Your message dated Fri, 20 Dec 2013 15:49:50 +0000 with message-id <e1vu2kk-0004sj...@franck.debian.org> and subject line Bug#732705: fixed in gnupg 1.4.15-3 has caused the Debian Bug report #732705, regarding gnupg: Patch for CVE-2013-4576 not being applied in 1.4.15-2 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 732705: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732705 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: gnupg Severity: normal Tags: security gnupg 1.4.15-2 claims to fix CVE-2013-4576, but the patch isn't actually being applied during build. It is in the wrong directory, and isn't listed in the series file.
--- End Message ---
--- Begin Message ---Source: gnupg Source-Version: 1.4.15-3 We believe that the bug you reported is fixed in the latest version of gnupg, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 732...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thijs Kinkhorst <th...@debian.org> (supplier of updated gnupg package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 20 Dec 2013 15:41:30 +0100 Source: gnupg Binary: gnupg gnupg-curl gpgv gnupg-udeb gpgv-udeb gpgv-win32 Architecture: source all amd64 Version: 1.4.15-3 Distribution: unstable Urgency: high Maintainer: Debian GnuPG-Maintainers <pkg-gnupg-ma...@lists.alioth.debian.org> Changed-By: Thijs Kinkhorst <th...@debian.org> Description: gnupg - GNU privacy guard - a free PGP replacement gnupg-curl - GNU privacy guard - a free PGP replacement (cURL) gnupg-udeb - GNU privacy guard - a free PGP replacement (udeb) gpgv - GNU privacy guard - signature verification tool gpgv-udeb - minimal signature verification tool (udeb) gpgv-win32 - GNU privacy guard - signature verification tool (win32 build) Closes: 732705 Changes: gnupg (1.4.15-3) unstable; urgency=high . * Actually apply patch for CVE-2013-4576 (closes: #732705). Thanks Marc Deslauriers for reporting. Checksums-Sha1: f2c6c8b52c55784ffa413d6976bb8f1b02721708 1968 gnupg_1.4.15-3.dsc c540d2e9948d240b205bae4db2fe20667e2e901e 32210 gnupg_1.4.15-3.debian.tar.gz 51c55e36a4356d77ce971185b8c50b8ff4c94c7a 547000 gpgv-win32_1.4.15-3_all.deb 0a9cb122e77e45442e88c60fa99f98d4a48591eb 1127048 gnupg_1.4.15-3_amd64.deb 373c875cad51386be1398a0dd7c9e429ab55b7e1 61226 gnupg-curl_1.4.15-3_amd64.deb e6c92b09dd37614630c5bd20fd53bb66ac0fb1ae 201464 gpgv_1.4.15-3_amd64.deb bde9018814578143baccf344bee43758f23ac5b4 353334 gnupg-udeb_1.4.15-3_amd64.udeb e0fe22a435cfe9733056e9511c6e7f559010ebbb 130334 gpgv-udeb_1.4.15-3_amd64.udeb Checksums-Sha256: 11c5d4854cc9cea587615c6332664a1c60532cd00852b88d7bfc877bb3846b30 1968 gnupg_1.4.15-3.dsc 42c4435ce0ac825acb0252423bbf345fe1d86ce854bd9aa8cc705e2cbcdd3538 32210 gnupg_1.4.15-3.debian.tar.gz 7a2b119147a031b688eb8e98ee38c8e260f4f3a89af877927e2a7629d6d45e4e 547000 gpgv-win32_1.4.15-3_all.deb ac758411cea9231b6e66104d185c229bed241e2d1789027302c5f3d6fc64cbf8 1127048 gnupg_1.4.15-3_amd64.deb 4a23663f746942fb893045760a4ce579adfee775dd07846f51e1d022f90406cd 61226 gnupg-curl_1.4.15-3_amd64.deb a270e74c04ae90f2e3fb6c3709f2d414c85c0576f83ce4d8c56572d52eaed6ba 201464 gpgv_1.4.15-3_amd64.deb 2615acce267b5321bb71ab80070a340f94c0cba11f1095ba6bb08bec8999c616 353334 gnupg-udeb_1.4.15-3_amd64.udeb 873f0ad028495190687e2e7ae0b20c6c2a89a5afdac2cef40e3171b7976af235 130334 gpgv-udeb_1.4.15-3_amd64.udeb Files: c21947dc4813b10bb0430573f01c1fe6 1968 utils important gnupg_1.4.15-3.dsc 0fcb66ed698c3937040b9314f7407c19 32210 utils important gnupg_1.4.15-3.debian.tar.gz c9c4e00c93367e3436ae9022ea510c4d 547000 utils extra gpgv-win32_1.4.15-3_all.deb f9b38df402fb5d38b2c80b1ebfb670ad 1127048 utils important gnupg_1.4.15-3_amd64.deb 7014955207dfcedd2f3810b581e981f1 61226 utils optional gnupg-curl_1.4.15-3_amd64.deb 61fe64baa5891aec1492fd0ee46db5d8 201464 utils important gpgv_1.4.15-3_amd64.deb e7141f93a8461cf659e401136ace62ed 353334 debian-installer extra gnupg-udeb_1.4.15-3_amd64.udeb 0da489d045c0f31003c1f493325084aa 130334 debian-installer extra gpgv-udeb_1.4.15-3_amd64.udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJStGDsAAoJEFb2GnlAHawEh0MH/iozS2EpMRGvGTFK9HUIVj7b aw+FmqkDnwqfrU5e1j2zQP62ltDNI1ZTpmrSZ4i5YjOI/kf9vZpXM/9HeWwAhe3V GYOqEtqCfNTCFZ9AyRglJ+UQ3faGXfdtNjbbgDyBKUn+Kz9nv0RFkbSzWvpOV+ok v7KDPMXBAT49il2pW2siEdQNwhuCI7HbK+7LwaDQ86oZgMhpEChLXitxmsZEwt/W 62WGq9nF+V7F/3RIqyk6OJeV0zppqkm3gNORqS5Wc9yisfxVC9nEjnDkylysMY2y Z8hSkPg2crRedtEE1GKo9gXDhwcLkhwWMPVDhrn2fRDQ+r2/RNlF+QzhFQwTMGE= =Xsu3 -----END PGP SIGNATURE-----
--- End Message ---
