Your message dated Thu, 02 Sep 2021 21:47:21 +0000 with message-id <e1mluyl-000awp...@fasolo.debian.org> and subject line Bug#992971: fixed in grilo 0.3.7-1+deb10u1 has caused the Debian Bug report #992971, regarding grilo: CVE-2021-39365 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 992971: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992971 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: grilo Version: 0.3.13-1 Severity: important Tags: security upstream Forwarded: https://gitlab.gnome.org/GNOME/grilo/-/issues/146 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 0.3.7-1 Hi, The following vulnerability was published for grilo. CVE-2021-39365[0]: | In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS | certificate verification on the SoupSessionAsync objects it creates, | leaving users vulnerable to network MITM attacks. NOTE: this is | similar to CVE-2016-20011. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-39365 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39365 [1] https://gitlab.gnome.org/GNOME/grilo/-/issues/146 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: grilo Source-Version: 0.3.7-1+deb10u1 Done: Alberto Garcia <be...@igalia.com> We believe that the bug you reported is fixed in the latest version of grilo, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 992...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Alberto Garcia <be...@igalia.com> (supplier of updated grilo package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 26 Aug 2021 22:49:03 +0200 Source: grilo Architecture: source Version: 0.3.7-1+deb10u1 Distribution: buster-security Urgency: high Maintainer: Alberto Garcia <be...@igalia.com> Changed-By: Alberto Garcia <be...@igalia.com> Closes: 992971 Changes: grilo (0.3.7-1+deb10u1) buster-security; urgency=high . * fix-tls-cert-validation.patch: - Fix TLS cert validation not being done for any network call (Closes: #992971, CVE-2021-39365). Checksums-Sha1: 5f3c0e4f4664526774e1ffd71e4b7d217b936c5d 2307 grilo_0.3.7-1+deb10u1.dsc 86ca172869e03c21d665f89e3e8b959f599b16cd 232636 grilo_0.3.7.orig.tar.xz ac7133cbbfb0bb4f395f2aa2143f88ef9e56936b 8836 grilo_0.3.7-1+deb10u1.debian.tar.xz a14129befef79857b4580a9ac10965e618f1c2e9 15556 grilo_0.3.7-1+deb10u1_source.buildinfo Checksums-Sha256: 259914b8b523a2ae6fb71dc68502f5acafd722c154f34e37de091a3a9f411042 2307 grilo_0.3.7-1+deb10u1.dsc c55e14f41623db8ab5299db31aba237706b64cb2a8e04624c2b9378d0219ab18 232636 grilo_0.3.7.orig.tar.xz 21242d290de261ea973fcd976f97721b92ac2e6ee84313cbdac6db5008a56520 8836 grilo_0.3.7-1+deb10u1.debian.tar.xz b1de4b9a6c26fe8c66f3cde70edd2119d84f096f0ddfc52deee084491ed1b305 15556 grilo_0.3.7-1+deb10u1_source.buildinfo Files: 71293c96a09c3662a40635b307825934 2307 libs optional grilo_0.3.7-1+deb10u1.dsc 8c2da79735a5dc7040e5b84d06af2eb4 232636 libs optional grilo_0.3.7.orig.tar.xz efa50968990b95c58f7f5f5b48ca4d39 8836 libs optional grilo_0.3.7-1+deb10u1.debian.tar.xz de39fc78c326dd50d62a838848abfabc 15556 libs optional grilo_0.3.7-1+deb10u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmEoDmoACgkQAAyEYu0C 2AJr9A//ZlvnS7mRppUCibanO6xDB/nxZvI3ybv4sKoGRqSlD+CIUNlTALC78/9m Fknqx0CfA6CghoTmUXs+FLMG4zYZtomybCEbraGeLBo2NRaG/98cBnx8nRd93xuK vUkGavsINE95gGxN+aBkjcdNeN10FKvetU1N2gEHe1j85+K5Xrcpu7Gps1ovxQlt I1iz/OIZ2/N/002ENXOQv2OgE9f5h1Y4++BkSifRdDvIpSk/TpIYxCpLlKcdJHmm VPPY3p2ShdQbSwWDXLzCnqE3lM7aXgPZERrfIMnMEvEuLHLNtvcjjzKaGN9+ySEW qtfpHmSIpVTugk4J+HdQ5kt2ZBhxjL5LNi/8u1hFnvMhCw/ZwWX2lyur/4k/Eu7Y qFWJokGnm8GEpzHvrX7uzf2NRHEWWOIOmcKF8kXbUNlWdQfpdOwk7iQKhOQFMBO2 DNQEk6ygsdwr0sDB6zzg2bb9CGFgsBDvWpvF1pmFgKMFQkNveHfciWjx7fyo531b 2AMyxWGhsxSySjaGWQjQyGPia6gT0jIPeTa1sNe+Vu61LxG9mwSnWJ87jeyahoVk NPC2TBfC5b7tV7nptAjPKNAGUjkG14ALcgijKajMsfFK95EkfISlsdKSyGYCBDwk yDiZBFB0FyVPzvT06JmHtKz8zk+KhcILIqI+F8ZPGDwidMHP02w= =VZAy -----END PGP SIGNATURE-----
--- End Message ---
