Your message dated Fri, 15 Jun 2018 00:49:45 +0000 with message-id <e1ftcvx-00091l...@fasolo.debian.org> and subject line Bug#901574: fixed in password-store 1.7.2-1 has caused the Debian Bug report #901574, regarding pass: Security Vulnerability: Faulty GPG Signature Checking (CVE-2018-12356) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 901574: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901574 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: pass Version: 1.6.5-7 Severity: important Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** I was reading https://lists.zx2c4.com/pipermail/password-store/2018-June/003308.html and checked my installation and saw the security fix wasn't applied yet. Please apply commit: https://git.zx2c4.com/password-store/commit/?id=8683403b77f59c56fcb1f05c61ab33b9fd61a30d See also: https://salsa.debian.org/security-tracker-team/security-tracker/commit/11310766438958f0166ac0ba0d77fe0174f6e937 *** End of the template - remove these template lines *** -- System Information: Debian Release: 9.4 APT prefers stable APT policy: (999, 'stable'), (900, 'testing'), (400, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-6-amd64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968), LANGUAGE=en_US:en (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages pass depends on: ii gnupg 2.1.18-8~deb9u2 ii gnupg2 2.1.18-8~deb9u2 ii pwgen 2.07-1.1+b1 ii tree 1.7.0-5 Versions of packages pass recommends: ii git 1:2.11.0-3+deb9u3 ii gnupg2 2.1.18-8~deb9u2 ii xclip 0.12+svn84-4+b1 Versions of packages pass suggests: ii libxml-simple-perl 2.22-1 iu perl 5.24.1-3+deb9u4 ii ruby 1:2.3.3 -- no debconf information
--- End Message ---
--- Begin Message ---Source: password-store Source-Version: 1.7.2-1 We believe that the bug you reported is fixed in the latest version of password-store, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 901...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Colin Watson <cjwat...@debian.org> (supplier of updated password-store package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 15 Jun 2018 01:16:58 +0100 Source: password-store Binary: pass Architecture: source Version: 1.7.2-1 Distribution: unstable Urgency: medium Maintainer: Colin Watson <cjwat...@debian.org> Changed-By: Colin Watson <cjwat...@debian.org> Description: pass - lightweight directory-based password manager Closes: 901574 Changes: password-store (1.7.2-1) unstable; urgency=medium . * New upstream release: - CVE-2018-12356: Ensure signature regexes are anchored (closes: #901574). Checksums-Sha1: b1ea37522f359b62c649d7a295641ebeeca869aa 1892 password-store_1.7.2-1.dsc d8027e01634cec0694a5513ab6950e639cf2c69c 63620 password-store_1.7.2.orig.tar.xz 69aae8d84360bee5978e66afbf6241bc779c67c9 6288 password-store_1.7.2-1.debian.tar.xz acc6afe41737756b321a3dddad9b3799d62b417c 10724 password-store_1.7.2-1_source.buildinfo Checksums-Sha256: 8484d389c7e44716d8c12497be66e35ea3f6f03f8cfbbb0b9af5f639ec2e574a 1892 password-store_1.7.2-1.dsc 4768c5e1965c4d2aeb28818681e484fb105b6f46cbd75a97608615c4ec6980ea 63620 password-store_1.7.2.orig.tar.xz 86e3c09b5d4e5c4b7a4079a4c09858182d71eba0ea49d143434231fe2c2da461 6288 password-store_1.7.2-1.debian.tar.xz 270a21afb11669dff9a0a0fd2e694c1a9f9fe3c8cc9b5f2b70800698e9dd52a0 10724 password-store_1.7.2-1_source.buildinfo Files: 50612f4566c3b8ad0da0667a068acad8 1892 admin optional password-store_1.7.2-1.dsc 6e2fd1baae2354fe03fae85e403505be 63620 admin optional password-store_1.7.2.orig.tar.xz 57e70ed142f43f81a13d05b76af974f3 6288 admin optional password-store_1.7.2-1.debian.tar.xz 4941737e59a4b7b326332dafd6bb9bd1 10724 admin optional password-store_1.7.2-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAlsjBZEACgkQOTWH2X2G UAtdEg/+KtXsuzWutZVcJscDAbnHdxDu0QnccJy9V0+M3MSF8e4YXiq8w8ZdS07E osT8TCh7yY74VIRsD1VYgqA61lWz5SyG5KpPobGn8PTP98Hmpvum+BQZyGYOEwmj JI3Y+TYDkRV00NR6ilcapwRQS/qRcRsme+Zx9qiMYxaPxBYlDXpg+gGQVV6gEV/8 87TPsc8SuPKOHMrNj48+M5YInncIcfRCDKgN7Dlr+Bn/dacl/38DWkNc3eRgOIeM NxwIDFaBbz+M5Ypd83xJ5XoxcKNd78uxrvIzbHTjHcaBBxc6C7SO6iz1O/f6zs2S ONJL7M3uE6sUl6xU1BbwFiRxkA9IAJi1whhTQE38YF6UD2HFlwTtqIaHunQdZli0 N5f+Z4cG4DIOP6Tznnuem7Hv1obhAXHPtHGNCAEZ5SOtKefVQxDdT4zyZtVUomIY K6pwsKjqDlbrYcs1yCyq5uytIGY4JVanh1aSCKxT4ssOzvgFajoTqYfpGXhvYmHG BbgC2aPPhxZzV8cpUO1gRIqvpL62gxajOn6uBS551XeecaTdHtI8OuIBaZGpcxpS +scLASRuCVgRzULTO+1a9PypRmFh4nOl42nkKjWHs7jd/CPC2C7RvmR81kAwz82W Nd0SRtFMJzGna9+WVSTDsUtgCUmccPrLowIeaEQHrLbXeIi3Lrk= =7VKd -----END PGP SIGNATURE-----
--- End Message ---
