Your message dated Wed, 10 Feb 2016 22:17:07 +0000 with message-id <e1atd4n-0000kc...@franck.debian.org> and subject line Bug#801413: fixed in polarssl 1.3.9-2.1+deb8u1 has caused the Debian Bug report #801413, regarding polarssl: CVE-2015-5291: Remote attack on clients using session tickets or SNI to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 801413: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=801413 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: polarssl Version: 1.2.8-2 Severity: grave Tags: security upstream fixed-upstream Hi, the following vulnerability was published for polarssl. CVE-2015-5291[0]: Remote attack on clients using session tickets or SNI It has been fixed in PolarSSL 1.2.17 branch, then the rebranded mbed TLS 1.3.14 (and mbed TLS 2.1.2). If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-5291 [1] https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: polarssl Source-Version: 1.3.9-2.1+deb8u1 We believe that the bug you reported is fixed in the latest version of polarssl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 801...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Guido Günther <a...@sigxcpu.org> (supplier of updated polarssl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 05 Feb 2016 13:41:23 +0100 Source: polarssl Binary: libpolarssl-dev libpolarssl-runtime libpolarssl7 Architecture: source Version: 1.3.9-2.1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Roland Stigge <sti...@antcom.de> Changed-By: Guido Günther <a...@sigxcpu.org> Closes: 801413 Description: libpolarssl7 - lightweight crypto and SSL/TLS library libpolarssl-dev - lightweight crypto and SSL/TLS library libpolarssl-runtime - lightweight crypto and SSL/TLS library Changes: polarssl (1.3.9-2.1+deb8u1) jessie-security; urgency=high . * Non-maintainer upload. * Backport patches for CVE-2015-5291 and CVE-2015-8036 (Closes: #801413) * Add simple smoke test Checksums-Sha1: 5cca94595fad469f4db2fe5dcb01a9c3bee282b0 1866 polarssl_1.3.9-2.1+deb8u1.dsc 3462b4455e1443ac1a1007fbd69861ebfb5c5506 1741396 polarssl_1.3.9.orig.tar.gz 5a1c499f6b3308efe985d4778aaf3f6d108ac673 8844 polarssl_1.3.9-2.1+deb8u1.debian.tar.xz Checksums-Sha256: d5495ac3ea1daf3c692095bd378cd9828a8a08bbde22d1d01592a71dc563b4bb 1866 polarssl_1.3.9-2.1+deb8u1.dsc d3605afc28ed4b7d1d9e3142d72e42855e4a23c07c951bbb0299556b02d36755 1741396 polarssl_1.3.9.orig.tar.gz a82ea0b17baee04e84c9d1ff798e98a56fb7868d7a465797e4c383f767622023 8844 polarssl_1.3.9-2.1+deb8u1.debian.tar.xz Files: a1a14db34e03ef2c4d6727f5ffa72315 1866 libs optional polarssl_1.3.9-2.1+deb8u1.dsc 48af7d1f0d5de512cbd6dacf5407884c 1741396 libs optional polarssl_1.3.9.orig.tar.gz 217fee58d15b80c4f9a9b87b100abf49 8844 libs optional polarssl_1.3.9-2.1+deb8u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJWthUUAAoJEAe4t7DqmBIL8WMP/1TW8g2d52ty0ZVhfP2gCSpF 0AJ83uvTjHGR+O3akI+44TTFkwmW+aGkleErIRk9S6V9Ru6OyLSjyBg9zuGshYU7 BG+HPMhzUbZ2wTc7gdBoYwetjE8MYMgof23bFVSZtJPtxJH5T5Upaz8qi7U9FDtM lTjqw2p+xFwZLJmiXiq4ULi6gtv4mykV6yH55RabXbl1u31UjXiTItxmlFEvzvWv NxXE/J62MzPZPoNZ/8wXNPApiQW5JfEiSw+3WPcO8cf/acgr9+6YPJUbBB+pi2M4 eZOT08XhzGJaEbldSWb4U6xEm+rEFb/tYv55fW+VGVwXMOhrN4CCaN4/Ej1ZcpgD NNCVpsKI2HZxwGw0Pxm5xoKkc5blG9HHReKAkXHhebtuIfXGzeHs8AkXYzzhSkD8 55vp9xLscDj7R72YuZ8lcLV4lRJzkt6V5r/FWZxoroySZvWPgWCyyDprRmBimoik fJ+0snd4NrOLpBkX48A4/OjtmoUiij9JfvRQcLrsy3Rmx8okUD5Ze/3tXh3cx8fI +3oX9D0I7hfQpA3gPp3lBrTAYZlCNdWP83T6XiCYCyDbVvVvJnD8wh5Am+ytoJwu dV41cXMiU7EHZdFOAdJJ50QM9K7Yi76xTrXnU7iz1LplBJmSvU9oDE06sttylwkR Sb3gPCagXctamhLiWvyu =TGMn -----END PGP SIGNATURE-----
--- End Message ---
