Bug#692443: marked as done (lynx-cur: CVE-2012-5821)

Debian Bug Tracking System Wed, 21 Nov 2012 17:06:20 -0800

Your message dated Thu, 22 Nov 2012 01:02:39 +0000
with message-id <[email protected]>
and subject line Bug#692443: fixed in lynx-cur 2.8.8dev.15-1
has caused the Debian Bug report #692443,
regarding lynx-cur: CVE-2012-5821
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
692443: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692443
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: lynx-cur
Version: 2.8.7dev9-2.1
Severity: important
Tags: security

Hi,
please see Section 7.4 of this paper:
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf

This has been assigned CVE-2012-5821.

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: lynx-cur
Source-Version: 2.8.8dev.15-1

We believe that the bug you reported is fixed in the latest version of
lynx-cur, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Atsuhito KOHDA <[email protected]> (supplier of updated lynx-cur package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 21 Nov 2012 21:54:10 +0900
Source: lynx-cur
Binary: lynx-cur lynx-cur-wrapper lynx
Architecture: source all i386
Version: 2.8.8dev.15-1
Distribution: unstable
Urgency: low
Maintainer: Atsuhito KOHDA <[email protected]>
Changed-By: Atsuhito KOHDA <[email protected]>
Description: 
 lynx       - Text-mode WWW Browser (transitional package)
 lynx-cur   - Text-mode WWW Browser with NLS support (development version)
 lynx-cur-wrapper - Wrapper for lynx-cur (transitional package)
Closes: 673385 691904 692443
Changes: 
 lynx-cur (2.8.8dev.15-1) unstable; urgency=low
 .
   * New Upstream Release.
    - Fixed a security bug, CVE-2012-5821: improve checking of certificates
      in the gnutls_certificate_verify_peers2() by handling special case where
      self-signed certificates should be reported (patch by Jamie Strandboge).
      (Closes: #692443)
    - revise nsl-fork logic for passing addrinfo and hostent data back
      to eliminate fixed limit on the number of records to return
      (Closes: #691904)
    - corrected position of highlighting from search/whereis function when using
      multibyte characters.  (Closes: #673385)
   * Updated patches files in debian/patches.
Checksums-Sha1: 
 a9d236452520009fe04f4bd3de1c5664160f085a 1290 lynx-cur_2.8.8dev.15-1.dsc
 793359444c6e378c1c1fce561ed47ff5c57d962f 3531640 
lynx-cur_2.8.8dev.15.orig.tar.gz
 801c6d85041afa7ed50fce2a2a79d237ecfe7edf 32111 lynx-cur_2.8.8dev.15-1.diff.gz
 1f5586dad1de13c49b384ae8a8e46eb1fcde9e04 224728 
lynx-cur-wrapper_2.8.8dev.15-1_all.deb
 574102e1b23df963e537f0e9beca2ebc15cdee28 225092 lynx_2.8.8dev.15-1_all.deb
 e0fce61250296946dfa4eb414234da4cc66a9215 2219460 
lynx-cur_2.8.8dev.15-1_i386.deb
Checksums-Sha256: 
 312ebe1255687ff1e299583c8fe69aa4d951073a6983a505ebdded0d17dfad9a 1290 
lynx-cur_2.8.8dev.15-1.dsc
 94726a70271f3df4c14d74ac7ea456507d0c6c1ec58b7b8006896d97e6605326 3531640 
lynx-cur_2.8.8dev.15.orig.tar.gz
 0c2a846db38e200a7e0bd74d473f7610d8bf27bddb1c5d2b8c59376e09fe55ec 32111 
lynx-cur_2.8.8dev.15-1.diff.gz
 804fad722f5ea9f43f37f7c824928b53bbb8eef8c40ebd6d659a573852618b43 224728 
lynx-cur-wrapper_2.8.8dev.15-1_all.deb
 9611efa7649a465fcb75d735ec00154ea56e3501186f36303f85e86bd2618d3f 225092 
lynx_2.8.8dev.15-1_all.deb
 9ca8203fbe1b50ff509e9509fab53ed2672d8f077ddc5d8444120333c7b2ddea 2219460 
lynx-cur_2.8.8dev.15-1_i386.deb
Files: 
 890e17be437393cf6fec4baf1a5818ef 1290 web extra lynx-cur_2.8.8dev.15-1.dsc
 b5c12abd27a4bc1d76a7e0e52b2f3a46 3531640 web extra 
lynx-cur_2.8.8dev.15.orig.tar.gz
 60a21069888360eb814efcb771673b26 32111 web extra lynx-cur_2.8.8dev.15-1.diff.gz
 2bb7d40584e488615a802480b313c514 224728 oldlibs extra 
lynx-cur-wrapper_2.8.8dev.15-1_all.deb
 b17e63ebd719fdc330fcf5857bdcfbe0 225092 oldlibs extra 
lynx_2.8.8dev.15-1_all.deb
 36f1400e22a4b31a14b34350d38b0e6a 2219460 web extra 
lynx-cur_2.8.8dev.15-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlCtdlgACgkQ1IXdL1v6kOyToACfSPgQj2vXYO69hhc837qjjn3Q
UqEAn3gqB2pOW+XzXMRtu4IpL4QrjNJi
=mDcT
-----END PGP SIGNATURE-----

--- End Message ---

Bug#692443: marked as done (lynx-cur: CVE-2012-5821)

Reply via email to