Your message dated Tue, 09 Apr 2024 12:37:00 +0000
with message-id <[email protected]>
and subject line Bug#1067457: fixed in jose 13-1
has caused the Debian Bug report #1067457,
regarding jose: CVE-2023-50967
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1067457: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067457
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: jose
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for jose.
CVE-2023-50967[0]:
| latchset jose through version 11 allows attackers to cause a denial
| of service (CPU consumption) via a large p2c (aka PBES2 Count)
| value.
This doesn't appear to have been forwarded upstream yet:
https://github.com/P3ngu1nW/CVE_Request/blob/main/latch-jose.md
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-50967
https://www.cve.org/CVERecord?id=CVE-2023-50967
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: jose
Source-Version: 13-1
Done: Christoph Biedl <[email protected]>
We believe that the bug you reported is fixed in the latest version of
jose, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christoph Biedl <[email protected]> (supplier of updated jose
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 04 Apr 2024 07:40:48 +0200
Source: jose
Architecture: source
Version: 13-1
Distribution: unstable
Urgency: high
Maintainer: Christoph Biedl <[email protected]>
Changed-By: Christoph Biedl <[email protected]>
Closes: 1067457
Changes:
jose (13-1) unstable; urgency=high
.
* New upstream version 13. Closes: #1067457 [CVE-2023-50967]
Checksums-Sha1:
866963e32c7be9c245e677dbedb0c5c51e03894f 2053 jose_13-1.dsc
8fc852a72caa497f64fc04028c068cb2fee73e46 763644 jose_13.orig.tar.xz
a1c5f4635953eb449ffff017d24d4be9d98b71f6 3748 jose_13-1.debian.tar.xz
b4f561e30c3e0ab9d6453acfa6bce25b11c98f6c 8091 jose_13-1_powerpc.buildinfo
Checksums-Sha256:
0b862264512da1ee8cf52512003b8d0f962049568679735ce92ffd8eed3589d8 2053
jose_13-1.dsc
995a72678acb71a700907a2e6a2280e88a04dc14709094fe4ce828bc10aec3ed 763644
jose_13.orig.tar.xz
51fb924dd23e8ebb90d7db1771e2d6ec1e42a94ff175ce8aaf39cb60fe98a683 3748
jose_13-1.debian.tar.xz
9450a077e8f7c793afeef2e064b158ae2327e36e128b828a8efc915524739f68 8091
jose_13-1_powerpc.buildinfo
Files:
75f03eed0f71d7cf77b96c0d83c9a7d8 2053 net optional jose_13-1.dsc
eb23d8bcf9a16437acee964ae689581b 763644 net optional jose_13.orig.tar.xz
4c9bd9c9e7386a20ca14c3216e235583 3748 net optional jose_13-1.debian.tar.xz
7377031b330e8618b95240346e2601cc 8091 net optional jose_13-1_powerpc.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEWXMI+726A12MfJXdxCxY61kUkv0FAmYVMtwACgkQxCxY61kU
kv3jsg//Z5pj/qc7PFqQhDvDLdUL2VtVDW+i54FfFhwzEaKncZa0OZABDnPfV2eW
yg+xnDmZ3Fn3r/CkHKbohMPRWoISkIuMl66X1VgWiFxLxU2hY0Lc6fWX2JrQifmq
Gyi5hucLVTmOvT/lnGiC9GTDKUnO/C9tD9WnVyRX3saQd9qEFZfdK1CM2W7Jim1E
yawsrDv3TYYIXdIyvLF/T2eJkhSP0IcDaCjwkFQf6Gr6Z3c5WxJU+Ku+YI/3NTAJ
hzJagdvime9kLgPgIX91pw880SH2xMj/JKod8E+nsJkX/pvD9Wr8qJNRIBaXY4eF
cfBqvShP/M7mQ8Esj8GLnN9FO9EAC1GC1ykJov6/jLQxpXPoAviRSUhPHFUmbYUK
jrQQN17LIGMUNPiPuzO6V/gRDnySk90ClmpAtMl6qYbmWg/1vDWeW7lCQ2UniWvH
NdqZ/Y17U0W8BF1QQ2u0SV61+qtN1w0vGnQGEAdTdJm7xcaAf3D8NRXVbSgAGEvd
vhM48b/hAnK8MuSgP4IkOzyNlPB7T6lKUuzxpkX0Ae85K1DthzSs4CzyfVXQh5qF
BVP0TRiUjJsolHZdIVPfkMTcBRNm8GepvS0XJxVDYFpv8lgejg0wJZMWW3nXt2eC
P4QbWKxw844XP0q3Yk+1Nl4Vb6p9znbO2CMfDJUu6u0h/0WFp/I=
=NU7S
-----END PGP SIGNATURE-----
pgpo2PWUwaMna.pgp
Description: PGP signature
--- End Message ---
