Your message dated Mon, 17 Jun 2024 16:47:35 +0000
with message-id <e1sjfw3-0007sn...@fasolo.debian.org>
and subject line Bug#1069127: fixed in python-idna 2.10-1+deb11u1
has caused the Debian Bug report #1069127,
regarding python-idna: CVE-2024-3651
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1069127: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069127
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: python-idna
Version: 3.6-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for python-idna.
CVE-2024-3651[0]:
| potential DoS via resource consumption via specially crafted inputs to
| idna.encode()
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-3651
https://www.cve.org/CVERecord?id=CVE-2024-3651
[1] https://github.com/kjd/idna/security/advisories/GHSA-jjg7-2v4v-x38h
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: python-idna
Source-Version: 2.10-1+deb11u1
Done: Guilhem Moulin <guil...@debian.org>
We believe that the bug you reported is fixed in the latest version of
python-idna, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1069...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guilhem Moulin <guil...@debian.org> (supplier of updated python-idna package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 30 May 2024 13:49:43 +0200
Source: python-idna
Architecture: source
Version: 2.10-1+deb11u1
Distribution: bullseye
Urgency: high
Maintainer: Debian Python Modules Team
<python-modules-t...@lists.alioth.debian.org>
Changed-By: Guilhem Moulin <guil...@debian.org>
Closes: 1069127
Changes:
python-idna (2.10-1+deb11u1) bullseye; urgency=high
.
* Non-maintainer upload.
* Fix CVE-2024-3651: Specially crafted inputs to idna.encode() can consume
significant resources, which may lead to denial of service.
(Closes: #1069127)
Checksums-Sha1:
5078ff8525f7d449109cb599573b6d5d30bb60cf 2116 python-idna_2.10-1+deb11u1.dsc
54bc51fbad2f24dd5e3313bcd0d0e4201daf4e03 8552
python-idna_2.10-1+deb11u1.debian.tar.xz
af7ad28eb67bd41bd2df5507959f2cf227c8b9d4 6732
python-idna_2.10-1+deb11u1_amd64.buildinfo
Checksums-Sha256:
b8316aa6f8500e7d6bd1c0dd0ec3cf02f90e5ad3fc56f3475c8e471f65e8fb76 2116
python-idna_2.10-1+deb11u1.dsc
65fe25d1abe8edfa9bbe8aa84117c013a4734c5ae3c012f1a8b89d59ac231e33 8552
python-idna_2.10-1+deb11u1.debian.tar.xz
56fe557988c48117316b12e70ad3fcdeb6d64521e4bea0ce67385cd484739c03 6732
python-idna_2.10-1+deb11u1_amd64.buildinfo
Files:
77a7398fc5b31678902001c823fd955c 2116 python optional
python-idna_2.10-1+deb11u1.dsc
257440bfc2013b7fb9270f3757f9ba0c 8552 python optional
python-idna_2.10-1+deb11u1.debian.tar.xz
77bc60706086aea91a14fa1ccd57583b 6732 python optional
python-idna_2.10-1+deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmZYbikACgkQ05pJnDwh
pVLw5BAAzLRORNw5L5k2FtGg/xfxKcHa9kyQin7eBuj8lqTHJIVA5x9+onam8w0n
61xPMfFpLuMUYsDGYZ+Js9yz6+c22L8mnIHjHKF2XVk0pLcF1yVee6pTp0cJqB1z
blJ3fnRFt4uoFHclEGwK6vOaoLvWajm0Il3hNnhiJJmmGDcmPBc9C2o2PCDRI20L
NzB84CNprdp4IVhqSBKuyt+49+VXNIO2txFD/yifq9IbYQC7xHiKIETpAGlgorVD
tbmK8FADD/8uX/XInKMuOL0+UxPyy/Qw8EX3r5OlIpRtfORpr4Q6ljvZTyPjyeQ2
CumGsoyrYCXuxU//6m2JtZ/Q0Q3J4mOQfaAkGJ1oFeXjG7PBR1RFncnOiGh2nIHU
uXBg9TUYFo6R2e2QcJ74Fctr2/q/ksi8XEYN49GyZeo9PuhKa07YyQxPgi8MzSpb
ady/rpfVOilXE3TYqyjOrSeEJpfWY0RfvF881IB0W9Y5ZnIpmYx0UivcDHH5Ybj3
/JVZZ2QruZ1LtzObfLU3A2dCk5KGmNn/nWyvrvkcZukB9bUTQ3QDjwY1bkCmXZau
we6J54ZsY1yhIGxeJHNdv6o2RX0hkfOvkf83xt/PTF77ic/sP8gov63tA3Bo6xO+
Xxx2PfvYrKFS1CxYKNOO1j3QPr7x/JD1qUm6w1N8OPxgG8o4oDw=
=sY69
-----END PGP SIGNATURE-----
pgpXsjyTswfBP.pgp
Description: PGP signature
--- End Message ---
