Your message dated Tue, 04 Jun 2024 13:34:15 +0000
with message-id <e1seuip-003upe...@fasolo.debian.org>
and subject line Bug#1069127: fixed in python-idna 3.6-2.1
has caused the Debian Bug report #1069127,
regarding python-idna: CVE-2024-3651
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1069127: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069127
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: python-idna
Version: 3.6-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for python-idna.
CVE-2024-3651[0]:
| potential DoS via resource consumption via specially crafted inputs to
| idna.encode()
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-3651
https://www.cve.org/CVERecord?id=CVE-2024-3651
[1] https://github.com/kjd/idna/security/advisories/GHSA-jjg7-2v4v-x38h
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: python-idna
Source-Version: 3.6-2.1
Done: Guilhem Moulin <guil...@debian.org>
We believe that the bug you reported is fixed in the latest version of
python-idna, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1069...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guilhem Moulin <guil...@debian.org> (supplier of updated python-idna package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 30 May 2024 14:55:00 +0200
Source: python-idna
Architecture: source
Version: 3.6-2.1
Distribution: unstable
Urgency: high
Maintainer: Debian Python Team <team+pyt...@tracker.debian.org>
Changed-By: Guilhem Moulin <guil...@debian.org>
Closes: 1069127
Changes:
python-idna (3.6-2.1) unstable; urgency=high
.
* Non-maintainer upload.
* Fix CVE-2024-3651: Specially crafted inputs to idna.encode() can consume
significant resources, which may lead to denial of service.
(Closes: #1069127)
Checksums-Sha1:
f7452118195a31ae23857c9203ab6bf33c610160 2092 python-idna_3.6-2.1.dsc
6a0fc9807bfe19d133f2f10a5fd866a7b5d8b9fe 8888 python-idna_3.6-2.1.debian.tar.xz
1372afd0cc56e8583bac5720d9753bf985f337fd 7282
python-idna_3.6-2.1_amd64.buildinfo
Checksums-Sha256:
3922d4123d6e8892bfb3cfc6c6a3cdf6da8304b5231ef8d50e87a54b2f3c7617 2092
python-idna_3.6-2.1.dsc
79ba27ab76a766d036c8957d2e4a62b39a07ba86bd827443f0440534ca5a3710 8888
python-idna_3.6-2.1.debian.tar.xz
eec838d530c2cfbf3b10e22d0eab19487d10aae615fa7bb8051e887ad066a362 7282
python-idna_3.6-2.1_amd64.buildinfo
Files:
0af4917bb0daa9341df2653a4ae272b9 2092 python optional python-idna_3.6-2.1.dsc
424dcb0fb52b0bc0d871a24b26070ce1 8888 python optional
python-idna_3.6-2.1.debian.tar.xz
5c82a2b7aced88f3287a4e10fed5b128 7282 python optional
python-idna_3.6-2.1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmZYd2UACgkQ05pJnDwh
pVLnqhAAybQv+zHyhFKSIZYqZAfIED+ZaeIfBCRQgXtLMO3RSVKOATcJXMi1u2N0
unEvjR6JrQi7HAo6UwWYXKIWN9Buoumx+xrZ/IC8ZZ0qxW5ic6EYLPf35nMl2WkD
JJ3GLd9zR00OPGn886Ty52zHeYrfPrr/k+Nf6NpuUG2Zi030B93qxS/5N1LW74Zn
muksGLl/T9/8m82liKHp/q/Nri+DB4eR68vJ9vU3jqFU5bLJoixB97DPl6u/HLrL
+yHo0t/AXGUyvrvMwJ7H5QjB7BtVaI2rSgH8oKNXOXq9nG1urQPg1q++QhHzB9gm
SpGZ14ExeUwZwAoJQTR5JlYUV5rrW8NcPwaFeYLC8+ck+EDX0HtfkZRBvhFZ/i9i
jcBualKDgutxf2m3ereX8z2LJYb/BpJj+SEA6InADt2Z0j9zRP5wSJwjhUHo+69R
UCF0DSg0jNddvxJ3XU+sIwpVoHrIhOBg54F+mjo6MZzF3IYq5pzjg9uZg8x2k/mP
GlBlaEZI4blKnUkRRKv2+Rdd88zDnDNqmpJauQhfDQMaViscd3PMNJzrT+h9DlOa
nGBsOEcyqY//wzEx86zOfar8jXWcYkMPWKQ+wlMFvsNdQPdBs4XgylBC6h4dJmR0
IpGpN9/Ehi0wD/OybNnRxrTcm0nooRqD9BABiDjRrZHTzQJKnO8=
=hs2y
-----END PGP SIGNATURE-----
pgpu3Xk2oSL2e.pgp
Description: PGP signature
--- End Message ---
