Your message dated Thu, 22 Jun 2017 15:36:37 +0000 with message-id <e1do49t-000b3v...@fasolo.debian.org> and subject line Bug#865480: fixed in openvpn 2.4.3-1 has caused the Debian Bug report #865480, regarding openvpn: CVE-2017-7508 CVE-2017-7520 CVE-2017-7521 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 865480: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865480 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: openvpn Version: 2.3.4-1 Severity: grave Tags: security upstream Hi, the following vulnerabilities were published for openvpn. CVE-2017-7508[0]: Remotely-triggerable ASSERT() on malformed IPv6 packet CVE-2017-7520[1]: Pre-authentication remote crash/information disclosure for clients CVE-2017-7521[2]: Potential double-free in --x509-alt-username and memory leaks If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-7508 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7508 [1] https://security-tracker.debian.org/tracker/CVE-2017-7520 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7520 [2] https://security-tracker.debian.org/tracker/CVE-2017-7521 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7521 [3] https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 [4] http://www.openwall.com/lists/oss-security/2017/06/21/6 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: openvpn Source-Version: 2.4.3-1 We believe that the bug you reported is fixed in the latest version of openvpn, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 865...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Alberto Gonzalez Iniesta <a...@inittab.org> (supplier of updated openvpn package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 22 Jun 2017 13:25:45 +0200 Source: openvpn Binary: openvpn Architecture: source amd64 Version: 2.4.3-1 Distribution: unstable Urgency: high Maintainer: Alberto Gonzalez Iniesta <a...@inittab.org> Changed-By: Alberto Gonzalez Iniesta <a...@inittab.org> Description: openvpn - virtual private network daemon Closes: 865480 Changes: openvpn (2.4.3-1) unstable; urgency=high . * The "Bye bye OpenVPN" release. * New upstream release fixing: (Closes: #865480) - CVE-2017-7508 - CVE-2017-7520 - CVE-2017-7521 - CVE-2017-7522 * Plugin libs have been moved to /usr/lib/ARCH/openvpn/plugins * debian/rules: - Remove obsolete options to configure script (enable-password-save, with-plugindir (now in ENV_VARS)) - No need to install upstream's systemd unit files from debian/rules Checksums-Sha1: 94bc60566128088509db0f3876d280f6f671044e 2092 openvpn_2.4.3-1.dsc 0630f30858ff2199739246f1295871226e0a7705 1422692 openvpn_2.4.3.orig.tar.gz 79f0272cfaecb55fe67ebb0ac8310225ac7fcb5a 50844 openvpn_2.4.3-1.debian.tar.xz 3f3c33e8ec275c5c80209a0686823994780938d7 1383686 openvpn-dbgsym_2.4.3-1_amd64.deb e618b26ade0861126f94d83bf727756314871f7f 6512 openvpn_2.4.3-1_amd64.buildinfo 4db07ad705ea161d7276e91e0c5f6ebf6faab93a 479474 openvpn_2.4.3-1_amd64.deb Checksums-Sha256: f75c6d745f7f8ae68235f46412682ea70b85a77b60c1a02891b677b58aa37b66 2092 openvpn_2.4.3-1.dsc cee3d3ca462960a50a67c0ebd186e01b6d13db70275205663695152c9aca8579 1422692 openvpn_2.4.3.orig.tar.gz 77afdee0a26293b6ba0dbe605b0b871f1cabe3be0f5c63fa02548981a339e5eb 50844 openvpn_2.4.3-1.debian.tar.xz 760e90e1a8706c94f7fde4bcdefff9fe48fe8f4eea8466ec9ae07fd0176a0b09 1383686 openvpn-dbgsym_2.4.3-1_amd64.deb d07afb7265715095b7e590bfab6abfef976e886c1f0d7f345baf86309b13cabe 6512 openvpn_2.4.3-1_amd64.buildinfo 0c3af2fa3ccfc074d7156a469addb9482241d50a9adc7d8f2d19fa8f1bf97d42 479474 openvpn_2.4.3-1_amd64.deb Files: e7943312a026353c5eeb4d3ac9be4022 2092 net optional openvpn_2.4.3-1.dsc e1929f82aff40f3d105e5f72aacff9c1 1422692 net optional openvpn_2.4.3.orig.tar.gz e8b787b5d26dcd64294e5da7bbae164a 50844 net optional openvpn_2.4.3-1.debian.tar.xz 7bf9bba0ae5ea56d1d902849bada108e 1383686 debug extra openvpn-dbgsym_2.4.3-1_amd64.deb 12842db39e1a4c767c8f24d5ff4702ae 6512 net optional openvpn_2.4.3-1_amd64.buildinfo 2b1ba9c13713f2056c82b09a5c167ab2 479474 net optional openvpn_2.4.3-1_amd64.deb -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEEU0fL2D4wqetNfUvyAJszdWuaqlUFAllL3GcQHGFnaUBpbml0 dGFiLm9yZwAKCRAAmzN1a5qqVX24D/44hKxvHtdAQ4O1gJ1UX+gIQIrWHTKuAQIM J8yxSFuKPFImg+nBgjYa3Sx/GM90DKcQ7T0sxMa/B2Wdt/LSVTyYYSnq5VybFMy+ HIA7UZP15Xj0ylDYqTnN01pDxyX26B+QZ0Z8NPHBjgs6jKIMDJ7lFzU1ZkwKVMBH Btn71vSeFr+gasdO2DnSJrjpi6/BtIzOA3+y/3cH3mMaKaTEpkrifhJWmRXnlQtH 2tKb4bTsaCU9dKu5a3SZvIpgA7wzUqNU/xyj5XrB7vXK81BQlhKdBYsjIvZctQdR R8PLCu0YygktD2I9y0Ip2ULlaonm4b5njOjZNGw0TTCsq2cLSkM7NWfni4HmHQ6/ iX/JGmxr3vOGYEqeo0TLkDnoPGumVulyAwzxNfvYcG7HYWf53RoIOE6BenCVMIWU sbZRQ3hxmSSQhT4Q0QFbNZvlKMiluwsOXnj3kd+6cxaBsRXnXudPUHu1PeKvfVE+ fbqxKhCEKmOkTkf+KIOw0O413GhT4UE4ygW5VPhNXBLYuHjsTFWrr50PhCvbx6Rq XzZssbNCbuedVslTtkchHcRlZbhUycjwQjgiqCFHDHaYjv3oU6kYGzNFrGPRNlAp lK6cdnX6E0Cy5cVXQS6XiUp2OusNAXHJK30szLySfMi/i/5H2KcV7m7Wz1X01se8 n0bGzzH2Cw== =/R0+ -----END PGP SIGNATURE-----
--- End Message ---
