Your message dated Tue, 04 Jun 2024 13:34:15 +0000 with message-id <e1seuip-003upe...@fasolo.debian.org> and subject line Bug#1069127: fixed in python-idna 3.6-2.1 has caused the Debian Bug report #1069127, regarding python-idna: CVE-2024-3651 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1069127: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069127 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: python-idna Version: 3.6-2 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for python-idna. CVE-2024-3651[0]: | potential DoS via resource consumption via specially crafted inputs to | idna.encode() If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-3651 https://www.cve.org/CVERecord?id=CVE-2024-3651 [1] https://github.com/kjd/idna/security/advisories/GHSA-jjg7-2v4v-x38h Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: python-idna Source-Version: 3.6-2.1 Done: Guilhem Moulin <guil...@debian.org> We believe that the bug you reported is fixed in the latest version of python-idna, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1069...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Guilhem Moulin <guil...@debian.org> (supplier of updated python-idna package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 30 May 2024 14:55:00 +0200 Source: python-idna Architecture: source Version: 3.6-2.1 Distribution: unstable Urgency: high Maintainer: Debian Python Team <team+pyt...@tracker.debian.org> Changed-By: Guilhem Moulin <guil...@debian.org> Closes: 1069127 Changes: python-idna (3.6-2.1) unstable; urgency=high . * Non-maintainer upload. * Fix CVE-2024-3651: Specially crafted inputs to idna.encode() can consume significant resources, which may lead to denial of service. (Closes: #1069127) Checksums-Sha1: f7452118195a31ae23857c9203ab6bf33c610160 2092 python-idna_3.6-2.1.dsc 6a0fc9807bfe19d133f2f10a5fd866a7b5d8b9fe 8888 python-idna_3.6-2.1.debian.tar.xz 1372afd0cc56e8583bac5720d9753bf985f337fd 7282 python-idna_3.6-2.1_amd64.buildinfo Checksums-Sha256: 3922d4123d6e8892bfb3cfc6c6a3cdf6da8304b5231ef8d50e87a54b2f3c7617 2092 python-idna_3.6-2.1.dsc 79ba27ab76a766d036c8957d2e4a62b39a07ba86bd827443f0440534ca5a3710 8888 python-idna_3.6-2.1.debian.tar.xz eec838d530c2cfbf3b10e22d0eab19487d10aae615fa7bb8051e887ad066a362 7282 python-idna_3.6-2.1_amd64.buildinfo Files: 0af4917bb0daa9341df2653a4ae272b9 2092 python optional python-idna_3.6-2.1.dsc 424dcb0fb52b0bc0d871a24b26070ce1 8888 python optional python-idna_3.6-2.1.debian.tar.xz 5c82a2b7aced88f3287a4e10fed5b128 7282 python optional python-idna_3.6-2.1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmZYd2UACgkQ05pJnDwh pVLnqhAAybQv+zHyhFKSIZYqZAfIED+ZaeIfBCRQgXtLMO3RSVKOATcJXMi1u2N0 unEvjR6JrQi7HAo6UwWYXKIWN9Buoumx+xrZ/IC8ZZ0qxW5ic6EYLPf35nMl2WkD JJ3GLd9zR00OPGn886Ty52zHeYrfPrr/k+Nf6NpuUG2Zi030B93qxS/5N1LW74Zn muksGLl/T9/8m82liKHp/q/Nri+DB4eR68vJ9vU3jqFU5bLJoixB97DPl6u/HLrL +yHo0t/AXGUyvrvMwJ7H5QjB7BtVaI2rSgH8oKNXOXq9nG1urQPg1q++QhHzB9gm SpGZ14ExeUwZwAoJQTR5JlYUV5rrW8NcPwaFeYLC8+ck+EDX0HtfkZRBvhFZ/i9i jcBualKDgutxf2m3ereX8z2LJYb/BpJj+SEA6InADt2Z0j9zRP5wSJwjhUHo+69R UCF0DSg0jNddvxJ3XU+sIwpVoHrIhOBg54F+mjo6MZzF3IYq5pzjg9uZg8x2k/mP GlBlaEZI4blKnUkRRKv2+Rdd88zDnDNqmpJauQhfDQMaViscd3PMNJzrT+h9DlOa nGBsOEcyqY//wzEx86zOfar8jXWcYkMPWKQ+wlMFvsNdQPdBs4XgylBC6h4dJmR0 IpGpN9/Ehi0wD/OybNnRxrTcm0nooRqD9BABiDjRrZHTzQJKnO8= =hs2y -----END PGP SIGNATURE-----pgpu3Xk2oSL2e.pgp
Description: PGP signature
--- End Message ---