Your message dated Thu, 07 Sep 2017 21:17:36 +0000 with message-id <e1dq4b6-0005u0...@fasolo.debian.org> and subject line Bug#873383: fixed in libgcrypt20 1.7.6-2+deb9u2 has caused the Debian Bug report #873383, regarding libgcrypt20: CVE-2017-0379: side-channel attack on Curve25519 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 873383: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873383 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libgcrypt20 Version: 1.7.1-1 Severity: grave Tags: upstream patch security fixed-upstream Hi, the following vulnerability was published for libgcrypt20. CVE-2017-0379[0]: side-channel attack on Curve25519 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-0379 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0379 [1] https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=da780c8183cccc8f533c8ace8211ac2cb2bdee7b Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libgcrypt20 Source-Version: 1.7.6-2+deb9u2 We believe that the bug you reported is fixed in the latest version of libgcrypt20, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 873...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated libgcrypt20 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 27 Aug 2017 11:58:04 +0200 Source: libgcrypt20 Binary: libgcrypt20-doc libgcrypt20-dev libgcrypt20 libgcrypt20-udeb libgcrypt11-dev libgcrypt-mingw-w64-dev Architecture: source Version: 1.7.6-2+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-ma...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 873383 Description: libgcrypt-mingw-w64-dev - LGPL Crypto library - Windows development libgcrypt11-dev - transitional libgcrypt11-dev package libgcrypt20 - LGPL Crypto library - runtime library libgcrypt20-dev - LGPL Crypto library - development files libgcrypt20-doc - LGPL Crypto library - documentation libgcrypt20-udeb - LGPL Crypto library - runtime library (udeb) Changes: libgcrypt20 (1.7.6-2+deb9u2) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * ecc: Add input validation for X25519 [CVE-2017-0379] Mitigate a local side-channel attack on Curve25519 dubbed "May the Fourth be With You". (Closes: #873383) Checksums-Sha1: d0c8b9cd9ab574e5a39e6f7ca9fee8b1c1c85e2b 2838 libgcrypt20_1.7.6-2+deb9u2.dsc 62df79e2ba8557dff4ca265478189cd39528e2c5 32044 libgcrypt20_1.7.6-2+deb9u2.debian.tar.xz Checksums-Sha256: ece58728d3b18510e0f0a699b5207c393f67e96e0e9cb3191eeb831f2b7d61c1 2838 libgcrypt20_1.7.6-2+deb9u2.dsc 190182723dd39b256cb03e0b74ad9c2047943fe53584c7794b2cec080d5e33e6 32044 libgcrypt20_1.7.6-2+deb9u2.debian.tar.xz Files: 90a6437e47b9932872c8fb19f9cd8b05 2838 libs optional libgcrypt20_1.7.6-2+deb9u2.dsc cb7b252278ec7bd5da6405bfdd68561f 32044 libs optional libgcrypt20_1.7.6-2+deb9u2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlmimlxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89ENswP/3ALtCFYu828QeOammzuUy6Gb/qbiL6D DWPtvl5bio159b2jj721X6B3sOesxyDCwI8LRBwXG6i6y78YSdt/Z5xLwyXVIWHD FgTKlwJkjUIjKFMVk63tR+dlN8Z+D4+pqdWYNLjvl0+r9y9peNaekKV8mhvHoSPV UVKSDdhAYdZg5+PezIKpdpLCk7zUS41M3B+Okvrt+vhanTB3loIKiqlmQOS5G00V 8x+5o+aWRsC4OOoet4d5uvGTAc9np8T7w/oWine1laBIb1bCggCUfFET6SjtSBAs KtO9+UbaMzyXOZuf9e+loxf2kc4slRhf1kwEped03c2Mewk9pLqoRXKmag9zB9v2 cALAvv74ZaDx4wyhJnkwkN0eXwyS6YCjik6GgFLK6c6EHkv/WUuZ9T+v4wfAVfgh G0yjXS0f+PzstN14nJgVrwDNTjl8awa206bu4cAf2R9yaGTBNhXUNh44uYjtVZ9W HMZ5V8WiwQ4NyI+PehNTQW9ZgnlqFAdF5kM658bJebnAk05w/Z1CZNFSWuLj4HTh iUGgAUJrCnle1THNq9qG3qEIMudj8SZWE1o0x3Q7XNXxACuwoswCtpxtPeSHS5fI JD/yK5eM4NoqAFvWo2WL/VKjkMuFUDCQcnxETo+CR8EiP+T/khf6z/xsUL2UIlIa AhIUB5SmO/xK =+KZi -----END PGP SIGNATURE-----
--- End Message ---
