Your message dated Tue, 11 Oct 2022 19:47:08 +0000 with message-id <e1oildy-0000oe...@fasolo.debian.org> and subject line Bug#1021271: fixed in strongswan 5.9.1-1+deb11u3 has caused the Debian Bug report #1021271, regarding strongswan: CVE-2022-40617 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1021271: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021271 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: strongswan X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for strongswan. CVE-2022-40617[0]: https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-(cve-2022-40617).html Patch: https://download.strongswan.org/security/CVE-2022-40617/ If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-40617 https://www.cve.org/CVERecord?id=CVE-2022-40617 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Source: strongswan Source-Version: 5.9.1-1+deb11u3 Done: Yves-Alexis Perez <cor...@debian.org> We believe that the bug you reported is fixed in the latest version of strongswan, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1021...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yves-Alexis Perez <cor...@debian.org> (supplier of updated strongswan package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 06 Oct 2022 09:36:12 +0200 Source: strongswan Architecture: source Version: 5.9.1-1+deb11u3 Distribution: bullseye-security Urgency: medium Maintainer: strongSwan Maintainers <pkg-swan-de...@lists.alioth.debian.org> Changed-By: Yves-Alexis Perez <cor...@debian.org> Closes: 1021271 Changes: strongswan (5.9.1-1+deb11u3) bullseye-security; urgency=medium . * d/p/0009-credential-manager-Do-online-revocation-checks-only- added. Fix CVE-2022-40617, denial of service due to revocation plugin potentially using untrusted OCSP URIs and CRL distribution in certificates (Closes: #1021271) Checksums-Sha1: 9d6dd43832548ef34edfbe2aaebd77d9bf60d3fa 3269 strongswan_5.9.1-1+deb11u3.dsc 040d736420a525cb93483b43461fe1518e545e94 121408 strongswan_5.9.1-1+deb11u3.debian.tar.xz 23f1a20b9a6e2c5ee7404806f960ecd046bb1ab8 18227 strongswan_5.9.1-1+deb11u3_amd64.buildinfo Checksums-Sha256: 2cdbb1b38c018aa57e525a6da50c29b3b9ab5ed3cfe1a0d27f3d44bb7a35fc00 3269 strongswan_5.9.1-1+deb11u3.dsc 0cffb530190c68712d2f946be1b5ad7604b9ab80f174c01c7beb1d89f5cae3f1 121408 strongswan_5.9.1-1+deb11u3.debian.tar.xz 099798a93f94575e010dd90a231ff5bfa4f4bfbbcdac8908d2fd84b7308690f4 18227 strongswan_5.9.1-1+deb11u3_amd64.buildinfo Files: eddc77983446957093fd5eb4e22513d3 3269 net optional strongswan_5.9.1-1+deb11u3.dsc 632248b918c7777665666eca2b5a9b39 121408 net optional strongswan_5.9.1-1+deb11u3.debian.tar.xz 71c9506c454e100521c9e1ce5ade62f6 18227 net optional strongswan_5.9.1-1+deb11u3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmM+h9sACgkQ3rYcyPpX RFsckwf/WmqjY080Zz8Af20ZxWlH81a+fMFyCGssxPeM1ELIKh4fzRwMxAsDv9Q4 +wVJu+YzjjVKwEzA3ImoP2TdEFjk1HkudWHOchxyPM32i6Z1+4t+dOMzygQNizGu CU46lk4fWa8VH/KXsDI8R49QHqFO8NrjZ/vIbPKeei6NBmkq3u3rwxMuNUZ557qL nRgs29NvIOLRaSz37mTUJzpQDK+I52LGo1qM7PhaoOrLrzSe+BZRIuDqLu7kdd51 FjM76zr4mPQXoDZImu/5PE+5k6CO/H+4gYWHQSjLNkWesx+rZizP6ijQEiIZXbx4 MXo7oUH5tItRY8tN7Fs5qnc4IhPewQ== =eFI+ -----END PGP SIGNATURE-----
--- End Message ---
