Your message dated Sat, 16 Jan 2021 06:48:33 +0000 with message-id <e1l0fnx-0006es...@fasolo.debian.org> and subject line Bug#980199: fixed in erlang 1:23.2.2+dfsg-1 has caused the Debian Bug report #980199, regarding erlang: CVE-2020-35733 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 980199: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980199 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: erlang Version: 1:23.2.1+dfsg-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for erlang. CVE-2020-35733[0]: | An issue was discovered in Erlang/OTP before 23.2.2. The ssl | application 10.2 accepts and trusts an invalid X.509 certificate chain | to a trusted root Certification Authority. It is specific to OTP-23.2, see the security-tracker information. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-35733 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35733 [1] https://erlang.org/pipermail/erlang-questions/2021-January/100357.html Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: erlang Source-Version: 1:23.2.2+dfsg-1 Done: Sergei Golovan <sgolo...@debian.org> We believe that the bug you reported is fixed in the latest version of erlang, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 980...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sergei Golovan <sgolo...@debian.org> (supplier of updated erlang package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 16 Jan 2021 08:50:49 +0300 Source: erlang Architecture: source Version: 1:23.2.2+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Erlang Packagers <pkg-erlang-de...@lists.alioth.debian.org> Changed-By: Sergei Golovan <sgolo...@debian.org> Closes: 980199 Changes: erlang (1:23.2.2+dfsg-1) unstable; urgency=medium . * New upstream release, which includes a fix for CVE-2020-35733 (the ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority, closes: #980199). Checksums-Sha1: ee7c3c8e356b82fe3966ca270f1153e828d0b79f 5105 erlang_23.2.2+dfsg-1.dsc 437c31bb7937bb991715466108a9fa7d6b288ebf 45295328 erlang_23.2.2+dfsg.orig.tar.xz 20b524b84a78e828868b95321f11ed4779e43dad 61916 erlang_23.2.2+dfsg-1.debian.tar.xz a4e33925ab43ea5be6eed9313459ef46251f7dd8 28377 erlang_23.2.2+dfsg-1_amd64.buildinfo Checksums-Sha256: 650fa6ab3ae212b85633a9e1a93d18a29d73ee3c430228d690484c8d68a691bd 5105 erlang_23.2.2+dfsg-1.dsc 993261d96fbf1ea1e5dbaf2e8ceb64b22aef4ffbb11ddac10a0ad339ae8fd608 45295328 erlang_23.2.2+dfsg.orig.tar.xz e6dfc204500b239bac4d2cd304bb68195e757c5c666004cd5debb76bde9bdbed 61916 erlang_23.2.2+dfsg-1.debian.tar.xz aa6e7e7944a776bc0253e55049b68f8063f2934dee926d4e2c54e95c4c0162a0 28377 erlang_23.2.2+dfsg-1_amd64.buildinfo Files: 4050c32df178f90e2129b6da3aeef348 5105 interpreters optional erlang_23.2.2+dfsg-1.dsc db5911ed8dfd22422c74d4719729f63b 45295328 interpreters optional erlang_23.2.2+dfsg.orig.tar.xz 5c6b7705db2c45f558216d3810ffe8ff 61916 interpreters optional erlang_23.2.2+dfsg-1.debian.tar.xz 89f8f54c3166dd6b64812fc55adee494 28377 interpreters optional erlang_23.2.2+dfsg-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE/SYPsyDB+ShSnvc4Tyrk60tj54cFAmACh7QACgkQTyrk60tj 54fCjhAA0ZXTiQ6xkGUw5DF6NuACQ1jKNbPHciy6hw6jsNbuKWfNcRgWN/DbnQ9Z ryfLlBFnYBn879005eltTOp/DuLpz4K320p114phPwg21jC8T2eh0o+C/osFZR1E Srp9jH+VMyckpBLLwhBbtK+D49cJdwXuG+6lwNXwryGM8Ax3Br8efXL/XDC8f4t7 v9coKfsHW26P9ptJsth38VRrNuCjycN0DUKrdS1nKpTUCvAS7POxjEIVXXnYBOL+ Eg1tYNSRom+ljnp82uEp1Lf7EzWswUU0R0hRpzXhQZiRdcVCvgGH5PnV0jDuJn/H hXhrEY9QBxnP/qVlYkj4gjKzHUztjL0WTFohEfk1CmaPbYf+SGrw0aIgd2zgvA4q 9giHu0lXEU6CsM3E7YzIRWIP7DBoqPK/Y5qsx8Z9iDugq7tP4dqD8l/MbY2iv5G/ qMCU3qhD7j/IIu9HMi2oKoDhBUpQGvc+ybDOrqdwlVMn/yhZGsETOylWKC2jKNIb nubDzlpJRiswU130Ndj2aE10DaHwqMOcgF85JYriy6Fbz1SG87gNpJcWsjh8zC59 j1lO6h0RpO88qsEx0FDlKNVn5btz0smwot3HTcHaLTjBeZ7L7qQJolDysCuAed8S z279Ofz/HaFbIY5Cg2nvSx1GFeUG6TldXJw8uvP1LOzIreLCn6g= =Vn1U -----END PGP SIGNATURE-----
--- End Message ---
