Bug#587445: marked as done (CVE-2010-2074)

Sat, 03 Jul 2010 09:57:30 -0700 

Your message dated Sat, 03 Jul 2010 16:54:07 +0000
with message-id <e1ov5yh-0004ai...@franck.debian.org>
and subject line Bug#587445: fixed in w3m 0.5.2-5
has caused the Debian Bug report #587445,
regarding CVE-2010-2074
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
587445: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=587445
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: w3m
Severity: grave
Tags: security

Hi,
several applications fail to correct SSL certificates properly
and w3m is among them:
http://www.openwall.com/lists/oss-security/2010/06/14/4

This has been assigned CVE-2010-2074.

The impact of this bug doesn't warrant a DSA, but you can still
fix in in Lenny through a stable point update:
http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages w3m depends on:
ii  libc6                   2.10.2-9         Embedded GNU C Library: Shared lib
pn  libgc1c2                <none>           (no description available)
ii  libgpm2                 1.20.4-3.3       General Purpose Mouse - shared lib
ii  libncurses5             5.7+20100313-2   shared libraries for terminal hand
ii  libssl0.9.8             0.9.8n-1         SSL shared libraries
ii  zlib1g                  1:1.2.3.4.dfsg-3 compression library - runtime

Versions of packages w3m recommends:
ii  ca-certificates               20090814   Common CA certificates

Versions of packages w3m suggests:
ii  man-db                        2.5.7-3    on-line manual pager
ii  menu                          2.1.43     generates programs menu for all me
pn  migemo                        <none>     (no description available)
ii  mime-support                  3.48-1     MIME files 'mime.types' & 'mailcap
pn  w3m-el                        <none>     (no description available)
pn  w3m-img                       <none>     (no description available)

--- End Message ---
--- Begin Message --- 
Source: w3m
Source-Version: 0.5.2-5

We believe that the bug you reported is fixed in the latest version of
w3m, which is due to be installed in the Debian FTP archive:

w3m-img_0.5.2-5_i386.deb
  to main/w/w3m/w3m-img_0.5.2-5_i386.deb
w3m_0.5.2-5.debian.tar.gz
  to main/w/w3m/w3m_0.5.2-5.debian.tar.gz
w3m_0.5.2-5.dsc
  to main/w/w3m/w3m_0.5.2-5.dsc
w3m_0.5.2-5_i386.deb
  to main/w/w3m/w3m_0.5.2-5_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 587...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Tatsuya Kinoshita <t...@debian.org> (supplier of updated w3m package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 03 Jul 2010 19:08:07 +0900
Source: w3m
Binary: w3m w3m-img
Architecture: source i386
Version: 0.5.2-5
Distribution: unstable
Urgency: high
Maintainer: Tatsuya Kinoshita <t...@debian.org>
Changed-By: Tatsuya Kinoshita <t...@debian.org>
Description: 
 w3m        - WWW browsable pager with excellent tables/frames support
 w3m-img    - inline image extension support utilities for w3m
Closes: 587445
Changes: 
 w3m (0.5.2-5) unstable; urgency=high
 .
   * debian/patches/60_check-null-cn.patch: Patch to check for null bytes
     in CN/subjAltName, provided by Ludwig Nussel. (Closes: #587445)
     [CVE-2010-2074]
   * debian/patches/70_ssl-init.patch: Patch to force ssl_verify_server on
     and disable SSLv2 support, provided by Ludwig Nussel.
   * debian/patches/*: Renumbered.
   * debian/control: Update Standards-Version to 3.9.0.
Checksums-Sha1: 
 7f8c1dc0fe55f3f8f9e2d3459abf7e45aed36a8a 1136 w3m_0.5.2-5.dsc
 c1896fcf36078cb20c85a309fe6dd3dd43269557 40778 w3m_0.5.2-5.debian.tar.gz
 aec127ac1cb1697fc9d0d09e063d839f888eba6c 1113178 w3m_0.5.2-5_i386.deb
 383e1313a5b48749b8a6abfefced3b1ae1c8be8d 96906 w3m-img_0.5.2-5_i386.deb
Checksums-Sha256: 
 6f0d19670c5df5a3a5a4a8a3b8b7cc34a8b6fa15e8b4ded547e2a7544a6be0cc 1136 
w3m_0.5.2-5.dsc
 f55a749e52faa08c3d4202729aa3a75c06c5e58b75177d68ebfa97421b7ff018 40778 
w3m_0.5.2-5.debian.tar.gz
 3b26ac35f09596a1f8d7bacf456f6379f1b2eb90844daf9e969277356f21fc62 1113178 
w3m_0.5.2-5_i386.deb
 d859fad5959e6834f732836fcca1033f2b5234fadd9819405e5d4f914a7c92cd 96906 
w3m-img_0.5.2-5_i386.deb
Files: 
 ba9c257d38e534b612c14da17c1f0a3c 1136 web standard w3m_0.5.2-5.dsc
 721e705d8b7376b0bb67fb8deec9dfba 40778 web standard w3m_0.5.2-5.debian.tar.gz
 c720053bdc5a7faf73e8c9f0c741b142 1113178 web standard w3m_0.5.2-5_i386.deb
 2617b6978cfc04d9d7541629f096114e 96906 web optional w3m-img_0.5.2-5_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkwvEB8ACgkQgV4LPvpMUpi87wCePaAbA84aAq9SfLs72hB+KFud
41kAn1cEe6Z3Kzv5xLet4EIUPLNizoSg
=pv7l
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to