Your message dated Fri, 08 Feb 2019 19:34:39 +0000 with message-id <e1gsbv5-000es8...@fasolo.debian.org> and subject line Bug#921725: fixed in libu2f-host 1.1.7-1 has caused the Debian Bug report #921725, regarding libu2f-host: CVE-2018-20340 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 921725: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921725 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libu2f-host Version: 1.1.2-2 Severity: grave Tags: security upstream Control: found -1 1.1.6-1 Hi, The following vulnerability was published for libu2f-host. CVE-2018-20340[0]: buffer overflow If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-20340 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20340 [1] https://www.yubico.com/support/security-advisories/ysa-2019-01/ Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libu2f-host Source-Version: 1.1.7-1 We believe that the bug you reported is fixed in the latest version of libu2f-host, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 921...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nicolas Braud-Santoni <ni...@debian.org> (supplier of updated libu2f-host package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 08 Feb 2019 20:09:53 +0100 Source: libu2f-host Architecture: source Version: 1.1.7-1 Distribution: unstable Urgency: critical Maintainer: Debian Authentication Maintainers <team+a...@tracker.debian.org> Changed-By: Nicolas Braud-Santoni <ni...@debian.org> Closes: 921725 Changes: libu2f-host (1.1.7-1) unstable; urgency=critical . * New upstream version 1.1.7 + Fix CVE-2018-20340 (Closes: #921725) + Add support for new device: tomu board with chopstx u2f + Drop obsolete patch . * debian/libu2f-udev.metainfo.py + Typecheck with mypy, fix exposed issues + Display line number in error messages . * debian/control: Update my uploader email address * Add Build-Depends-Package metadata to the symbols file * Use a script to generate an up-to-date, minimal, upstream keyring * Comply with policy v4.3.0 - Ship upstream NEWS file . * debian/libu2f-udev.metainfo.* + Fix minor wart in AppStream metadata generation script + Relicense under LGPL-2.1+ The metadata generated by the Python script is derived from udev rules that are themselves under LGPL-2.1+ While it's arguably a collection of facts (and non-copyrightable), it makes things easier if we claim the same license for the generating scripts, input data, and generated artifacts. Checksums-Sha1: 96bd030296e1edce32707ff126fa5afac731aaff 2415 libu2f-host_1.1.7-1.dsc c269022530279ba72d4d03069059c7a4bb1553fa 469784 libu2f-host_1.1.7.orig.tar.xz f448d1d2d073efe12abda03e2fabb5ae3ae0dfc6 49332 libu2f-host_1.1.7-1.debian.tar.xz c998941c67ae600d2d33ae69652e34b22963fe63 12562 libu2f-host_1.1.7-1_amd64.buildinfo Checksums-Sha256: eefd0598bd59b49b3a8208bf650950170be85ada35d87ddc3d7d0d6991ee11c4 2415 libu2f-host_1.1.7-1.dsc 917a259f2977538bc31e13560c830a11e49f54f27908372c774bbbb042d2dcff 469784 libu2f-host_1.1.7.orig.tar.xz 1772e653de9d248c1bfcd35547ba3fd2dae7f1830a7e890a5442009dfeeb4a1f 49332 libu2f-host_1.1.7-1.debian.tar.xz 221b0bd93d80f1a07c466b722a010fb5866ac0ccacfcf9427c38861ad0362a9c 12562 libu2f-host_1.1.7-1_amd64.buildinfo Files: 80545cdcbbdec33d257f9f9ee34f749c 2415 utils optional libu2f-host_1.1.7-1.dsc 3b46158424d2776f0a688c920de96885 469784 utils optional libu2f-host_1.1.7.orig.tar.xz 818599c8113438e1bce60b7f6d1c741e 49332 utils optional libu2f-host_1.1.7-1.debian.tar.xz d63b7b245fbfc8ed330cb29f87b84a1c 12562 utils optional libu2f-host_1.1.7-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEU7EqA8ZVHYoLJhPE5vmO4pLV7MsFAlxd1iQACgkQ5vmO4pLV 7Msjqg/7BRA3vKcPz0M4v6yOmFlc7SMyiq4Oza6oFrjnUeVcXABR94PsAbyd85fU zZUfjc+k0oAUxbCJdI77oiVnEDB6CNMuxtCO447C7xC9X0GbD0VxzsDa4VkTzSw/ FhJGUw82aEszAOQxw3OfTjnvzzEdZx6HajA7gaf/yQCfRpyHsVZeHdLtSPdgQ6io zp6f0tsmRIU/TE0AJgKjhvhiWe8wjAVL8Dhm/THtf9fwCHyzL0nObyEFoIGpdFTZ os/NOicdTeHuC/tER4Hk6Pg7K8M+5WxJa9PaIOThJmGwxu0gCS+r0YQotdjtQKRL MjmrnQ7YuwAdZs8Mx0Cj8x410S3sxW154CbshdmzNcf2cICX7caQkLoWmf1Bilcm GEb85dymdXzPO3M6TjV19T2KVSntoSuf74mPbnGGfo8xIMt4l1Llgq7FiSOedHTg 6hJfOC2r+keUy1O5BaElmOLs/oS6/tP5FXAua08xc5z891g+GAiNVPa73bhdZD0/ MU1bz+FxsWPgHjJNBxBuiv/UKWiLH7ztJQD081HexDZpTs4xOzH8X9xfyhiuGwZX mijddK2Ihxyz5wbWZWD8g/fSQ2XibY4jB0tnxG5071dzl7dVFMzS9BaVmbzvPZDY qof3ExLNa1zlSmlYW1HVOjXJjRzMqMOGIQkjZ6hunTCxe7mnBZ4= =hkut -----END PGP SIGNATURE-----
--- End Message ---
