Your message dated Sun, 13 Feb 2022 17:47:08 +0000 with message-id <e1njixo-0005dz...@fasolo.debian.org> and subject line Bug#1003125: fixed in e2guardian 5.3.4-1+deb11u1 has caused the Debian Bug report #1003125, regarding e2guardian: CVE-2021-44273 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1003125: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003125 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: e2guardian X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for e2guardian. CVE-2021-44273[0]: | e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate | validation in the SSL MITM engine. In standalone mode (i.e., acting as | a proxy or a transparent proxy), with SSL MITM enabled, e2guardian, if | built with OpenSSL v1.1.x, did not validate hostnames in certificates | of the web servers that it connected to, and thus was itself | vulnerable to MITM attacks. https://www.openwall.com/lists/oss-security/2021/12/23/2 https://github.com/e2guardian/e2guardian/issues/707 Fixed by: https://github.com/e2guardian/e2guardian/commit/eae46a7e2a57103aadca903c4a24cca94dc502a2 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: e2guardian Source-Version: 5.3.4-1+deb11u1 Done: Mike Gabriel <sunwea...@debian.org> We believe that the bug you reported is fixed in the latest version of e2guardian, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1003...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mike Gabriel <sunwea...@debian.org> (supplier of updated e2guardian package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 02 Feb 2022 21:06:57 +0100 Source: e2guardian Architecture: source Version: 5.3.4-1+deb11u1 Distribution: bullseye Urgency: medium Maintainer: Debian Edu Packaging Team <debian-edu-pkg-t...@lists.alioth.debian.org> Changed-By: Mike Gabriel <sunwea...@debian.org> Closes: 1003125 Changes: e2guardian (5.3.4-1+deb11u1) bullseye; urgency=medium . * debian/patches: + CVE-2021-44273: Fix missing SSL certificate validation in the SSL MiTM engine. Add 0001_CVE-2021-44273_fix-hostname-validation-in- certificates.patch. (Closes: #1003125). Checksums-Sha1: 1b074cc263a35199ecc078a07f4ffc7133587faa 2184 e2guardian_5.3.4-1+deb11u1.dsc 3978bf9b4dbd2ab92b8f48bad0ea5e0b7102476c 15276 e2guardian_5.3.4-1+deb11u1.debian.tar.xz 0dd4386980155bb3694b7d2fe6b8e67c4585c022 6521 e2guardian_5.3.4-1+deb11u1_source.buildinfo Checksums-Sha256: 3e0d32e4831ff2328e5922590de4bbb74e60cf9efddc5f0f32172114f95d3d23 2184 e2guardian_5.3.4-1+deb11u1.dsc 8e77e09a20d43f869d395b871397f9635c1ffc23741d52bf036202f5014e1b6c 15276 e2guardian_5.3.4-1+deb11u1.debian.tar.xz 369f7300b56a5150c98614aefab38b31e4f621489312dd8e703b5eb6339acfdd 6521 e2guardian_5.3.4-1+deb11u1_source.buildinfo Files: 9f79b41af9671b13074f0a719daaa2cf 2184 web optional e2guardian_5.3.4-1+deb11u1.dsc a8701b1079cc54ef10702149e977fd2c 15276 web optional e2guardian_5.3.4-1+deb11u1.debian.tar.xz b2c695f0580415d242471e50bb762d46 6521 web optional e2guardian_5.3.4-1+deb11u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAmH7gToVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxEe4P/jOWUsv5uLYKljZZjTWkN/ntZ4Oz UUA7d20zqY9nYppKmQnNrUhsqLCVkrBa9F2rn/bNKfhCI1Z5Ka2ABg3QWVC/vwTr VXmCIRjDSQikbbNENGelPWO4w1qwRFiFXXQ1gBqOlXt+H+t/avxQ0dj2LxGPbLpx XKW5tfC1eC/xMdwJF7yVCEkjyBIIOSLPVSShXYtqMoYr/10aaPQfQ24g5ZNBXVU+ ne5r5oVm761auU48LKXIYE1y8jCLXSLdVy99ZS9wWuOdWSrQbMmuxhIM8mwGmDld HWsudINDNetv+G49fopS+jNXcTua7d5Mryy4gMYiMlrKTN9p98heoRRWHpQQoEFk 3UbVf8x+599Rmy58lChBSEj7sjSGcqm/jelm8USisaThpzx8tH2g014wHEajRcSN 7+s609h6jJt7LUHbvS1fyKezCY1B2dGTyhkD26N/FWa452qJ0rMcufHCZ7B4WfT2 aNu9HaBN0+Yuvb4nkQGtd1+U6YCBEdEgmce1Gddw02dt5uMaTV1WB1ygROWQ/6X6 CNhKmhytEvlXpLNSzujBMmq4uP3amFglG9WoM1qcr8M6AGhXuWQH9TbNpwoxzsGu p7uWistfghna7CezPMXrL89w+JSjZ01Ye6A4NJzK2GXnHESBqXZHtLFazeR5SMuT LKmHYK3TtT75sh2Q =K64f -----END PGP SIGNATURE-----
--- End Message ---
