Your message dated Wed, 20 Aug 2014 19:02:05 +0000 with message-id <e1xkb93-00027u...@franck.debian.org> and subject line Bug#756651: fixed in gpgme1.0 1.2.0-1.4+deb7u1 has caused the Debian Bug report #756651, regarding gpgme1.0: CVE-2014-3564: heap-based buffer overflow in gpgsm status handler to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 756651: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756651 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: gpgme1.0 Version: 1.5.0-0.1 Severity: grave Tags: security upstream fixed-upstream patch Hi, the following vulnerability was published for gpgme1.0. (filling with severity grave, but not sure if this can only be used for DoS). CVE-2014-3564[0]: heap-based buffer overflow in gpgsm status handler If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2014-3564 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1113267 [2] http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: gpgme1.0 Source-Version: 1.2.0-1.4+deb7u1 We believe that the bug you reported is fixed in the latest version of gpgme1.0, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 756...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated gpgme1.0 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 14 Aug 2014 09:39:43 +0200 Source: gpgme1.0 Binary: libgpgme11-dev libgpgme11 Architecture: source amd64 Version: 1.2.0-1.4+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Jose Carlos Garcia Sogo <js...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: libgpgme11 - GPGME - GnuPG Made Easy libgpgme11-dev - GPGME - GnuPG Made Easy Closes: 756651 Changes: gpgme1.0 (1.2.0-1.4+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * Add CVE-2014-3564.dpatch patch. CVE-2014-3564: heap-based buffer overflow in gpgsm status handler. (Closes: #756651) Checksums-Sha1: 1f40d73a32eb234c070e623594a0ae0b39d1af19 1931 gpgme1.0_1.2.0-1.4+deb7u1.dsc 21ac8faf6cd47162940d576cf1b9a8c245e8424e 1114846 gpgme1.0_1.2.0.orig.tar.gz 5aee0778bbcea3a742c156d9a22b54bc20715452 593932 gpgme1.0_1.2.0-1.4+deb7u1.diff.gz 4c82fb93c2ebc145321ab0d7a216021b74433fe3 586258 libgpgme11-dev_1.2.0-1.4+deb7u1_amd64.deb ac34a3ed134f2bac1671cd94866b549ef9b0989c 349076 libgpgme11_1.2.0-1.4+deb7u1_amd64.deb Checksums-Sha256: 2108b886272fe8d5d22d9a33d38eaf5f8ee9f9c3453892b3ea143480575295cc 1931 gpgme1.0_1.2.0-1.4+deb7u1.dsc b57e48e71ca507ef7ec1acc2370e007dee36a60ac26699102f35a4312c121f77 1114846 gpgme1.0_1.2.0.orig.tar.gz 20a553e8ccf3254588be1b376a75d5f4fc0e0b488f14f6e98d6ccd7ba7e85cd7 593932 gpgme1.0_1.2.0-1.4+deb7u1.diff.gz c3403e8e63626a85b545ca63c006725b9aeb73c4e65140bd1ad55c974dfb34b0 586258 libgpgme11-dev_1.2.0-1.4+deb7u1_amd64.deb d49c90be3857cc89b8fc200191dffba76e65f82200f64696df4e861d558ab6c0 349076 libgpgme11_1.2.0-1.4+deb7u1_amd64.deb Files: 91ad91fb06e22ea4cda727da9bd86662 1931 libdevel optional gpgme1.0_1.2.0-1.4+deb7u1.dsc 3164bbbd49f94863f2849f39c343521e 1114846 libdevel optional gpgme1.0_1.2.0.orig.tar.gz 4b6e892f75f65b99234b18bfefd25587 593932 libdevel optional gpgme1.0_1.2.0-1.4+deb7u1.diff.gz 0277a180ace8c44e79d2a3f9f400b2d7 586258 libdevel optional libgpgme11-dev_1.2.0-1.4+deb7u1_amd64.deb c8b0f58acbc95ef178785bcf5c13e70b 349076 libs optional libgpgme11_1.2.0-1.4+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJT7HvVAAoJEAVMuPMTQ89EUWgP/3ti0VJE14Z0Dif9S+rr7ALA FHnQhC9Xl/ydi8UfiESF4HB00X+f73AyW2bQZudWe/cg/SztHSUA+57lxe8gZ+56 5E3nUoRhF3hMbLDBXmKHavM8AV07VDG/o/txI63y9nBUFdyPMIzClZ0AAg764onX 11FHN5sjJV9Q6DHrIm2+Kch4qHpPKUTLBwduYsaOhfUOrJK8jXcKUoLmoOSRF9Ja utvfv+HsiJ6Wssps4GX3kb+TwUcLALmMsOjXeb7PjkxUYjLmtFvpb9sOc/AoaMJf DX/spK21sKYCctyK0y/v92AKUMqlEMR/j+UOVmC22/4dYwF8AvCPUc+Nn6vsvJB/ ChkojQmVB9+WFYhYE4n+gAgsHePPASyiyTJlAbxRoGN+H4W0Xb0VA1W//yCXdPbg +W5MYPkhZymJWTVwGyHJmQPWLq7ft2iL8zgmweXTi8wnZUMsD3eg7DfUuvHJlkxI ME7R9O9MPlN2HZ0NLQNFFGMH/cfD2JDibydNp9sxDJcdz+/W2aGJW2ddh/Xb3Nyu NEko2oSubiyt6Bd9NiSnwqBPP2z2Hjes/GNziu1Z3gc7pRonFD6+cwOoskQD0s25 D1pFsTu6Jjnx2rp6HJc2VQv/tUQK23aiJPCKcB5BtNJN7ZlXU+ItGUrkpayJ7KjO LWMZ5xaV2XHKxNlSGdty =eS/1 -----END PGP SIGNATURE-----
--- End Message ---
