Your message dated Wed, 09 Sep 2009 01:55:28 +0000
with message-id <[email protected]>
and subject line Bug#540144: fixed in strongswan 4.3.2-1.1
has caused the Debian Bug report #540144,
regarding CVE-2009-2661: incomplete fix for CVE-2009-2185
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
540144: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540144
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: strongswan
Severity: serious
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for strongswan.
CVE-2009-2661[0]:
| The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before
| 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509
| certificates with crafted Relative Distinguished Names (RDNs), which
| allows remote attackers to cause a denial of service (pluto IKE daemon
| crash) via malformed ASN.1 data. NOTE: this is due to an incomplete
| fix for CVE-2009-2185.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2661
http://security-tracker.debian.net/tracker/CVE-2009-2661
Patch: http://download.strongswan.org/patches/07_asn1_length_patch/
Cheers,
Giuseppe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkp6f00ACgkQNxpp46476aqs8gCeJOTbmBQVtDZI7WJ5f/xy7tNk
F4oAni7A4FaHHaq/5CHSZfhZkdo9r2Jm
=mQTb
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: strongswan
Source-Version: 4.3.2-1.1
We believe that the bug you reported is fixed in the latest version of
strongswan, which is due to be installed in the Debian FTP archive:
libstrongswan_4.3.2-1.1_i386.deb
to pool/main/s/strongswan/libstrongswan_4.3.2-1.1_i386.deb
strongswan-ikev1_4.3.2-1.1_i386.deb
to pool/main/s/strongswan/strongswan-ikev1_4.3.2-1.1_i386.deb
strongswan-ikev2_4.3.2-1.1_i386.deb
to pool/main/s/strongswan/strongswan-ikev2_4.3.2-1.1_i386.deb
strongswan-nm_4.3.2-1.1_i386.deb
to pool/main/s/strongswan/strongswan-nm_4.3.2-1.1_i386.deb
strongswan-starter_4.3.2-1.1_i386.deb
to pool/main/s/strongswan/strongswan-starter_4.3.2-1.1_i386.deb
strongswan_4.3.2-1.1.diff.gz
to pool/main/s/strongswan/strongswan_4.3.2-1.1.diff.gz
strongswan_4.3.2-1.1.dsc
to pool/main/s/strongswan/strongswan_4.3.2-1.1.dsc
strongswan_4.3.2-1.1_all.deb
to pool/main/s/strongswan/strongswan_4.3.2-1.1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Raphael Geissert <[email protected]> (supplier of updated strongswan package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 08 Sep 2009 18:37:35 -0500
Source: strongswan
Binary: strongswan libstrongswan strongswan-starter strongswan-ikev1
strongswan-ikev2 strongswan-nm
Architecture: source all i386
Version: 4.3.2-1.1
Distribution: unstable
Urgency: high
Maintainer: Rene Mayrhofer <[email protected]>
Changed-By: Raphael Geissert <[email protected]>
Description:
libstrongswan - strongSwan utility and crypto library
strongswan - IPsec VPN solution metapackage
strongswan-ikev1 - strongSwan Internet Key Exchange (v1) daemon
strongswan-ikev2 - strongSwan Internet Key Exchange (v2) daemon
strongswan-nm - strongSwan plugin to interact with NetworkManager
strongswan-starter - strongSwan daemon starter and configuration file parser
Closes: 540144
Changes:
strongswan (4.3.2-1.1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix incomplete fix for CVE-2009-2185 leading to a denial of service
via malformed ASN.1 data (CVE-2009-2661; Closes: #540144).
* Use dh_prep instead of dh_clean in install target
+ Fixes bug where the arch: all package is not included in .changes
Checksums-Sha1:
2b3c6859cb577b23894c646fba59fe0677e8ca8a 1495 strongswan_4.3.2-1.1.dsc
a8a2aabbf36845d7c79c1247cdb4b3a04affcca5 76936 strongswan_4.3.2-1.1.diff.gz
db36d2d1d24749e55d2c52b0ac71b5a8e84b1f8a 70072 strongswan_4.3.2-1.1_all.deb
1cfee186b2a4680c1ec92655811414aacde13b41 173936
libstrongswan_4.3.2-1.1_i386.deb
38b2a2a18569446ace2598d5557092b43d6efa86 264686
strongswan-starter_4.3.2-1.1_i386.deb
a17401b1e09fd1345140819a9d067604dc421f3e 330364
strongswan-ikev1_4.3.2-1.1_i386.deb
0c99ea0e1839268ebf04d13665c6cac286373a8c 226274
strongswan-ikev2_4.3.2-1.1_i386.deb
309c54c522346662915aea87603d1b3c6bcfc827 44008 strongswan-nm_4.3.2-1.1_i386.deb
Checksums-Sha256:
58a1330d7ee81fd21c085fc2c299891aebb0e98335e47230586e29f34d9eb22f 1495
strongswan_4.3.2-1.1.dsc
4964670e212409ad6d53bddc78efa9689d1ed88ade42a80d389b77d13044ff67 76936
strongswan_4.3.2-1.1.diff.gz
6de4f82ea36cc7e5e522abbbf5731a05b240c39463e12ce4f463d0412f38f4a2 70072
strongswan_4.3.2-1.1_all.deb
236ceb853d4bab984667c763e5546d0a84f384004f7fa4ce5f491af7d258484f 173936
libstrongswan_4.3.2-1.1_i386.deb
b3ba75bfba39a33d261c70b94030ccd7d07c0d5589980041d61a203b77e9b2c2 264686
strongswan-starter_4.3.2-1.1_i386.deb
b85ec11b7a4844591fed559f595534f3ea96dc8f9cc6b3e43cc02422eea43939 330364
strongswan-ikev1_4.3.2-1.1_i386.deb
6aaa1528761162c3504719b03d038e871bee8945e3410e6d40c5039b1b081ed4 226274
strongswan-ikev2_4.3.2-1.1_i386.deb
68f92099374b3ba963b477f530cda23110dade1c97e8c68ff8a1abab323452cc 44008
strongswan-nm_4.3.2-1.1_i386.deb
Files:
daf00497ebd545a050e9da66ffaff928 1495 net optional strongswan_4.3.2-1.1.dsc
3470f28145607104795de9eb56e327cf 76936 net optional
strongswan_4.3.2-1.1.diff.gz
9af957943f4968cacce69ca469f2a194 70072 net optional
strongswan_4.3.2-1.1_all.deb
7ce68bb6f84f6b8018677b69b71a1ad5 173936 net optional
libstrongswan_4.3.2-1.1_i386.deb
1335fb1fb076161c28c24a963da01321 264686 net optional
strongswan-starter_4.3.2-1.1_i386.deb
1413ebbdb9655b5f4778935b05107b06 330364 net optional
strongswan-ikev1_4.3.2-1.1_i386.deb
82b98ed14fad105a62e61bc1884afddf 226274 net optional
strongswan-ikev2_4.3.2-1.1_i386.deb
c6b5b5e224a424f9dafc5e5b44a5b184 44008 net optional
strongswan-nm_4.3.2-1.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqnCgsACgkQYy49rUbZzlrIVgCfaarUVsW16/5mdYbL6pyVdMWO
yB8AniZydc/p4gjVR1hUckqdQA+tfnQz
=CKdM
-----END PGP SIGNATURE-----
--- End Message ---
