Your message dated Sat, 28 Jul 2018 04:19:13 +0000 with message-id <e1fjghf-000fq9...@fasolo.debian.org> and subject line Bug#904072: fixed in python-cryptography 2.3-1 has caused the Debian Bug report #904072, regarding python-cryptography: CVE-2018-10903: GCM tag forgery via truncated tag in finalize_with_tag API to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 904072: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904072 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: python-cryptography Version: 1.9-1 Severity: grave Tags: security upstream Justification: user security hole Forwarded: https://github.com//pyca/cryptography/pull/4342 Hi, The following vulnerability was published for python-cryptography. CVE-2018-10903[0]: GCM tag forgery via truncated tag in finalize_with_tag API If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-10903 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10903 [1] https://github.com//pyca/cryptography/pull/4342 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: python-cryptography Source-Version: 2.3-1 We believe that the bug you reported is fixed in the latest version of python-cryptography, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 904...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Tristan Seligmann <mithra...@debian.org> (supplier of updated python-cryptography package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 28 Jul 2018 05:50:55 +0200 Source: python-cryptography Binary: python-cryptography python3-cryptography python-cryptography-doc Architecture: source Version: 2.3-1 Distribution: unstable Urgency: medium Maintainer: Tristan Seligmann <mithra...@debian.org> Changed-By: Tristan Seligmann <mithra...@debian.org> Description: python-cryptography - Python library exposing cryptographic recipes and primitives (Pyt python-cryptography-doc - Python library exposing cryptographic recipes and primitives (doc python3-cryptography - Python library exposing cryptographic recipes and primitives (Pyt Closes: 904072 Changes: python-cryptography (2.3-1) unstable; urgency=medium . * New upstream release (closes: #904072). - Fixes CVE-2018-10903. * Bump Standards-Version to 4.1.5 (no changes). Checksums-Sha1: 2dfca52c0dde2b1ed71c99db0aa155d9525bb9de 3292 python-cryptography_2.3-1.dsc 2bb0184cab9ac1f78e011d243fbcb039028e79e6 449464 python-cryptography_2.3.orig.tar.gz 4dd26cb873f43c98d96b1500bcd72e700ce7a6fc 25456 python-cryptography_2.3-1.debian.tar.xz c168fdeaca9873937d1164d78e242361117b3e39 9916 python-cryptography_2.3-1_source.buildinfo Checksums-Sha256: ff562a45879dcb40b88518eae43230276d9aadb285f0f82033f3ba5c7440a9dd 3292 python-cryptography_2.3-1.dsc c132bab45d4bd0fff1d3fe294d92b0a6eb8404e93337b3127bdec9f21de117e6 449464 python-cryptography_2.3.orig.tar.gz a1a9a738c12ef73e4af5519a6c692508374859011b095e3fc23274d7f86fa269 25456 python-cryptography_2.3-1.debian.tar.xz 2c822ab4f40166ec3d702ed1219e718931c6041928211675b8da2d3737481760 9916 python-cryptography_2.3-1_source.buildinfo Files: f818874945eb292f14eec1856783c374 3292 python optional python-cryptography_2.3-1.dsc a0f3f563ab1c5c3bc02fae8d4aa3ad16 449464 python optional python-cryptography_2.3.orig.tar.gz 9cd8bd35e1e9fb90a59b06f235dbeac9 25456 python optional python-cryptography_2.3-1.debian.tar.xz 45dda000f71842c2ad3f3e8a85b26f12 9916 python optional python-cryptography_2.3-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQGpBAEBCgCTFiEEXAZWhXVRbQoz/6ejwImQ+x9jeJMFAltb7SNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDVD MDY1Njg1NzU1MTZEMEEzM0ZGQTdBM0MwODk5MEZCMUY2Mzc4OTMVHG1pdGhyYW5k aUBkZWJpYW4ub3JnAAoJEMCJkPsfY3iTWf0H/2p3vIgKvvOx9Qq0BuwubDNiwCnd LV3QSO0f1ptr9UuYuxRC7X8rs7vPXzkkUZEH125XWYsTOWk+W5/kdWkWibf0UEjI laz+Ai8nts6gPugy7xS3QzhdJ2dZ4JgjBKsHzIhRdaqouwEbND+cs9k6IFemS6KW 15dosf+/v3eIYKqDLJJZo3zbRvWzT2wpd/QSYypfvgFcW+RcbzB25BWSQzMSzNMv WskpAn4aDr/riKuKTuFACl9b22b9zcKomPMclv+UX4nhp5JPtmDMHJKj+6Y7fPQC 89wTm4MzdEJQb9VkSjaJgjHZ02WS3Q4GLdZrg7bqw50U/sZtasmbVUatIX8= =mAez -----END PGP SIGNATURE-----
--- End Message ---
