Your message dated Sun, 27 Aug 2017 10:55:58 +0000 with message-id <e1dlveu-0002l4...@fasolo.debian.org> and subject line Bug#873383: fixed in libgcrypt20 1.7.9-1 has caused the Debian Bug report #873383, regarding libgcrypt20: CVE-2017-0379: side-channel attack on Curve25519 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 873383: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873383 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libgcrypt20 Version: 1.7.1-1 Severity: grave Tags: upstream patch security fixed-upstream Hi, the following vulnerability was published for libgcrypt20. CVE-2017-0379[0]: side-channel attack on Curve25519 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-0379 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0379 [1] https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=da780c8183cccc8f533c8ace8211ac2cb2bdee7b Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libgcrypt20 Source-Version: 1.7.9-1 We believe that the bug you reported is fixed in the latest version of libgcrypt20, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 873...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Metzler <ametz...@debian.org> (supplier of updated libgcrypt20 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 27 Aug 2017 11:56:17 +0200 Source: libgcrypt20 Binary: libgcrypt20-doc libgcrypt20-dev libgcrypt20 libgcrypt20-udeb libgcrypt11-dev libgcrypt-mingw-w64-dev Architecture: source Version: 1.7.9-1 Distribution: unstable Urgency: high Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-ma...@lists.alioth.debian.org> Changed-By: Andreas Metzler <ametz...@debian.org> Closes: 873383 Description: libgcrypt11-dev - transitional libgcrypt11-dev package libgcrypt20-dev - LGPL Crypto library - development files libgcrypt20-doc - LGPL Crypto library - documentation libgcrypt20 - LGPL Crypto library - runtime library libgcrypt20-udeb - LGPL Crypto library - runtime library (udeb) libgcrypt-mingw-w64-dev - LGPL Crypto library - Windows development Changes: libgcrypt20 (1.7.9-1) unstable; urgency=high . * New upstream version, mitigates a local side-channel attack on Curve25519 dubbed "May the Fourth be With You". [CVE-2017-0379] Closes: #873383 + Drop 30_mpi-Fix-mpi_set_secure.patch Checksums-Sha1: a9fb596aa341d031f137ceeb3a6f31e2b582bc4d 2914 libgcrypt20_1.7.9-1.dsc 04126cdca54074d8768dea4287493a5b338a9a98 2897137 libgcrypt20_1.7.9.orig.tar.bz2 ec6cd788d04aec601a953b26eb8321aa2d144253 310 libgcrypt20_1.7.9.orig.tar.bz2.asc 2f26728ba8895647696ac87ad4102c6980f42f76 26020 libgcrypt20_1.7.9-1.debian.tar.xz Checksums-Sha256: d922d12b25a64cd25601b34380bed9c9ca3c8fd4c9625951641fcc8766c7796d 2914 libgcrypt20_1.7.9-1.dsc bfe9bb703c1126c3647da2810fd23039c2f09d46969f71612c2065dc3fa9373b 2897137 libgcrypt20_1.7.9.orig.tar.bz2 96108d1701cd3c8a6826d7d2a27056de79421fe20bf9ef447e8c12e982f64414 310 libgcrypt20_1.7.9.orig.tar.bz2.asc 1a0775f8e8921aa537db92c06cca82780cb24adf04775e2f944a23d867414d55 26020 libgcrypt20_1.7.9-1.debian.tar.xz Files: 6fb53ee561e080cd20c74e85fd2956aa 2914 libs optional libgcrypt20_1.7.9-1.dsc 439432d08fa5aa826752589ea1b69efc 2897137 libs optional libgcrypt20_1.7.9.orig.tar.bz2 62b5984d10ce92111cca0bc41cfd6ad3 310 libs optional libgcrypt20_1.7.9.orig.tar.bz2.asc b69a1c475593a087699f97d2ab437628 26020 libs optional libgcrypt20_1.7.9-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAlmioX4ACgkQpU8BhUOC FIQNyg//YlalRpHjPjCqVjrAvFvzSu0+Mxf+w8Tz2d0sOcUnR696XcugeDAyvaj3 /bcuFuZzGmtyli0wLIxjVVLIWb8WCCTVcI268anAYJlBofNKKDbwvvBRm+gCNNcq JKNIOVMd595QbIPHnt1mM71QxjLjM1lPMRunvAEafReFpFz3EtLQ9nGwhbeqET38 hkrgmguGAc6pQchaJw26FA/6ZjN4ANI75n6YtX0rCq3gVxOFMiI+aYLgQG44R8TS paaF3IbLS2lpZCR/o1xMNIrTPA7TuMJ4fo9utmfcSqgxDfrlga8316SugQLEY3sG MFkwjEdF3yRZ6d7gBG6ec75JJWQENiZVCQurdVWEKmolwmSK1UX71wESdLuSxmij WwBJLDY20dFWtk+2GIgmDHdJwqbr4DpOpwkSQfifzhjlD3i65XisYCiNWNiizQe/ UWPKRrXq7qIhbtm5uyRZvc+ddMJHFukaSZUm2ZZdkRlvz9PDpqxo5FLF7JJElPWi aPZp6IGhi369a6XJMX95sKM4B1BmVPuVexslD/xIjYoeXtEyW+gIhq3aY0BL7thU PWpx1l025wYZAY47sue8T4K5cRZiDTE7hVOm8//kgeDJx0JbMlipn5cAL/+53t2O rUBdgdHlzujkpqGMgF7SwbPa77b2jvtAv0x4BEmIO41/Wc1UIkE= =I4mP -----END PGP SIGNATURE-----
--- End Message ---
