Your message dated Sat, 28 Feb 2015 15:34:51 +0000
with message-id <[email protected]>
and subject line Bug#779428: fixed in gnutls28 3.3.8-6
has caused the Debian Bug report #779428,
regarding gnutls28: CVE-2015-0294: certificate algorithm consistency checking
issue
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
779428: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779428
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gnutls28
Version: 3.3.8-5
Severity: normal
Tags: security upstream fixed-upstream
Control: fixed -1 3.3.13-1
Hi,
the following vulnerability was published for gnutls28.
CVE-2015-0294[0]:
certificate algorithm consistency checking issue
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-0294
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1196323
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gnutls28
Source-Version: 3.3.8-6
We believe that the bug you reported is fixed in the latest version of
gnutls28, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Metzler <[email protected]> (supplier of updated gnutls28 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 28 Feb 2015 14:17:21 +0100
Source: gnutls28
Binary: libgnutls28-dev libgnutls-deb0-28 libgnutls28-dbg gnutls-bin gnutls-doc
guile-gnutls libgnutlsxx28 libgnutls-openssl27
Architecture: source i386 all
Version: 3.3.8-6
Distribution: unstable
Urgency: medium
Maintainer: Debian GnuTLS Maintainers <[email protected]>
Changed-By: Andreas Metzler <[email protected]>
Description:
gnutls-bin - GNU TLS library - commandline utilities
gnutls-doc - GNU TLS library - documentation and examples
guile-gnutls - GNU TLS library - GNU Guile bindings
libgnutls-deb0-28 - GNU TLS library - main runtime library
libgnutls-openssl27 - GNU TLS library - OpenSSL wrapper
libgnutls28-dbg - GNU TLS library - debugger symbols
libgnutls28-dev - GNU TLS library - development files
libgnutlsxx28 - GNU TLS library - C++ runtime library
Closes: 779428
Changes:
gnutls28 (3.3.8-6) unstable; urgency=medium
.
* 39_check-whether-the-two-signatur.patch: Pull and unfuzz
6e76e9b9fa845b76b0b9a45f05f4b54a052578ff from upstream GIT: On
certificate import check whether the two signature algorithms match.
CVE-2015-0294. Closes: #779428
Checksums-Sha1:
b674ccbcca46098adcab1eb8717e5213e3045bd5 2913 gnutls28_3.3.8-6.dsc
18496ae45208657556f1a4e6fb382559471801d3 89416 gnutls28_3.3.8-6.debian.tar.xz
74fbbe37f2fbe0a365021d619dc68693dd87386d 679664
libgnutls28-dev_3.3.8-6_i386.deb
16523e76fe3d5144854051b7dbf676955b3c0a87 709286
libgnutls-deb0-28_3.3.8-6_i386.deb
df6e5d3088dbbfb26e334297e36dca73fcd89af0 1916888
libgnutls28-dbg_3.3.8-6_i386.deb
08d71c5f026a600b26f92988dcbccf44e0e0027f 309778 gnutls-bin_3.3.8-6_i386.deb
c920704f3db0ffd7b2db1f090eda01c4d47f4b35 3626382 gnutls-doc_3.3.8-6_all.deb
7b3a790697e4829fefc9575f3ed51d92f9307a54 174518 guile-gnutls_3.3.8-6_i386.deb
2e82059b2872842938db1d18740648100efe4be4 15400 libgnutlsxx28_3.3.8-6_i386.deb
302a357b86bc5bb79d03dd4407506ce2909527c6 142114
libgnutls-openssl27_3.3.8-6_i386.deb
Checksums-Sha256:
ef3dfc929aa7cee9a0363cdbd38389f865da1a7ed70db0caaec5092f60f92163 2913
gnutls28_3.3.8-6.dsc
68fa031fcc1e9c506ebff7c5844516b62abcedf122ca0f9fe4136dea8a297ef2 89416
gnutls28_3.3.8-6.debian.tar.xz
8c7bede9fcf6de24b3a342918900410dc13c558c4d6d88caf4e88e2e53665882 679664
libgnutls28-dev_3.3.8-6_i386.deb
5688e2654f9019ad34d6b2282499aacb09ffb9b359effbbc09b9589511cfd900 709286
libgnutls-deb0-28_3.3.8-6_i386.deb
bfef98a46f77a7a62f30e39baf00cfce1cab82d1d936edc62d5d90cab67f2ea3 1916888
libgnutls28-dbg_3.3.8-6_i386.deb
d6902d19619ff656d94cf23b21aa69168ef7ad5294fb0cb9fb992e30d7c33598 309778
gnutls-bin_3.3.8-6_i386.deb
b4c7d0549b3fbbd20e50079746846b1ae41139f95f3fe4c3cfdf61c96ba4e421 3626382
gnutls-doc_3.3.8-6_all.deb
01535f203b24a45d0edc02e2a0f1daf5a81e1cfbdc0152568ac09178f3416e8a 174518
guile-gnutls_3.3.8-6_i386.deb
32a44cca88169a7091c0c7ef4ba295752da009b974bef65125acb09505fb4fee 15400
libgnutlsxx28_3.3.8-6_i386.deb
1b87f4f456eb3666119ada0e0e5d88cb576904c1ccb7d51b7993be61f01cc25c 142114
libgnutls-openssl27_3.3.8-6_i386.deb
Files:
65def7024b69e1f9d828900e437341db 2913 libs optional gnutls28_3.3.8-6.dsc
6d591c2d0a3a656d632b345a75a312a0 89416 libs optional
gnutls28_3.3.8-6.debian.tar.xz
3e64a104419f11fc8bc5577197bc7cb5 679664 libdevel optional
libgnutls28-dev_3.3.8-6_i386.deb
14a1938de6b87090b3628bdd66889545 709286 libs standard
libgnutls-deb0-28_3.3.8-6_i386.deb
602cfe1d7e71e03d9e6b7110ac7eebef 1916888 debug extra
libgnutls28-dbg_3.3.8-6_i386.deb
f58baff6b7eaf64c409324e075982f50 309778 net optional
gnutls-bin_3.3.8-6_i386.deb
d034a0a4ebe5f708676ea7fac247ab38 3626382 doc optional
gnutls-doc_3.3.8-6_all.deb
0c43ffd72f75dc09185d5d06e0cbc358 174518 lisp optional
guile-gnutls_3.3.8-6_i386.deb
67907b66fcac3413c1fbbcf66a0821de 15400 libs extra
libgnutlsxx28_3.3.8-6_i386.deb
e0f44b898aa106453cd3010831fd6046 142114 libs standard
libgnutls-openssl27_3.3.8-6_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJU8cZBAAoJEKVPAYVDghSEzkYQAKPVHG8NUfVO55mf2FwTbFWD
HXd1KCq8lVsp+3uY7GnbsLdkl5C8Xhoiv/JVIJm8H/NF+TOUm9mkRjiw3+Q1J/Ro
dHGuSDTtvUCNIm/nsqAajL+88tHeQxXLFWCKc4caNeW7HwoC1i2YM25z32WIrIi6
s1NL+fdcAKfs8/FKuIMdlC0gw1fbtLt9OOBA09DYFVFGh2oiDhFelwFhDd/LsKpa
k1uQ6697NpY49tVMyq4D5VNbnZXLM7S9hv0w/fsUQUIWYyM8Zwv+jpp95gWWLXUM
AAzCdSug4wsag25renFajGKFTSrav+1tS5qTI4rEPSH++0rmCDreq0jE/1dlBut1
85TY9Zu8T3Jmpa0E/HUuek9y9fH19KOsRPRXCRafFYmTazdG/iFXxRtH5NYcKC+U
Yw0BfIUBO+zp+cSfg3lN3+B1rXYDGkG+2eQInUaoEdsWCFKLEoTjYeWuNI8zc4pT
sIAvp3ESO+n2xNd4R2j+MQEg0B20vKUc6KCi+AvS1+T3Fu8B4q4z7USHR/Tll53S
PksUXChYyEja4/Ma38trq1aUjzXmdAAfjT3sSo7O4XgAatEppr3XVKEqNNHOvkAy
CCccpNRwb8MVTnwxwfLtfPnIPY470OjJ/n61ZhFm1pvogQd4MQHPDHPPwsd24YkJ
gTvN3y4DmEMcVxhyBbAw
=ckpk
-----END PGP SIGNATURE-----
--- End Message ---
