Your message dated Sat, 24 Jun 2017 21:18:12 +0000
with message-id <[email protected]>
and subject line Bug#864560: fixed in gnutls28 3.3.8-6+deb8u6
has caused the Debian Bug report #864560,
regarding gnutls28: CVE-2017-7507
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
864560: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864560
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gnutls28
Version: 3.5.8-1
Severity: important
Tags: patch security upstream fixed-upstream
Control: fixed -1 3.5.13-1
Hi,
the following vulnerability was published for gnutls28.
CVE-2017-7507[0]:
Crash upon receiving well-formed status_request extension
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-7507
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7507
[1] https://gnutls.org/security.html#GNUTLS-SA-2017-4
Please adjust the affected versions in the BTS as needed, just checked
3.5.8 in unstable sourcewise. Not sure as well if it would need a DSA
if older versions are affected as well.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gnutls28
Source-Version: 3.3.8-6+deb8u6
We believe that the bug you reported is fixed in the latest version of
gnutls28, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Metzler <[email protected]> (supplier of updated gnutls28 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 16 Jun 2017 07:39:52 +0200
Source: gnutls28
Binary: libgnutls28-dev libgnutls-deb0-28 libgnutls28-dbg gnutls-bin gnutls-doc
guile-gnutls libgnutlsxx28 libgnutls-openssl27
Architecture: all source
Version: 3.3.8-6+deb8u6
Distribution: jessie-security
Urgency: high
Maintainer: Debian GnuTLS Maintainers <[email protected]>
Changed-By: Andreas Metzler <[email protected]>
Closes: 864560
Description:
gnutls-bin - GNU TLS library - commandline utilities
gnutls-doc - GNU TLS library - documentation and examples
guile-gnutls - GNU TLS library - GNU Guile bindings
libgnutls28-dbg - GNU TLS library - debugger symbols
libgnutls28-dev - GNU TLS library - development files
libgnutls-deb0-28 - GNU TLS library - main runtime library
libgnutls-openssl27 - GNU TLS library - OpenSSL wrapper
libgnutlsxx28 - GNU TLS library - C++ runtime library
Changes:
gnutls28 (3.3.8-6+deb8u6) jessie-security; urgency=high
.
* 56_CVE-2017-7507_1-ext-status_request-ensure-response-IDs-are-pro.patch
56_CVE-2017-7507_2-ext-status_request-Removed-the-parsing-of-resp.patch
56_CVE-2017-7507_3-gnutls_ocsp_status_request_enable_client-docum.patch
from upstream gnutls_3_3_x branch: Fix crash upon receiving
well-formed status_request extension. GNUTLS-SA-2017-4/CVE-2017-7507
Closes: #864560
Checksums-Sha1:
82abb49280d87d109de7be93d501296eb757cf9e 2958 gnutls28_3.3.8-6+deb8u6.dsc
cbae63155970ee2b85cabf9a7b36cc0ddc09929c 105968
gnutls28_3.3.8-6+deb8u6.debian.tar.xz
52a79bab603d13968b3e1af624bf269ac3961488 3628582
gnutls-doc_3.3.8-6+deb8u6_all.deb
Checksums-Sha256:
109f05884b2ff5c50766749986603083ed56e11ff98a51cd6a102baf906a2bef 2958
gnutls28_3.3.8-6+deb8u6.dsc
67041552c37898eb50c009069ebad127b109bb035920918147b86b60dd7361f5 105968
gnutls28_3.3.8-6+deb8u6.debian.tar.xz
6e399d6e857ac77402257cd530302046d0c89b707c2ae0e5f518ce3ae5062983 3628582
gnutls-doc_3.3.8-6+deb8u6_all.deb
Files:
3c5ce07f3e1fedaa33a87808ed1c181e 2958 libs optional gnutls28_3.3.8-6+deb8u6.dsc
f4bb1e793efabf5381d75deb2ab5a925 105968 libs optional
gnutls28_3.3.8-6+deb8u6.debian.tar.xz
2f15f305e797c91e592e5389f07d2a0b 3628582 doc optional
gnutls-doc_3.3.8-6+deb8u6_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAllDcdkACgkQpU8BhUOC
FIQigQ/+KMd4Mx4S13yn9Sv60Wx4WzLavZ21yAZLNdBr+Ydtn072S5Y6CoNtAc6R
xeWPGYgokLH/BT8CMdzHeMl8yOFh1pS2H6P2mOQ+Q+TXzUeRztpY6v+I7tjU2t/1
J7XT9rN7eOzmikdJI6KDPxSxGmVz99HPwSuSoAZ2VFWXQ2jRj9I6JoYtdMbv68xb
vKRVATq5vJ8jQOR10DcD8B5uY1cwcdELh+1cz6s3Eso1JGFPJsvycarcVzfVoYUw
NY5LD/TPKbc6ld5Kiq5jxmVpDNzXTMNZ6nTnUtbGcq5g7IwG38REmetk/M5Nk0WX
1locR84oXwOp6CQBm1X0XS/RqIBr7sW1JRt8zir+ltw5zubAUU4EisNBBu6yq5ap
Xg8QA0VVGHokOaOrzX8JIt/+uf8Bznyh/itgC54efXfQpcSUHDBWZqpPQWM51Ab+
Q9SBykbBGsTubeOQSgt/iHvSKAa5vGkPzs8w3xPKPkmFLGh8orxENtgPPMEBZVg0
IW+CVyYY9JlSGms9fsL0K0nO1zYdqV4o6i3yA2LFOiJe+G0XJMx7kj2wpb1bknlz
f9+LbhsPI1aGtM4nJ6lGzsGU/isCxCLHJD2TKmGJ6OwGchjMe2ZOiSxDJWiV1uva
jrfPpxyq+QWLzuDMVbNVzo2kkSFdRfWZOT0kvZfS2SG/GZjt240=
=Co8b
-----END PGP SIGNATURE-----
--- End Message ---
