Your message dated Sun, 15 Nov 2020 17:03:35 +0000
with message-id <[email protected]>
and subject line Bug#974719: fixed in tomb 2.7+dfsg2-2
has caused the Debian Bug report #974719,
regarding tomb: CVE-2020-28638
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
974719: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974719
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: tomb
Version: 2.7+dfsg2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/dyne/Tomb/issues/385
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 2.5+dfsg1-2
Hi,
The following vulnerability was published for tomb.
CVE-2020-28638[0]:
| ask_password in Tomb 2.0 through 2.7 returns a warning when pinentry-
| curses is used and $DISPLAY is non-empty, causing affected users'
| files to be encrypted with "tomb {W] Detected DISPLAY, but only
| pinentry-curses is found." as the encryption key.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-28638
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28638
[1] https://github.com/dyne/Tomb/issues/385
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: tomb
Source-Version: 2.7+dfsg2-2
Done: Sven Geuer <[email protected]>
We believe that the bug you reported is fixed in the latest version of
tomb, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sven Geuer <[email protected]> (supplier of updated tomb package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 15 Nov 2020 00:27:31 +0100
Source: tomb
Architecture: source
Version: 2.7+dfsg2-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Security Tools <[email protected]>
Changed-By: Sven Geuer <[email protected]>
Closes: 974719
Changes:
tomb (2.7+dfsg2-2) unstable; urgency=medium
.
[ Samuel Henrique ]
* Add d/gbp.conf.
.
[ Debian Janitor ]
* Remove obsolete field Name from d/u/metadata.
* Update Standards-Version to 4.5.0, no changes needed.
.
[ Sven Geuer ]
* Security upload (Closes: #974719).
- CVE-2020-28638: A static string is injected as enryption key when
pinentry-curses is used and $DISPLAY is non-empty.
* Add myself as uploader.
* Helper executables moved from /usr/lib to /usr/libexec.
* Bump debhelper-compat to 13.
* Update d/copyright.
Checksums-Sha1:
bfbf3aeff4943b2ffc1517ba6aa97007d016f468 2004 tomb_2.7+dfsg2-2.dsc
f685b41b3bd7576e9d78e288751b4d3f3b907b9e 7652 tomb_2.7+dfsg2-2.debian.tar.xz
dfef85bcad88050d451fd20bc5a3f8efc4636df8 6245 tomb_2.7+dfsg2-2_amd64.buildinfo
Checksums-Sha256:
ea2796eab3e90f412a2936383654034d323f659a07ac7fd0677d0ddb00fb7d4f 2004
tomb_2.7+dfsg2-2.dsc
05012195b187bc918800362632d8c4bd1abbc9ba53d6fa9a6a0bb039f851603a 7652
tomb_2.7+dfsg2-2.debian.tar.xz
0cb101d27e2b8a65b95bb3b90a62e018361b3d2641b06053685a8ac3598e8a58 6245
tomb_2.7+dfsg2-2_amd64.buildinfo
Files:
cf9a4082406d75640f8de74f6247ca61 2004 utils optional tomb_2.7+dfsg2-2.dsc
a5d7cde9a4709f7fe31ed482585b65e2 7652 utils optional
tomb_2.7+dfsg2-2.debian.tar.xz
3a8cb7cfd5fffd67cb4013c57c3b1163 6245 utils optional
tomb_2.7+dfsg2-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEBdtqg34QX0sdAsVfu6n6rcz7RwcFAl+xWmwACgkQu6n6rcz7
RwcEXQ/+Loi/aYKXWx9bUJc1Co2tPQTQfK0HivI/03acDiPrEbBTo9Fn4JXKTQDi
PjqCJd8/EryXxHNd6WxjyeuyJXWnZahOwSIE3DFhSuujF02nZHmdq5rzdeCMVN9Q
KieE4ak7vcuGO9ATLUJET7hoFZQRlDIsUFFANws3XK0cpa/Tsx++CmyOomAHzwXP
Lp4yOw5wcWJV+1OCzkZMF85Vqv+YUaR3MusLor4VVOBPD2TJ0aiGNaGih9ASC5Q+
msXHIi2OLObAZ9WW3VThV2puvY0eHUD++mhcU7qgiQZP0nAijl/NAOpskWTTeRIE
IrluIvRlu1bvRP69wsPWeZPTFqFZhv2zIvLFXND57D3o6eIMZnYVSX1arnWDHvxI
641ExVlnMZgr5HvRtghMy8KN1j1DuGnyvH4JPT9p8zZrRv4p6TvV9VFkYeGGpkWJ
mtDZLfOdJHZZNC3rLEPoRzY+xxPivdX7SNvsF6RxjFeRXRI5Axn8A96wROnJuBHJ
c+T9A618YuIN2sgHDHfrBS44A/o0Rd5UGX8cxJgp3WNSD3Pl6fyZzlS9VrOILZcw
fS+BNyOENMCzrFFIscMhGdWAGspdN1JnwAtWQyYqICOrUSIw8vrBQ4GsuGPDuDnp
9qNEDr+a0XiAB1dOBjMWS/MDrkCJseoxHW3R5e+WU2vu49Rp0UQ=
=Vp8J
-----END PGP SIGNATURE-----
--- End Message ---
