Your message dated Tue, 13 Sep 2016 10:12:38 +0000
with message-id <[email protected]>
and subject line Bug#837042: fixed in libtomcrypt 1.17-8
has caused the Debian Bug report #837042,
regarding libtomcrypt: CVE-2016-6129
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
837042: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837042
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libtomcrypt
Version: 1.17-6
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for libtomcrypt.
CVE-2016-6129[0]:
possible bleichenbacher signature attack
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-6129
[1]
https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd09
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libtomcrypt
Source-Version: 1.17-8
We believe that the bug you reported is fixed in the latest version of
libtomcrypt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Stapelberg <[email protected]> (supplier of updated libtomcrypt
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 13 Sep 2016 10:00:27 +0200
Source: libtomcrypt
Binary: libtomcrypt-dev libtomcrypt0
Architecture: source amd64
Version: 1.17-8
Distribution: unstable
Urgency: high
Maintainer: Michael Stapelberg <[email protected]>
Changed-By: Michael Stapelberg <[email protected]>
Description:
libtomcrypt-dev - static library, header files and documentation for
libtomcrypt
libtomcrypt0 - public domain open source cryptographic toolkit
Closes: 837042
Changes:
libtomcrypt (1.17-8) unstable; urgency=high
.
* Add debian/patches/CVE-2016-6129.patch, backport of upstream’s
https://github.com/libtom/libtomcrypt/commit/5eb9743410 to fix
CVE-2016-6129, a bleichenbacher signature attack on RSA.
(Closes: #837042)
Checksums-Sha1:
6dfbe802494fcb3386113d5fbe0b710e49492825 2033 libtomcrypt_1.17-8.dsc
a229554dd82583d7c0dcc7cc90591d9b2db9f3c8 15160 libtomcrypt_1.17-8.debian.tar.xz
b1470568361c5378c13f0e12f88a83a5be5f921c 1072456
libtomcrypt-dev_1.17-8_amd64.deb
7c48e7a3dc9bf52e661b1ff24676cfd776549e96 689922
libtomcrypt0-dbgsym_1.17-8_amd64.deb
e9c80cdafed80903d895c04eb6e2ba88fc806a64 328166 libtomcrypt0_1.17-8_amd64.deb
Checksums-Sha256:
5328a1fb7814ea5b5aca4d7eac400302c6b8c737e85e4a6d8c4599494fd069f0 2033
libtomcrypt_1.17-8.dsc
542d7c5e61b715721d5720404c05e6001d80b68f3a874c20cd2fd1a8659fbde2 15160
libtomcrypt_1.17-8.debian.tar.xz
3d589849bcd41a9bb89e87933f64e3d85ec8d390894b624874c533ea7a4b345b 1072456
libtomcrypt-dev_1.17-8_amd64.deb
71f7413c61d16fc764125880177c72ab81b471b126a2681f4e536bfe7a650bb5 689922
libtomcrypt0-dbgsym_1.17-8_amd64.deb
2c35540350d5b62e8124c081e659024a1dca78da6712e7802c4d28af9d4071b2 328166
libtomcrypt0_1.17-8_amd64.deb
Files:
611b3037a0fd07fb73cb3eccd6741c0b 2033 libs extra libtomcrypt_1.17-8.dsc
744fe07d9daedf692937a91974c23284 15160 libs extra
libtomcrypt_1.17-8.debian.tar.xz
9f5871075520bd08c958abb8150ab736 1072456 libdevel extra
libtomcrypt-dev_1.17-8_amd64.deb
ed3db318a6cffa015551750e675691ea 689922 debug extra
libtomcrypt0-dbgsym_1.17-8_amd64.deb
bfb06e6b07b16f960df6805bd9e29853 328166 libs extra
libtomcrypt0_1.17-8_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJX17MaAAoJEE5xYO1KyO4dhH4P/iRNPJt66LJ9Hi3avWQcL+c3
PaPrHLMsgnnzXT3TmBQoKdWryTGbs0AeAEi/Vu9SGmAiL+6xQgAyTS9Qv4RiXnqn
KqHDyCUkW02xGjVWEE4fyBqp36caSQ6IsfbFrpP8pX0zUKMZiB9AVt22OoTnizo5
HIs2kvO/cRT6jRSmMDx1y+xDIC6y1JvD9UN0xC12Qz0+TcbN39ZGxTOn5O316iOs
bh4r/DcbE0xDEPyXwMZGp/levGncuWgmRE3TsmUFVHHSArah2GiigHU0kNbh2PGd
RioQ4+/z2YDU6kABsI07etJizdENgswxIx11X02JN0gq22d6n0EMMPRclr7Xdbj5
wzhe+mCP188wXtWM821+EPfMkMF+Y3psC8z9YcDv44XJVjKBetfyBrXGbrhYOUOr
keMPElwn4FsIW0LoDisgkw1XfTkMOe6IG4a4ykB5kKG806q/hjO4mitL+yA8HuGX
Gd0zTuCvHHT4gRtQG5gkz9cq+TRGA43aGTOHD9/Ea+kBPFJ+3M2518WcV/8egSW2
CnWNSM+7QUkp72vBvhyoqoXpxNXu7ULce2cpiB/KYJ8JnaEmhhgvxAXcayuN7yZS
rtZDN/tSr29P0cPxjfbdhFKy6v70NHModqR1iCcMcyxUBJXJpB+cMbMJrix+L2A6
NtCOSbWPg4OIYhPPo9E+
=5UIJ
-----END PGP SIGNATURE-----
--- End Message ---
