Your message dated Thu, 28 Jan 2021 00:35:47 +0000 with message-id <e1l4vhn-0000cp...@fasolo.debian.org> and subject line Bug#979534: fixed in wolfssl 4.6.0-1 has caused the Debian Bug report #979534, regarding wolfssl: CVE-2020-36177 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 979534: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979534 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: wolfssl Version: 4.5.0+dfsg-4 Severity: grave Tags: security upstream Justification: user security hole Forwarded: https://github.com/wolfSSL/wolfssl/pull/3426 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for wolfssl. CVE-2020-36177[0]: | RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out- | of-bounds write for certain relationships between key size and digest | size. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-36177 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36177 [1] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26567 [2] https://github.com/wolfSSL/wolfssl/pull/3426 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: wolfssl Source-Version: 4.6.0-1 Done: Felix Lechner <felix.lech...@lease-up.com> We believe that the bug you reported is fixed in the latest version of wolfssl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 979...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Felix Lechner <felix.lech...@lease-up.com> (supplier of updated wolfssl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 27 Jan 2021 15:39:34 -0800 Source: wolfssl Architecture: source Version: 4.6.0-1 Distribution: unstable Urgency: medium Maintainer: Felix Lechner <felix.lech...@lease-up.com> Changed-By: Felix Lechner <felix.lech...@lease-up.com> Closes: 978676 979534 Changes: wolfssl (4.6.0-1) unstable; urgency=medium . * New upstream release; fixes CVE-2020-36177. (Closes: #978676, #979534) * Update symbols file. * Drop patches previously cherry-picked from unreleased Git: - b90acc91d0cd276befe7f08f87ba2dc5ee7122ff.patch * Refresh remaining Debian patches. * Disable DFSG repackaging in d/watch; source is now DFSG-compliant. * Remove Files-Excluded field from d/copyright; covered 653 files. * Add two files to d/copyright that are now shipped in the sources. * Update copyright years in d/copyright. Checksums-Sha1: d271cec513d68e6b6772b6ea9ac299f9ed75b8cf 2415 wolfssl_4.6.0-1.dsc 9249f93ec30c90246d8b5c5ff43009c94a7e4c1c 7745543 wolfssl_4.6.0.orig.tar.gz de37ca535678dbb42d12661c6c1ebeb9b6b65938 488 wolfssl_4.6.0.orig.tar.gz.asc 241fc1600b51d6d0ec21f1735bb5353285cb4c17 29984 wolfssl_4.6.0-1.debian.tar.xz a0c4fd295c885583e9527bc74f375670a4515604 5764 wolfssl_4.6.0-1_source.buildinfo Checksums-Sha256: 6224a3d621035baaeffb891d624261aefce777f1c8de0677755c5084f4d889e0 2415 wolfssl_4.6.0-1.dsc 053aefbb02d0b06b27c5e2df6875b4b587318755b7db9d6aa8d72206b310a848 7745543 wolfssl_4.6.0.orig.tar.gz 05afbbb309d12fd91f74d0198edbeecf5b15e331ad8f199bea96baafe18f2fde 488 wolfssl_4.6.0.orig.tar.gz.asc 1c79d13dc9fb4d5ffe893ffd1cffd6217f75bfac5a7fd5d963cde36761883ced 29984 wolfssl_4.6.0-1.debian.tar.xz 5cf3a25cde589553f6576c93eef801b4b3ed286eb90aba180854d2324601b9b6 5764 wolfssl_4.6.0-1_source.buildinfo Files: 6779b174a1d3a32d9b8f4efe34b4a95a 2415 libs optional wolfssl_4.6.0-1.dsc 99f09fce6739a6dcb7554d2c2588e4c1 7745543 libs optional wolfssl_4.6.0.orig.tar.gz 937381ee7238ce3cd68ec86089b6d4e2 488 libs optional wolfssl_4.6.0.orig.tar.gz.asc 8b9039e58275a812985d23faa67fd39e 29984 libs optional wolfssl_4.6.0-1.debian.tar.xz 2c392d989d3ddbe2f1c1bbfe384cb6d7 5764 libs optional wolfssl_4.6.0-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKvBAEBCgCZFiEE8E0cIgLi+g0BiFTarFipTxFhjuAFAmASAKJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEYw NEQxQzIyMDJFMkZBMEQwMTg4NTREQUFDNThBOTRGMTE2MThFRTAbHGZlbGl4Lmxl Y2huZXJAbGVhc2UtdXAuY29tAAoJEKxYqU8RYY7g8nQQAMnG2luRW9NOKxNDSLHD SAKuVixdOoQ2AeI9Ho/mXP/9obzDnPkliHvB0pNbk/OI9Tk29uB2UiZSPAmLXrGL R0XR+/UL8ayBD5O8Do/kQn+vtkqLBsOBZMXUWcXI78uqQQe3x3ueh2er/eIEapZ+ r/FgN+Cr2Ncm4RmTOojt2/VAQAxTBmq4LFkO4YcMyzWFalgfGrgTZSTNmfhwCL9i L8gKWRPgt/ZrySeHA0wEci8ZsuwN17oDSSGee4/sz/JdPrieQ2/U7VQ+vJBG94jF PwJX6ID35J5zo3gbiBz6jCdVZ8rAbkNW88GOJIjUUQDXsZvsK2PnPXTQsrcOJfgc F/NQvgh1PNHhMTaIYuvN5XJBBuS7UfJhdebhdI/nA8MljRRZ20wrw7nJbDX4Sdn+ 9++g5Xi7lMVgRkxVd8LyuqfU5wW9g3oAO/1QErsAZ7X/OC+ZJlnLJ6GDi7YKu/k0 2Z7p5a0EVcCb7e+b90kAZgAp0BJ3fgq26pY6JrjJOEQDDNm85Ax0tHYD87ZbDO8d KxNDxjoYlHxQWZHC1ev8Ralnmg4MPBCgPsdTMfcI/6ZlxuhVpZcnzt5xRJUCPaNv N+gqIx+uQYfLA4wsm3fVWqDDDJbQAgzMr8eVdWK/ig3/mKKTpGQlvK5Z8SRcnc5K J/p7+UibISVT/9Hao6Ohc5G0 =oYt+ -----END PGP SIGNATURE-----
--- End Message ---
