Your message dated Sat, 17 Mar 2007 00:02:20 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#413923: fixed in gpgme1.0 1.1.2-3
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: gnupg
Version: 1.4.6-1
Severity: grave
Tags: security patch
Justification: user security hole
Hi,
There has been an announcement[1] about a possible security hole in
GnupG related to multiple messages, and new releases[2] of both GnuPG
and GpgME. There are a patch available for this problem[3]
[1] http://lists.gnupg.org/pipermail/gnupg-announce/2007q1/000251.html
[2] http://lists.gnupg.org/pipermail/gnupg-devel/2007-March/023686.html
[3]
ftp://ftp.gnupg.org/gcrypt/gnupg/patches/gnupg-1.4.6-multiple-message.patch
Thanks
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable'), (101, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-1-686
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=UTF-8)
Versions of packages gnupg depends on:
ii gpgv 1.4.6-1 GNU privacy guard - signature veri
ii libbz2-1.0 1.0.3-6 high-quality block-sorting file co
ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries
ii libldap2 2.1.30-13.3 OpenLDAP libraries
ii libreadline5 5.2-2 GNU readline and history libraries
ii libusb-0.1-4 2:0.1.12-6 userspace USB programming library
ii makedev 2.3.1-83 creates device files in /dev
ii zlib1g 1:1.2.3-13 compression library - runtime
gnupg recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: gpgme1.0
Source-Version: 1.1.2-3
We believe that the bug you reported is fixed in the latest version of
gpgme1.0, which is due to be installed in the Debian FTP archive:
gpgme1.0_1.1.2-3.diff.gz
to pool/main/g/gpgme1.0/gpgme1.0_1.1.2-3.diff.gz
gpgme1.0_1.1.2-3.dsc
to pool/main/g/gpgme1.0/gpgme1.0_1.1.2-3.dsc
libgpgme11-dev_1.1.2-3_i386.deb
to pool/main/g/gpgme1.0/libgpgme11-dev_1.1.2-3_i386.deb
libgpgme11_1.1.2-3_i386.deb
to pool/main/g/gpgme1.0/libgpgme11_1.1.2-3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jose Carlos Garcia Sogo <[EMAIL PROTECTED]> (supplier of updated gpgme1.0
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 17 Mar 2007 00:52:16 +0100
Source: gpgme1.0
Binary: libgpgme11 libgpgme11-dev
Architecture: source i386
Version: 1.1.2-3
Distribution: unstable
Urgency: high
Maintainer: Jose Carlos Garcia Sogo <[EMAIL PROTECTED]>
Changed-By: Jose Carlos Garcia Sogo <[EMAIL PROTECTED]>
Description:
libgpgme11 - GPGME - GnuPG Made Easy
libgpgme11-dev - GPGME - GnuPG Made Easy
Closes: 413923
Changes:
gpgme1.0 (1.1.2-3) unstable; urgency=high
.
* Urgency high due to security bug.
* multiple_messages.dpatch: new, includes patch for multiple messages
problem in GnuPG (Closes: #413923)
* debian/control: depend on gnupg >= 1.4.6-2, as it is patched for the above
bug as well.
* debian/rules: don't use DH_COMPAT var, as we are using compat file
Files:
8e5df0b399505e3f592f56181bc2b2bd 642 libdevel optional gpgme1.0_1.1.2-3.dsc
874502a265136646f3529e47feb839af 233922 libdevel optional
gpgme1.0_1.1.2-3.diff.gz
02753c6cbf1705b576a67991e0309011 427186 libdevel optional
libgpgme11-dev_1.1.2-3_i386.deb
f83b157f12a710dd95b4fdfc26b92cbf 237436 libs optional
libgpgme11_1.1.2-3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFF+y7IS+BYJZB4jhERAr/vAKCZ9r60yA7BQXFXlCS30tnrQ5+4RwCcDLsn
KtmIcfv09rQy/zxgqI2gNeM=
=u9As
-----END PGP SIGNATURE-----
--- End Message ---
