Your message dated Mon, 13 Apr 2020 22:18:47 +0000
with message-id <e1jo7pj-000bnb...@fasolo.debian.org>
and subject line Bug#956650: fixed in awl 0.61-1
has caused the Debian Bug report #956650,
regarding awl: CVE-2020-11728 CVE-2020-11729
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
956650: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956650
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: awl
Version: 0.60-1
Severity: important
Tags: security upstream

Two security vulnerabilities were found in the awl package:

CVE-2020-11728
Session::__construct() allows use of the current time as a session key
https://gitlab.com/davical-project/awl/-/issues/19

CVE-2020-11729
LSIDLogin() is insecure and can allow user impersonation
https://gitlab.com/davical-project/awl/-/issues/18

All supported Debian releases are affected.

--- End Message ---
--- Begin Message ---
Source: awl
Source-Version: 0.61-1
Done: Florian Schlichting <f...@debian.org>

We believe that the bug you reported is fixed in the latest version of
awl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 956...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Florian Schlichting <f...@debian.org> (supplier of updated awl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 13 Apr 2020 21:37:06 +0200
Source: awl
Architecture: source
Version: 0.61-1
Distribution: unstable
Urgency: medium
Maintainer: Davical Development Team <davical-de...@lists.sourceforge.net>
Changed-By: Florian Schlichting <f...@debian.org>
Closes: 952182 956650
Changes:
 awl (0.61-1) unstable; urgency=medium
 .
   * New upstream release (closes: #952182, #956650)
     + fix CVE-2020-11728 "Session::__construct() allows use of the current
       time as a session key"
     + fix CVE-2020-11729 "LSIDLogin() is insecure and can allow user
       impersonation"
   * Bump debhelper compat to level 12
   * Update copyright years
   * Add upstream metadata
   * Declare compliance with Debian Policy 4.5.0
Checksums-Sha1:
 cbe2fa1f7a7b314ffe687ec032dfb5cc0d8b3a3e 1949 awl_0.61-1.dsc
 86d525284036c02a5c29b108dcd7108b2adeb908 124340 awl_0.61.orig.tar.xz
 9d6412f0ca6796b0814d6df84d14ddde808f4f03 7020 awl_0.61-1.debian.tar.xz
 a0c41fc17a7a2c42a898b9ecb9078dfbec000697 7740 awl_0.61-1_amd64.buildinfo
Checksums-Sha256:
 37f1836a666d7c8858f893037d2e5201c4e034e06a3b592a45788b2ea0b00bb3 1949 
awl_0.61-1.dsc
 fc8b8bea609483feba7ac985b074c5341633d2b9a756ee894737ae5aec00dee3 124340 
awl_0.61.orig.tar.xz
 fbb635f6954dec3644fbfe0efecd20dae67b6769b554792b24b699fc9953765c 7020 
awl_0.61-1.debian.tar.xz
 334a8f542b450b3c5629e6d0b1fad786de298ac46c54886adf936cc9e459f9fb 7740 
awl_0.61-1_amd64.buildinfo
Files:
 9c7da0380668aaa8d5a56c6e4007c980 1949 php optional awl_0.61-1.dsc
 b22ee3e4a09f4b68ab1ec714319b9e41 124340 php optional awl_0.61.orig.tar.xz
 77e1ebdeffd94d82cc38913b0a7a4a05 7020 php optional awl_0.61-1.debian.tar.xz
 6e5d7d2b0fff5e3977acf01ae77cc31f 7740 php optional awl_0.61-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEMLI8i05qOwnqprZSEpc7bnLcB7UFAl6U398ACgkQEpc7bnLc
B7VWSBAAh8+e/lQguV9hEf3xHJUs9qbORJ6+bYwjsIav2EnWSPgqZMk7UUw4MrCo
dhNPp7ENlZ83Gi32IfcA0Xd4+HOHZpadeXv+NRe/Z0H97Dvid2Y0FVtdv2W54CYA
35JQwOY/dr8e8i39UEm0Xa8dXx1w/iFRhJmfV4e8jLRe/U0jTkTs+L9fEShlEQLq
9CC4Gsc/1w5BuGgdLDYlOnaDwbfRjyq2Fpia4FLgYUgsUaNyEkB/uUOIwkgo6YLW
FckCczINfoHMVY+DgE2Rid97HbcahGdGlbuhCO3F7FcvGEeD64yq5Ig7AJyXafNk
o9yA4WQ6EtBTRNUHSSnCYyUqIMsYbqt0XjebW9eTUrj+9zZ7uSrD8M24YESoPMqr
deGmlmsEHtjARuinj+o5hrVgF2dE3Yb7lUpdhkozD6AITFKUiahpJMKrn4e3xcFU
jjfN7cA2g1uNfBYY6qIPymdWqWf3+mRU3vLihXLMLuSjBlO/KsGU8kxt0Tw/pL/K
HF+Rkh+OFH70vpWYFJWF2LRRVJwaLoGQagrB3TKcYRyKKhlUk7UZ+zQ45k/ZanWm
V3SJkb88SqAR0lH0gU78nGgpFlJeYoNu24bFCYJ5QccmnSVHnhZLds1gMcCUnGBy
LMFgbPhO4aVPkNysRs70oNM5LMKHouh20T1AN+5eB38j/1NKbjk=
=7ku8
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to