Your message dated Fri, 11 Jun 2021 20:40:43 +0000 with message-id <e1lrnxl-000ekk...@fasolo.debian.org> and subject line Bug#989631: fixed in nettle 3.7.3-1 has caused the Debian Bug report #989631, regarding nettle: CVE-2021-3580: Remote crash in RSA decryption via manipulated ciphertext to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 989631: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989631 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: nettle Version: 3.7.2-3 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for nettle. CVE-2021-3580[0]: | Remote crash in RSA decryption via manipulated ciphertext If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-3580 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3580 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1967983 [2] https://git.lysator.liu.se/nettle/nettle/-/commit/0ad0b5df315665250dfdaa4a1e087f4799edaefe [3] https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c [4] https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: nettle Source-Version: 3.7.3-1 Done: Magnus Holmgren <holmg...@debian.org> We believe that the bug you reported is fixed in the latest version of nettle, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 989...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Magnus Holmgren <holmg...@debian.org> (supplier of updated nettle package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 10 Jun 2021 08:51:41 +0200 Source: nettle Architecture: source Version: 3.7.3-1 Distribution: unstable Urgency: high Maintainer: Magnus Holmgren <holmg...@debian.org> Changed-By: Magnus Holmgren <holmg...@debian.org> Closes: 989631 Changes: nettle (3.7.3-1) unstable; urgency=high . * New upstream release fixing bugs that could make the RSA decryption functions crash on invalid inputs [CVE-2021-3580] (Closes: #989631). Checksums-Sha1: 41886fb5a2ec687e215aa0397ff064f19311037c 2033 nettle_3.7.3-1.dsc 9adfadd4ae4104c8aceb38bf16064d65d7edbcce 2383985 nettle_3.7.3.orig.tar.gz 47ad7611965cd3ccda6697c35df128b32e45f34c 21956 nettle_3.7.3-1.debian.tar.xz 39658a7810ee1cf96b7a4306cec017e5d7a91d86 6040 nettle_3.7.3-1_source.buildinfo Checksums-Sha256: 63a1a80f37b6484f479dfa1cbd30152feff3b1a5a2161fdab05b90edde212c1f 2033 nettle_3.7.3-1.dsc 661f5eb03f048a3b924c3a8ad2515d4068e40f67e774e8a26827658007e3bcf0 2383985 nettle_3.7.3.orig.tar.gz 97af0e306aec6f6c5d8e73a7a3ce2856c76bcff9cdcfa7640e932a5a3aee9f24 21956 nettle_3.7.3-1.debian.tar.xz 4262f61c44f321054ce4a532cc94343be00c8ec8edbe0996f5ee9856291bc8d1 6040 nettle_3.7.3-1_source.buildinfo Files: 9fda9b3af01ab009bccec0c5c5a2b2dc 2033 libs optional nettle_3.7.3-1.dsc a60273d0fab9c808646fcf5e9edc2e8f 2383985 libs optional nettle_3.7.3.orig.tar.gz feb89dfb0cafa2505256cdc4e9796a40 21956 libs optional nettle_3.7.3-1.debian.tar.xz 3aee251bf38fe9ef59d7d0c432884650 6040 libs optional nettle_3.7.3-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEzSoHOzhhVBcKQILo1PIZv+yZhIkFAmDDwyQACgkQ1PIZv+yZ hIlJgA/8C1zSYzkMyoR7d809j9IfDrhiJmc471kwoM+zn0bmug5oez6pVqj1RsgW XKLV2nA4m6wyKynBWE1eA9PZ4mpxMqNe22E9AqjSlpQ5AwGruxP5tvHrmh8jo9RX f7m8MJA0QYh4A3imakXnbc/Xxj89Uny2r9mx/faX8HCZ91IcRC2DL+U3DOACXa5j 6MXhxdajoxNGXg7GZsXikcnOf5JGuZR/NUE9lR5wZDgLr1w82+tAZzzosvqmQ7Hk aJ2tevotDr+Icnm8VIwDsUwh9I4gMev2dutbGFveu3T+3bEX/xzMXCoTS1lzDoGj GL/c+nn41g+CgXrB++6tOxZt3GLGKJCK2HayhMHCQ+ikQ+bKkxrlUofJW6PbbUKs mTZ5Wf6q9YOw5nwvCEoObfBiqhS1OIt0BWv/3Wx7cRvR8DDviGm/PLN3qHW8EUAM xR0IfIsWYY+zKYk53mgNmha7cNpcPa8iPCN9fkCWH42d2l9BOikyI+7omhygQljd xT9V+xyTApJf5TJpTcgNRPrUptoHm1Ql7rmUxaxhm0RHdBl+yyEkc1VUEgjbNGhx QMzVIQNX87G21EWjVjhBpp2Bkk4s67rqDTHYIzE7aziiISGxxc5FE2sJR7XRYC+8 bJ7cujPcS4Z+VGZAxZq9m3lcPKsS14X23duTug3/o8nWKbTriXY= =YWC0 -----END PGP SIGNATURE-----
--- End Message ---
