Bug#1038119: marked as done (tang: CVE-2023-1672)

[Debian Bug Tracking System]

Your message dated Sat, 08 Jul 2023 18:32:48 +0000
with message-id <e1qicjg-006oow...@fasolo.debian.org>
and subject line Bug#1038119: fixed in tang 11-2+deb12u1
has caused the Debian Bug report #1038119,
regarding tang: CVE-2023-1672
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1038119: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038119
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: tang
Version: 11-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>

Hi,

The following vulnerability was published for tang.

CVE-2023-1672[0]:
| Fix race condition when creating/rotating keys


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-1672
    https://www.cve.org/CVERecord?id=CVE-2023-1672
[1] 
https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: tang
Source-Version: 11-2+deb12u1
Done: Christoph Biedl <debian.a...@manchmal.in-ulm.de>

We believe that the bug you reported is fixed in the latest version of
tang, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1038...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christoph Biedl <debian.a...@manchmal.in-ulm.de> (supplier of updated tang 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 08 Jul 2023 12:49:07 +0200
Source: tang
Architecture: source
Version: 11-2+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Christoph Biedl <debian.a...@manchmal.in-ulm.de>
Changed-By: Christoph Biedl <debian.a...@manchmal.in-ulm.de>
Closes: 1038119
Changes:
 tang (11-2+deb12u1) bookworm; urgency=medium
 .
   * Fix CVE-2023-1672. Closes: #1038119
     - Cherry-pick "Fix race condition when creating/rotating keys"
     - Assert restrictive permissions on tang's key directory
Checksums-Sha1:
 d597faa1b70dc356109b99eb1872e0e2af2158f9 2203 tang_11-2+deb12u1.dsc
 b762165e795fade947ce3e9b9be13e1406e1797c 6808 tang_11-2+deb12u1.debian.tar.xz
 4cb2415fadb675240ef562604cde11b0fe514ff0 8727 tang_11-2+deb12u1_armel.buildinfo
Checksums-Sha256:
 0e4cfb4136e3890c3645e56776d9e3571a4bc9c500b4d43a8768b6edb8db2a98 2203 
tang_11-2+deb12u1.dsc
 73e9e68f94a54e489e2ff0220b2c267a93c2be6025c340258da95de3ad05db7a 6808 
tang_11-2+deb12u1.debian.tar.xz
 5f3421ee7f8d56cfb25ab09e432b1aa6c7f389c6e0b82221e353f11bf424f5c0 8727 
tang_11-2+deb12u1_armel.buildinfo
Files:
 14885a01ee438bf91c18a40bfb8cda22 2203 net optional tang_11-2+deb12u1.dsc
 617f58ed4122813d1c6acc93589cec08 6808 net optional 
tang_11-2+deb12u1.debian.tar.xz
 65ed805bed89dd5b45c868ac17100aec 8727 net optional 
tang_11-2+deb12u1_armel.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEWXMI+726A12MfJXdxCxY61kUkv0FAmSpZekACgkQxCxY61kU
kv0SThAAnwbnD6N9cYhoeQo/kjNxGGXKM9KKeVDxXh/+IVMfaefRNrnimf6PPo7l
/dQdoPyh5LvLg5OReHfPjLxKksiie7Uw2G/mWIG2yfQ/yCG3tj+o0CVHpLNtwQ1Q
Igwl0FGO8dkU/hPuOQDiop0JznpFBoiEsX4t20aDZ89C07nFA5uwCCbRwZfRM6VD
KH+HnL8N45tM1RrJ3bgnRTSaVUQXzw6izLeBBjfW5af+mUJoeN56sh/WKOcOpAS0
u4QCE6idOQSSe1M1HGEr5whxh/seINlF+TKNLjicF07YrxSOVPejUd0G2gwHafDK
FoRF+XNyGd4uCzfYy4cHgpBGFTaEW46p4szTVzzAQsO5pUTY+UPMtKfk2xuuvuu0
zI+XKnO9xp5IECSWP2Mc8CpOIc4j/WUp77PqN3Lj8+urK7HjPzpVXnMUvAsiXEuV
t0VA3ziE/QkcgAuu4WuqhUSfj9x6eBH1u74NJ/jGDDoXq+M81GG2+Y9yR33Gybwv
sTGvU2jS4Q0vAYOQr7JMgKNYF3q/7E6s/uLg8Ldv2oS9wZzVYqwuYUoofY1xQtLK
4i1bk25Spha6LJVq9pgKGIlpSz+A1YeZyIvsLGeA9L7ClGM0tdXfhYjQBUe+1J4A
Ymi0NyY6e9XB0vDUm3b0cVpY14jB/4liH/iju+VEUPRvLghHUjA=
=sUfV
-----END PGP SIGNATURE-----

--- End Message ---