Bug#752498: marked as done (gnupg2: CVE-2014-4617: DoS due to garbled compressed data packets)

Sun, 29 Jun 2014 12:19:15 -0700 

Your message dated Sun, 29 Jun 2014 19:17:15 +0000
with message-id <[email protected]>
and subject line Bug#752498: fixed in gnupg2 2.0.19-2+deb7u2
has caused the Debian Bug report #752498,
regarding gnupg2: CVE-2014-4617: DoS due to garbled compressed data packets
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
752498: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752498
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: gnupg2
Version: 2.0.14-2
Severity: important
Tags: security upstream patch fixed-upstream

Hi

For reference it the BTS, gnupg 1.4.17 was released containing a fix for a
denial of service due to garbled compressed data packets[1], which also affects
the 2.x branch[2].

 [1] http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html
 [2] 
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=014b2103fcb12f261135e3954f26e9e07b39e342

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: gnupg2
Source-Version: 2.0.19-2+deb7u2

We believe that the bug you reported is fixed in the latest version of
gnupg2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Eric Dorland <[email protected]> (supplier of updated gnupg2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 26 Jun 2014 00:30:48 -0400
Source: gnupg2
Binary: gnupg-agent scdaemon gpgsm gnupg2
Architecture: source amd64
Version: 2.0.19-2+deb7u2
Distribution: wheezy-security
Urgency: high
Maintainer: Eric Dorland <[email protected]>
Changed-By: Eric Dorland <[email protected]>
Description: 
 gnupg-agent - GNU privacy guard - password agent
 gnupg2     - GNU privacy guard - a free PGP replacement (new v2.x)
 gpgsm      - GNU privacy guard - S/MIME version
 scdaemon   - GNU privacy guard - smart card support
Closes: 752498
Changes: 
 gnupg2 (2.0.19-2+deb7u2) wheezy-security; urgency=high
 .
   * debian/patches/06-cve-2014-4617.diff: Fixes CVE-2014-4617 "infinite
     loop when decompressing data packets". (Closes: #752498)
Checksums-Sha1: 
 c7d464fbb8060cd1c2b993848d4ff6bb481227c3 2246 gnupg2_2.0.19-2+deb7u2.dsc
 ceb46b746abfeff59003fbd5416641476443101c 21425 
gnupg2_2.0.19-2+deb7u2.debian.tar.bz2
 4397f4e88ffcf812eb4b8ef35a87d4b55d314836 465120 
gnupg-agent_2.0.19-2+deb7u2_amd64.deb
 319e6ce4948471d18e96b7ea35e659aa1e93ee91 217758 
scdaemon_2.0.19-2+deb7u2_amd64.deb
 e95caed6e44ed13e40d04d3fc4c8b25b7d893db4 256202 gpgsm_2.0.19-2+deb7u2_amd64.deb
 4bef86db77d463c24998d663faa7b03127cc01f3 2284322 
gnupg2_2.0.19-2+deb7u2_amd64.deb
Checksums-Sha256: 
 2a91b1214b5e4f463461e585ab72630cfc3d8b720a4443ee546945eeb65345ce 2246 
gnupg2_2.0.19-2+deb7u2.dsc
 5a8177209cd22921d3212ffeb06be72c335cc59e269846e6b5a9923f4a474286 21425 
gnupg2_2.0.19-2+deb7u2.debian.tar.bz2
 7e1435b53380d6f97b9e68a79cbb4a6e674ae3f15eff24eb6e7c990d6e4f323f 465120 
gnupg-agent_2.0.19-2+deb7u2_amd64.deb
 ecb568d74060028be7147d6f3c4f57409afbd1959a9aacccea407088c71214d9 217758 
scdaemon_2.0.19-2+deb7u2_amd64.deb
 76dc54520a238dc8d1caf31c1b1c97536c694de0aa7fb06da82dad712077ca66 256202 
gpgsm_2.0.19-2+deb7u2_amd64.deb
 9b456f0a4114a3950957753df249603ab774239c178fbe11b12c56b68feb603f 2284322 
gnupg2_2.0.19-2+deb7u2_amd64.deb
Files: 
 14258cc8bde42b8fa2703bb851f58fc7 2246 utils optional gnupg2_2.0.19-2+deb7u2.dsc
 fc8e0086cae5320d8057a14999e227ea 21425 utils optional 
gnupg2_2.0.19-2+deb7u2.debian.tar.bz2
 85f056e4ecbff518c27cc6c841f1a9ee 465120 utils optional 
gnupg-agent_2.0.19-2+deb7u2_amd64.deb
 49d09976c571510015fc836fc03a3ce0 217758 utils optional 
scdaemon_2.0.19-2+deb7u2_amd64.deb
 f49f5f40641b2279f0bbcb52c47a5222 256202 utils optional 
gpgsm_2.0.19-2+deb7u2_amd64.deb
 d322bf89a445a4f6ce3656854ad4c246 2284322 utils optional 
gnupg2_2.0.19-2+deb7u2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJTrDQcAAoJEBiP/EqTqnFy9H8P/3Ow/QL+/a4NlyOU21dYjaVI
AavYEKP2WSjWM1iQ1PkpQQAcQvPIypLTaibqLlfwDSu42xAP1HdXk1AlIXEf+ZAp
N29X0Ckv5YbKY9HBKxKQosqI3tDu/a8L+vM3UdBURVHDWPi9D3eyELRhK0r7qPkl
77iJHyHC6BnRfO58V5JJedeDfjvCF5JcfZA6q++PeGIy8EqbzYkOS5YOoNyr18Qd
oYLyVACakDDD88N4AWEbRUHownX8klQaazg514HpKCXsjxTKEEbZn2G7UiICgiei
ntPUSmlkNLtgQ86gV4e+9h/T266vmC/RPgBFBxOnRp/QCVxuD8eIJtjExQcu4BHA
qRbPY/AgTMX1aPp2FKykupzW4rOx00qwxUkZWf2d5JM0YqQn5xc6ysfckqjVftfG
bQE/M4wiVPuMKpAmSqIA2kijxGtRe1668nRq4IktlOESWeDGWn44BQ+o+tBHHGXs
eaHVazxP5RIy5ndJfdx0nti7P4T51soMH///xXtOj92TEFOpl6LQ8D0+88veGzo1
uq9TWkqStp1K2tlz7RdLp5AGnZOppRRc9aiWD6cxyecocKOrs08BjfJd8NoLqzDf
YnlwpdpmtNS7kczaQr//7UuGg9Bz/OjR1JDosolJ2SmS9LONh0zEQ5OvYGF3OzGo
gUZGYWIew5+1VvaWjsIf
=0btx
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to