Your message dated Fri, 07 Jan 2022 20:50:12 +0000 with message-id <e1n5wbg-000h9t...@fasolo.debian.org> and subject line Bug#1003125: fixed in e2guardian 5.3.5-3 has caused the Debian Bug report #1003125, regarding e2guardian: CVE-2021-44273 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1003125: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003125 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: e2guardian X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for e2guardian. CVE-2021-44273[0]: | e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate | validation in the SSL MITM engine. In standalone mode (i.e., acting as | a proxy or a transparent proxy), with SSL MITM enabled, e2guardian, if | built with OpenSSL v1.1.x, did not validate hostnames in certificates | of the web servers that it connected to, and thus was itself | vulnerable to MITM attacks. https://www.openwall.com/lists/oss-security/2021/12/23/2 https://github.com/e2guardian/e2guardian/issues/707 Fixed by: https://github.com/e2guardian/e2guardian/commit/eae46a7e2a57103aadca903c4a24cca94dc502a2 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: e2guardian Source-Version: 5.3.5-3 Done: Mike Gabriel <sunwea...@debian.org> We believe that the bug you reported is fixed in the latest version of e2guardian, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1003...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mike Gabriel <sunwea...@debian.org> (supplier of updated e2guardian package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 07 Jan 2022 21:35:18 +0100 Source: e2guardian Architecture: source Version: 5.3.5-3 Distribution: unstable Urgency: medium Maintainer: Debian Edu Packaging Team <debian-edu-pkg-t...@lists.alioth.debian.org> Changed-By: Mike Gabriel <sunwea...@debian.org> Closes: 1003125 Changes: e2guardian (5.3.5-3) unstable; urgency=medium . * debian/patches: + CVE-2021-44273: Fix missing SSL certificate/hostname validation in the SSL MiTM engine (if built with OpenSSL v1.1.x). Add 0001_CVE-2021-44273_fix-hostname-validation-in-certificates.patch. (Closes: #1003125). Checksums-Sha1: b8731f89be0e6244257fbe7e039c337c39caebcc 2152 e2guardian_5.3.5-3.dsc 0b906cf6b5ad1e9cf272cac901c259136f327255 16260 e2guardian_5.3.5-3.debian.tar.xz 7c4bb2b17f710a1cec054eb3dbeac5bae705f4f9 6433 e2guardian_5.3.5-3_source.buildinfo Checksums-Sha256: acdeb30d8f8fb3d64ae2734a27bf333b21ea01c3a4959cc29cebedc551e0e463 2152 e2guardian_5.3.5-3.dsc 17e025792ee45bf8e99b0e6ebe9740cb55f836dba2671b1260624fa78e7e1614 16260 e2guardian_5.3.5-3.debian.tar.xz 6acf891a4f9d4a239102b8c6584a268e13fc82e689ede74f88a490bf957fdf60 6433 e2guardian_5.3.5-3_source.buildinfo Files: abb49665d853e5954017f2cbb79a82bc 2152 web optional e2guardian_5.3.5-3.dsc f32c7248edbe810567585e5a5310c8c0 16260 web optional e2guardian_5.3.5-3.debian.tar.xz 15bb990b8529db548ef10d47041eec57 6433 web optional e2guardian_5.3.5-3_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAmHYpJ0VHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxO6gP/RlfvOXXgAzuX1sdZwdFNvMpLlC9 pGtZ8lPrfJRWgP/N1zYBCya28e0UQTzhUYWVVsb0p0PtRWtpJiYcDItQypvLmCNx 4lQsc65jHZZBCQ085A5FL8+ofI/RfH3i93r8lxuRyMwCRTOkVS3lf+s/qtupkn9O Vaa8Xe80ECRHqFpV/HVWanPto9I1q5fR1MSrz9ePu9bsk1XBbGAzqozCdNxl8lpF yWcad4NUFUj/iFapR/enhsA7+ZCVlnPMb1TmJyYTNo3La5cTwS/g2ygPkH45f79m envMYzVLqEOMU43E65NkQXvjgWsqRDqWltNTh8oHGB/N6qToU/VU2gmOFlHZpJou 3D4U/skynt38QJ1jBAML6JMXeNqU/eAglVRMhSQck8haYY1jyjcPBcBb2IxsdVlY UH+BVYVLhDTgp+v/mturuUixw/OOgLfooTx1h9ZfV6VOuWqCe6AbkyV1v+5pDyvO Sd9BypqieF9173Y7qsH7KBpmhNyjEFs5zPKzf3n+zv80A/A49t3jEf1NAfqyhFad evGN2ndxWELrUzpeDsFlipJxfS+cCssifis8H4KAaSypNicwxizHCmVo2iAcB7HE 2Dmun81m/rYjNy1oZgXHDU2jdsk5FZkpwMTX02UvQhkI+GoIKwnXfsR9TKc5p+ZD Rs+mfTsnL+L4tNTl =lTc3 -----END PGP SIGNATURE-----
--- End Message ---
