Your message dated Sat, 23 Dec 2017 00:00:09 +0000
with message-id <e1esxex-0009ct...@fasolo.debian.org>
and subject line Bug#884235: fixed in wolfssl 3.13.0+dfsg-1
has caused the Debian Bug report #884235,
regarding wolfssl: CVE-2017-13099
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
884235: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884235
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: wolfssl
Version: 3.12.2+dfsg-1
Severity: grave
Tags: patch security upstream
Forwarded: https://github.com/wolfSSL/wolfssl/pull/1229
Hi,
the following vulnerability was published for wolfssl.
CVE-2017-13099[0]:
| ROBOT attack / Fix handling of static RSA padding failures.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-13099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13099
[1] https://github.com/wolfSSL/wolfssl/pull/1229
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: wolfssl
Source-Version: 3.13.0+dfsg-1
We believe that the bug you reported is fixed in the latest version of
wolfssl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 884...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Felix Lechner <felix.lech...@lease-up.com> (supplier of updated wolfssl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 21 Dec 2017 15:43:45 -0800
Source: wolfssl
Binary: libwolfssl15 libwolfssl-dev
Architecture: source amd64
Version: 3.13.0+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Felix Lechner <felix.lech...@lease-up.com>
Changed-By: Felix Lechner <felix.lech...@lease-up.com>
Description:
libwolfssl-dev - Development files for the wolfSSL encryption library
libwolfssl15 - wolfSSL encryption library
Closes: 884235
Changes:
wolfssl (3.13.0+dfsg-1) unstable; urgency=medium
.
* New upstream release
* Fixes "robot attack" CVE-2017-13099 (Closes: #884235)
* New major number 15
* Set Standards-Version: 4.1.2
* Improved clean target for repeated builds
Checksums-Sha1:
e0390df647ee0dde910ec4721e756b7d6300e82d 1869 wolfssl_3.13.0+dfsg-1.dsc
cb1f2130e99b2c26181f894ad6b90d23f77f3aa0 2386396
wolfssl_3.13.0+dfsg.orig.tar.gz
454621edcc99c1d8a8f3136ca08c12951b4f66bd 16144
wolfssl_3.13.0+dfsg-1.debian.tar.xz
4bd531bd323392af638576d5ecd3e74167b81053 579396
libwolfssl-dev_3.13.0+dfsg-1_amd64.deb
d78594a368787dffcabdb337d7d9e889b10754ae 1095100
libwolfssl15-dbgsym_3.13.0+dfsg-1_amd64.deb
903a4f80152a015e9ed19f1fd7b7138bb77644c1 393220
libwolfssl15_3.13.0+dfsg-1_amd64.deb
955ff1bd5f931eb7cb435274756263d95e72c1a8 5959
wolfssl_3.13.0+dfsg-1_amd64.buildinfo
Checksums-Sha256:
48261c9814314ff791a8a961b15ff4c7bd7864cbe1ba2d44e56b19cff2d1a159 1869
wolfssl_3.13.0+dfsg-1.dsc
2f0eec65bd5957ade116d54ae0e49a061a545d3d62c8eff248bde08154dae85d 2386396
wolfssl_3.13.0+dfsg.orig.tar.gz
bb89af8f367f072d09ec533ffcfcc06963de8716704e28053ca9169b97baa9b2 16144
wolfssl_3.13.0+dfsg-1.debian.tar.xz
9a997738dc2f7a91d8ba2cffb44f580c8b1e070eef0caaf60bf16c197f0220a6 579396
libwolfssl-dev_3.13.0+dfsg-1_amd64.deb
2b12e45045ced356e0a7d0b8f74e7431329b06df574caf75ad579cc0976aaee9 1095100
libwolfssl15-dbgsym_3.13.0+dfsg-1_amd64.deb
1d46fc2a68b1b5c2058c5d6922dc86c81a440230925b3ef66c261e3cb8d9a4eb 393220
libwolfssl15_3.13.0+dfsg-1_amd64.deb
c5e7934f54a4547dff430f5fdae0359b0c9c1f823e6a5f049a4c0b4f6317380f 5959
wolfssl_3.13.0+dfsg-1_amd64.buildinfo
Files:
f002811bb862504c7db60c2417e5d5dd 1869 libs optional wolfssl_3.13.0+dfsg-1.dsc
e7d54399ee5d3b2c9b6494dd345bef73 2386396 libs optional
wolfssl_3.13.0+dfsg.orig.tar.gz
5c9feca321143b87a18837bd1f44d289 16144 libs optional
wolfssl_3.13.0+dfsg-1.debian.tar.xz
4d5984fe65606c7389a2486e3315527a 579396 libdevel optional
libwolfssl-dev_3.13.0+dfsg-1_amd64.deb
ad0b207f1ba61ba01b44ff7f074f557e 1095100 debug optional
libwolfssl15-dbgsym_3.13.0+dfsg-1_amd64.deb
d1b270b001434fa3d237ae0e587144e4 393220 libs optional
libwolfssl15_3.13.0+dfsg-1_amd64.deb
a1164a2cdd8992621ed56d9d9989a889 5959 libs optional
wolfssl_3.13.0+dfsg-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlo8zXoACgkQHpU+J9Qx
HliYvQ//SQaOW918aKkktb6/B0lU98TMJZu0BZSQDCeyYEKWW3eU4igxvhzehQf3
C82Xr4EIpkROOmDOPj+tFboewz6EgxbzbgfIoyzUFQjPGpCCb8Wj7SEIgxTEeTKI
dksnvVvwqziIB58dai6LiRqX8b8hpsObFtQonUS+UgBIBDokq2sOV4l7OY9TRQnJ
2v2QP8oD+Byw1S0N/BZHu4cF0AtVNOxEqBxMw/nAzmq4TtgOe0y9cKXW/R8hh94v
9MTC/pFh6y26gT7TNLC0CKmJ6Yh5spKOWTwQ85RkNxA1+KyxWnSMewzw4VWV74R2
ZwL7t2I4xfkKuAL+4QxidgN6msColSFw1uYVjvksU9lgiqKqMCFzZi7VuhX6e+Ds
sHI7owBBhjq8/IcWnSs5T2cEIsA+mG9aYDQEMnw1IteAE33GSbsyB1jNzFNv2EoV
QHbm/PnHcsTQTc8BLyX5y+zJ0uLtkNOfJ1fdLvucrfVhC6MELDcv9imuyHoERZmr
PPo4cgtCqmtTn7/SLi5pxTcKh0Ku/+wi5jqu2IXF29oZjtWu9GTcmvIqrvVJ9Ie6
QClta3ldJ2pCPW3DFXPdhuSbFfs00Ot96VEub/IQ4NCAlY5uuZMvLVrzPGlPO9gM
0C2SEsPXUGSV+K4etjaiyireP1LDQx93DC5OgTcZ45FMB/7xo0Q=
=58tD
-----END PGP SIGNATURE-----
--- End Message ---
