Your message dated Fri, 23 Dec 2016 21:34:13 +0000
with message-id <[email protected]>
and subject line Bug#848009: fixed in libcrypto++ 5.6.4-5
has caused the Debian Bug report #848009,
regarding libcrypto++: CVE-2016-9939: denial-of-service in ASN1 decoder
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
848009: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848009
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libcrypto++
Version: 5.6.4-4
Severity: important
Tags: security upstream
Forwarded: https://github.com/weidai11/cryptopp/issues/346
Hi,
the following vulnerability was published for libcrypto++.
CVE-2016-9939[0]:
denial-of-service in ASN1 decoder
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-9939
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9939
Please adjust the affected versions in the BTS as needed, at least sid
is sourcewise affected afaics, older versions not checked.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libcrypto++
Source-Version: 5.6.4-5
We believe that the bug you reported is fixed in the latest version of
libcrypto++, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[email protected]> (supplier of updated libcrypto++
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 23 Dec 2016 20:54:36 +0000
Source: libcrypto++
Binary: libcrypto++6 libcrypto++6-dbg libcrypto++-dev libcrypto++-utils
libcrypto++-doc
Architecture: source amd64 all
Version: 5.6.4-5
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <[email protected]>
Changed-By: Laszlo Boszormenyi (GCS) <[email protected]>
Description:
libcrypto++-dev - General purpose cryptographic library - C++ development
libcrypto++-doc - General purpose cryptographic library - documentation
libcrypto++-utils - General purpose cryptographic library - utilities and data
files
libcrypto++6 - General purpose cryptographic library - shared library
libcrypto++6-dbg - General purpose cryptographic library - debug symbols
Closes: 848009
Changes:
libcrypto++ (5.6.4-5) unstable; urgency=high
.
* Fix CVE-2016-9939: possible DoS in ASN.1 decoders (closes: #848009).
Checksums-Sha1:
786af56ba06558359c8c9123aa3c6077641f650e 2072 libcrypto++_5.6.4-5.dsc
42000e484e1980685903adff2fd38248bf84ff51 16636
libcrypto++_5.6.4-5.debian.tar.xz
172e82d9c0d497e93247299f3ed2b97be050f2fe 1295712
libcrypto++-dev_5.6.4-5_amd64.deb
c52f871d46e9632d94713ec28edd696e6c1e5301 4162464
libcrypto++-doc_5.6.4-5_all.deb
6d9f5c5afc2a7f6815a0f60532a53287ff8086e6 3238932
libcrypto++-utils_5.6.4-5_amd64.deb
e85f070dbac91a56e3e85d3064ba71e2aa1cd418 12201414
libcrypto++6-dbg_5.6.4-5_amd64.deb
eca927add2381bb1115789b0eca531ed4893ebae 828760 libcrypto++6_5.6.4-5_amd64.deb
2c9e46b8430cfd835996ceca606b1446054396af 6461
libcrypto++_5.6.4-5_amd64.buildinfo
Checksums-Sha256:
9e3d45de4514f16755b13ec65c051b7024c50b3932e438cc5a574b2c82f6f348 2072
libcrypto++_5.6.4-5.dsc
b8c94b3029b7705b04fd89576a06efcd61e2adba01b4279411040d53e51ac866 16636
libcrypto++_5.6.4-5.debian.tar.xz
ee235ed06223983d0fe9c296ebc3fc4fa2d0f49ae2770c5af0269e553da6b4ed 1295712
libcrypto++-dev_5.6.4-5_amd64.deb
cea3a1b9fb5b7443e6753d3405f4d6bff8c55b441c22a56d3f3b03d50f762e15 4162464
libcrypto++-doc_5.6.4-5_all.deb
c2076ad53ece47603733b14ab294d3863ea42eb598a52a305a927c1179fa6c42 3238932
libcrypto++-utils_5.6.4-5_amd64.deb
559bdf1eb7d5642ab09216d97ecc89202af51ac3b75f6eecfef22fa810048d21 12201414
libcrypto++6-dbg_5.6.4-5_amd64.deb
7bb7857f15a8d13faedb5faa95c2e363bf042711884acbcb9594b4eed9ff88d6 828760
libcrypto++6_5.6.4-5_amd64.deb
45d1c297ad8b2f714c4d3d8166176076c467aef987da748582e3bc06acc39d3e 6461
libcrypto++_5.6.4-5_amd64.buildinfo
Files:
d9d9a124403699378b5e70b8458f08f0 2072 libs optional libcrypto++_5.6.4-5.dsc
d9e0a4d2e49769228bc91a89cbb796aa 16636 libs optional
libcrypto++_5.6.4-5.debian.tar.xz
da5569bc5856ef918cc9395630f65869 1295712 libdevel optional
libcrypto++-dev_5.6.4-5_amd64.deb
5dc3286ed3ef6c5eafed1eea6c034080 4162464 doc optional
libcrypto++-doc_5.6.4-5_all.deb
0e42b3e648c1599f75888be7803d2512 3238932 utils optional
libcrypto++-utils_5.6.4-5_amd64.deb
15a2cf4bb9207ae5b1337d77ce3e6647 12201414 debug extra
libcrypto++6-dbg_5.6.4-5_amd64.deb
d068dcb4736e3e8a9f3d756b10297818 828760 libs optional
libcrypto++6_5.6.4-5_amd64.deb
3b8c7f2913609ffe45e2452416f4d397 6461 libs optional
libcrypto++_5.6.4-5_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlhdk14ACgkQ3OMQ54ZM
yL+u5Q//cZ5a4OABFKJqfEQOg/IMsJeBQIkVZGof92umDWEtBXlTIf6nWv7FK4EW
neXXwBSVp8LRqBSlVcDrC88aZGjSDt0PxZJg/jHEwEt2zB2q2j5QXqaD7PCGX/Op
6rV7F6zftH2T2wyzY5VVK3UluMQDHF3nWGPZhDBR3AZ238po8Mno/IE0kKUbaGXM
psRTvPQ5IfE38L2VBHSnWJuNvU1YDplSIcyYdLyvSi1jOdWATui5TUfidyekRi2+
RL2Njgd6KCFefa7C+KRhviPtSF9fjUdISfN1uoi1viraeStMvQNxxCoy+cPP9xrk
YhZODT2fUhhDoX5xDvMTBe2gMuW5qe+zeaUzOppV1h/FQItUQCZkeK6VMVw3Q4dc
JpEXRWOD84fsGNKGL9M0u8K2bVAL/XzAIx7F8WsAKqqisSu0SfRzy9qNbFp2XWsU
ut9VU1z1+Zis+C4nqewuKSROHFB3dtJjvSC8sOMdLZ/fhDboxJVvLDq9z750Gc4F
qDZXTzhjdeVWqot/D/iugCNm8jOziaBmFZtFZgfiEMvOv1i8uIntbwfDoaTmBF3L
tdkShGpYndZMSbDqMx9lJ/X0pANft4ccN0/DQjxKPZNSZ5KNVMO0jRD/sW2HXkrU
p4W3mW7UzzQpbnzDWk/qFNhzhsExwEoMJeEcIidt1BdNz/vkQi0=
=7GDB
-----END PGP SIGNATURE-----
--- End Message ---
