Your message dated Fri, 17 May 2013 10:49:06 +0000
with message-id <[email protected]>
and subject line Bug#707329: fixed in openvpn 2.3.1-1
has caused the Debian Bug report #707329,
regarding openvpn: CVE-2013-2061: use of non-constant-time memcmp in HMAC
comparison in openvpn_decrypt
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
707329: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707329
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: openvpn
Version: 2.1.3-2+squeeze1
Severity: important
Tags: security patch
Control: found -1 2.2.1-8
Hi,
the following vulnerability was published for openvpn.
CVE-2013-2061[0]:
use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2061
http://security-tracker.debian.org/tracker/CVE-2013-2061
[1] https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc
[2]
https://github.com/OpenVPN/openvpn/commit/11d21349a4e7e38a025849479b36ace7c2eec2ee
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: openvpn
Source-Version: 2.3.1-1
We believe that the bug you reported is fixed in the latest version of
openvpn, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alberto Gonzalez Iniesta <[email protected]> (supplier of updated openvpn
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 17 May 2013 11:54:31 +0200
Source: openvpn
Binary: openvpn
Architecture: source amd64
Version: 2.3.1-1
Distribution: unstable
Urgency: low
Maintainer: Alberto Gonzalez Iniesta <[email protected]>
Changed-By: Alberto Gonzalez Iniesta <[email protected]>
Description:
openvpn - virtual private network daemon
Closes: 707329
Changes:
openvpn (2.3.1-1) unstable; urgency=low
.
* New upstream version. Fixes use of non-constant-time memcmp in HMAC
comparison. CVE-2013-2061 (Closes: #707329)
Checksums-Sha1:
a32f0fb0e2b8d3bad91d24f1fa3a719dce368354 1143 openvpn_2.3.1-1.dsc
e4e8ac4fd9626472d4fa4c19ba4dd969ce838918 1145382 openvpn_2.3.1.orig.tar.gz
533f4252710de0b4fa95b9ada9ba3617fcc2561c 123854 openvpn_2.3.1-1.debian.tar.gz
60f5f88d490ad8a65a946b3ab655164d095eb38d 499562 openvpn_2.3.1-1_amd64.deb
Checksums-Sha256:
219f84dcc43ddf4e30ce2f0505a2944c2d48ff42bfb8fa00f7f6128432065d57 1143
openvpn_2.3.1-1.dsc
bd2d7d85b39d4586bcdb74b36eb48d0ac4ab1e6812654c719b04826fdc70fb3c 1145382
openvpn_2.3.1.orig.tar.gz
499a2d3f631142a4fde79aceab0a47e41db934ecfc1957f11021efc08da690f8 123854
openvpn_2.3.1-1.debian.tar.gz
16d95d8540e630107296367fb497b1ff9839212e99bba6925567bcce81a73675 499562
openvpn_2.3.1-1_amd64.deb
Files:
46c185726395ed8167fea4569032feae 1143 net optional openvpn_2.3.1-1.dsc
57a3b64597fc37b7842a3fde354d8bbe 1145382 net optional openvpn_2.3.1.orig.tar.gz
ddb2d839addc7b1e03c335d1d23462e4 123854 net optional
openvpn_2.3.1-1.debian.tar.gz
65a330b7616d6597051ed539967224c3 499562 net optional openvpn_2.3.1-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEUEARECAAYFAlGWCR8ACgkQxRSvjkukAcNIdgCdGbvEQLf69FqyeOpyhD0ltz7T
B/AAmIQgxgWiLkkD8/FyGurDaMXwNf8=
=1YLQ
-----END PGP SIGNATURE-----
--- End Message ---
