Your message dated Sun, 20 Mar 2022 21:09:03 +0000 with message-id <e1nw2np-00017t...@fasolo.debian.org> and subject line Bug#1008015: fixed in openvpn 2.5.6-1 has caused the Debian Bug report #1008015, regarding openvpn: CVE-2022-0547: authentication bypass in external authentication plug-ins to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1008015: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008015 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: openvpn X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for openvpn. CVE-2022-0547[0]: | OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass | in external authentication plug-ins when more than one of them makes | use of deferred authentication replies, which allows an external user | to be granted access with only partially correct credentials. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-0547 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0547 Please adjust the affected versions in the BTS as needed. Regards, Markus
signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---Source: openvpn Source-Version: 2.5.6-1 Done: Bernhard Schmidt <be...@debian.org> We believe that the bug you reported is fixed in the latest version of openvpn, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1008...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bernhard Schmidt <be...@debian.org> (supplier of updated openvpn package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 20 Mar 2022 21:42:05 +0100 Source: openvpn Architecture: source Version: 2.5.6-1 Distribution: unstable Urgency: high Maintainer: Bernhard Schmidt <be...@debian.org> Changed-By: Bernhard Schmidt <be...@debian.org> Closes: 1008015 Changes: openvpn (2.5.6-1) unstable; urgency=high . * New upstream version 2.5.6 CVE-2022-0547 - Potential authentication by-pass with multiple deferred authentication plug-ins plug-ins (Closes: #1008015) Checksums-Sha1: 5d9b2a652eb4ad874b6e9d1ef306eace6f9c3f54 2147 openvpn_2.5.6-1.dsc c541571e96875427c2615e16ebab496e74bbbb0d 1853186 openvpn_2.5.6.orig.tar.gz ee502279e6851dd08cf9da78f8c35fd6ab787ce2 58908 openvpn_2.5.6-1.debian.tar.xz 9bb8d5fd24893839cc15d3c4b3cca59b86a0b80e 7704 openvpn_2.5.6-1_amd64.buildinfo Checksums-Sha256: d74cb0f1c5f485b404ddb31067b8d3116504f4a1fef5d8f784b1ad1a6e89e1a2 2147 openvpn_2.5.6-1.dsc 333a7ef3d5b317968aca2c77bdc29aa7c6d6bb3316eb3f79743b59c53242ad3d 1853186 openvpn_2.5.6.orig.tar.gz 38563c7b8fe5ac3f8d3cdc4fe7883dd79586b498fa6c48505751fb73c547808b 58908 openvpn_2.5.6-1.debian.tar.xz 5d64b8239ecac9cb1108f065d90c80f4b61cf90ea3a330132b7ec721676b436f 7704 openvpn_2.5.6-1_amd64.buildinfo Files: 8e7d239df28b5922fc7a09d4773c3b81 2147 net optional openvpn_2.5.6-1.dsc 434f02d3b371bf1dcd1e618e56969a4c 1853186 net optional openvpn_2.5.6.orig.tar.gz 7651359cdb86675a933c464b38f188dd 58908 net optional openvpn_2.5.6-1.debian.tar.xz dc5642b7536b627ebca67bdb1564d3e6 7704 net optional openvpn_2.5.6-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAmI3kz0RHGJlcm5pQGRl Ymlhbi5vcmcACgkQd1B55bhQvJNOEA//ehLjmjWFtCYbGiLsuU9B41Sv0kfHyEOw AoZu2EUfKGDm4R/uCN/PPNUqR94LnYazMJ7ys44q1kn7Z4EhbTvOfKLqZwWLGOFb FHbPqSbNF527G2IOHx0+M7M7Cny1wvwtIc8NJOjEPMYr+XhAmb0hu8f0+tK4hSOa 97Bq652RgYgPTgxzOcpUKsiH/A1S1sQ7Tr4ocNxQLPVnP81XtUU+jME7igBMaBtb qeag/WGBsaVBxzOGBYuLNMrvjzq4S4eDwpwKdW5xrmLwOwxnOfpXDLwsWBvSGSJk z6Qnr+hXwfBUTfmmnINDwU/4y6kObkloZsdFlqrdarOBwJhT6Ef5mQoR2z6LfyTZ RCR4Q8wgu/6dz0exjyLkhNEZE6qbQ7N/20ojnZnX2E2QQPMGupQ6WmOqad4YAuPM NgyES0ooBEbEcGx7JBmaPxmTJE2v3MNcnr+YhyiYZbAGbgpPQYROZZzwwj1tojS7 IrUAIjI8t0G78+SJsUKKoQjLn74eAdYv59oi53DsAthc1s1uUzWdzg1I0ru7Vr2r nXPQRcFtXJz8UYMY6N6EExgdvr8Covgx4/yqTAbjgqjkNRNp8f9Gyppf+N97CGrz 9vtRgMvdKF/hudZBi+q/ELX6xaD2NkRUo+ySvYMTfYQhb5KSX9tXLD+J7vAaP+LH b757CPoUNl0= =7uxg -----END PGP SIGNATURE-----
--- End Message ---
