon-1.9_1.9.7-4_amd64.deb 5e0616671b071116ebb902a99c5564c797419b1e 58920 librecon-1.9-dev_1.9.7-4_amd64.deb 7a1659dd1c0aad078594f63f8233332779d13640 209572 libresiprocate-turn-client-1.9_1.9.7-4_amd64.deb 593c035818ce38f4d534174ea2aea2ca95bf11b5 34084 libresiprocate-turn-client-1.9-dev_1.9.7-4_amd64.deb f8d62a9fd31be5ad1d1e61f19e698965d37976e5 478648 repro_1.9.7-4_amd64.deb f6f7f28a84678f3a60adaed91ba2b24a69671409 207268 resiprocate-turn-server_1.9.7-4_amd64.deb c75db689dd5476d2aaaae9ba474d4561325be2a0 25154 sipdialer_1.9.7-4_amd64.deb Checksums-Sha256: 36268e61c010c324478d928addbdcf4694c44d6683b1f7a88bcb267d329410d0 2863 resiprocate_1.9.7-4.dsc 1e189e80b0d352ff2dcc34ac52facb317ad907943509cb8552097f87135573df 28340 resiprocate_1.9.7-4.debian.tar.xz 19d69eb05ebde1bb322f1851a3a940e644e6cdea5016592707e447748b06bbdc 1214418 libresiprocate-1.9_1.9.7-4_amd64.deb 46d6a7c2e48172b6f29cc6fbe9702f6df7ebc3195113d229e017d5172b0a9b79 272866 libresiprocate-1.9-dev_1.9.7-4_amd64.deb 1a9b3fb75d3660336777ca05b68955fc7f522adf94b13c881a7c5a6dd1ad1ec6 303262 librecon-1.9_1.9.7-4_amd64.deb 1b9af8592efd54c74e12420a6dd96b09e57e73f187148a694b34883643577175 58920 librecon-1.9-dev_1.9.7-4_amd64.deb a2e0576cb69ffe07e84c45b75d37b6ffdb1f6bd40ee4aecfbedd299d085251ac 209572 libresiprocate-turn-client-1.9_1.9.7-4_amd64.deb cb0183fcb6277da6e167074cdfab89d7d37828e2234091d7d066c7f82216b688 34084 libresiprocate-turn-client-1.9-dev_1.9.7-4_amd64.deb 3aa4da1bee96849edcb2e71d985083e8d08513aee86061a99b2773383778949d 478648 repro_1.9.7-4_amd64.deb 0fa1e1a82345139434d58b1d678089dcfa20f81528c66425b6b8bd475f52bb4c 207268 resiprocate-turn-server_1.9.7-4_amd64.deb 4fbd1494f8ece0b2ec1fa124e47f41601fc55806f1d46285d444bc8ca434b4b6 25154 sipdialer_1.9.7-4_amd64.deb Files: a140c126a66b2cd7dedd68122d37aaa6 2863 libs extra resiprocate_1.9.7-4.dsc 7114f37a8d6052f84bea9cd335788eaa 28340 libs extra resiprocate_1.9.7-4.debian.tar.xz 50b6783735c58b7432b55de1b0252459 1214418 libs extra libresiprocate-1.9_1.9.7-4_amd64.deb 4a3da75c18151dfb32746a2c7d30df4c 272866 libdevel extra libresiprocate-1.9-dev_1.9.7-4_amd64.deb 5ae6e2047be20caf6491f3e233d39d97 303262 libs extra librecon-1.9_1.9.7-4_amd64.deb c286ddf416df4d50999b20c34238e19e 58920 libdevel extra librecon-1.9-dev_1.9.7-4_amd64.deb 7dde6b2b4874bb8a174fd632658a1e51 209572 libs extra libresiprocate-turn-client-1.9_1.9.7-4_amd64.deb 0ffe740a355d05cb57affed36519b889 34084 libdevel extra libresiprocate-turn-client-1.9-dev_1.9.7-4_amd64.deb f7ad1f8a074c838486332ca7efeee198 478648 net extra repro_1.9.7-4_amd64.deb 50ec72e99cadb0e1f33ba64c7e360b07 207268 net extra resiprocate-turn-server_1.9.7-4_amd64.deb 27d45a02856f12c8d656e8de2416383d 25154 net extra sipdialer_1.9.7-4_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJUh+upAAoJEGxlgOd711bEdykP/0TohzvYlTxuWtrvoUuvfaKA MItQ6DQAhISpB/4XlmmoT2orjP9l7nhvQM+PpFu1JPpWN95BpGJOBvBCy6sTnNwW J4IUmDkxJT/rivil8VgbAPRXXquPTUWCn4UvGFbQDMaqjE2yjY0q+GpetJJdEQlT Sxis+wEjb7LzS87uo1ejabEFt5lBP+JT6npz3xZqT048RjdDGL0KCUwHZpQyoO/q +7dNluMJLLdHM4sUJgWlaQxpkmTCRer9kd61QQ1IplVtz2eiDPMofNbSqBIym4t8 67/MB8Hf2gvrbbzbUklFiTZSVlAhhynjahKVWG3dPq03AvBRfrKRXSXfz0mQiftc ehNrXfc8Yl9pS0NSC0VPLcqSrarhdkrN83Egq94XxZA5L5d6QEE0vOShQYYZSCmB B0lguIvBpcWPRVXxQz5lX0aEV/nZ3PLrdinUzkODAiwFHlf5Kl7zuHUM6elrcqZX JRYi4Z4f5rYvUkhwPJSpqRC03arTLfJ2bivjDU3hOMYA+0dKUqZF3/+aYpIrb/0g S4guEp3n5nfT2uMosxwc7e51dVWVilIWd+6YxpDu5070nmaiP9DJ4TV3fynj+Bo/ nn8nvSEKMrgYDicZc+/gJmkejzZNCOsMgu5mG+BPgJ1/TATAntPiAl1cILOHXgJE 4aXsWonpVbTgcC1LvC73 =j9RI -----END PGP SIGNATURE-----
--- End Message ---
