Your message dated Tue, 27 Jan 2015 17:19:00 +0000 with message-id <e1yg9n2-00088s...@franck.debian.org> and subject line Bug#775776: fixed in polarssl 1.3.9-2.1 has caused the Debian Bug report #775776, regarding polarssl: CVE-2015-1182: Remote attack using crafted certificates to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 775776: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775776 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: polarssl Version: 1.3.9-2 Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for polarssl. CVE-2015-1182[0]: Remote attack using crafted certificates If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-1182 [1] https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: polarssl Source-Version: 1.3.9-2.1 We believe that the bug you reported is fixed in the latest version of polarssl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 775...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated polarssl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 21 Jan 2015 22:09:05 +0100 Source: polarssl Binary: libpolarssl-dev libpolarssl-runtime libpolarssl7 Architecture: source amd64 Version: 1.3.9-2.1 Distribution: unstable Urgency: high Maintainer: Roland Stigge <sti...@antcom.de> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: libpolarssl-dev - lightweight crypto and SSL/TLS library libpolarssl-runtime - lightweight crypto and SSL/TLS library libpolarssl7 - lightweight crypto and SSL/TLS library Closes: 775776 Changes: polarssl (1.3.9-2.1) unstable; urgency=high . * Non-maintainer upload. * Add CVE-2015-1182.patch patch. CVE-2015-1182: Denial of service and possible remote code execution using crafted certificates. (Closes: #775776) Checksums-Sha1: d8f9dacdfe1e00c0cb41319b40fae41307750a57 1833 polarssl_1.3.9-2.1.dsc 13fb803bac2b1e3a83ec90ab7f7cf753a0b5ada6 5612 polarssl_1.3.9-2.1.debian.tar.xz Checksums-Sha256: 017aa7fce9f8d61df4d0a4f5fbb9c91a5c1a797999e1672737bc324ea6e8dbe5 1833 polarssl_1.3.9-2.1.dsc 99ff3fb51beca52bc6b522e0ce42a95d424f67146223e58726fbc5a99ec522e8 5612 polarssl_1.3.9-2.1.debian.tar.xz Files: 7ae3d2b06b11bdb6e33f6cfe483d8199 1833 libs optional polarssl_1.3.9-2.1.dsc 5a1f98fc7c48751d2912d115981dcb18 5612 libs optional polarssl_1.3.9-2.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJUwSvUAAoJEAVMuPMTQ89E/kIP/1PLKNLpyu6CkAM1LcVaJELD oKnGUE6Nmb/832CE9oPwnwz412ds3EyofR7ATr1dNnShcpgzw0iho5sBqKmjdMkd f8RWcdkknTturZKj9JkOa927/FDcVURCGtUaYRfVVYk2LUX71qjvNEKdMARr60jk 57AWBPWKtDBEpDs67lavL/+W4FoOgQujEDySQFQsuVpkPWOg+Bj/LaE7TBkz0NEE ePaN38/gOgQcjr7zp4fFK+KfOV9B5Q5DHSk7wiWhsCvBhqXlqKC39oFfPeRBzWjt 6V61OToDP+0yb3vkG1d+z3yLRPqss2SZ5+HT02Nq9t/jt50uJGn7Wy5C+nW8NYOc lvjRlyecdeIgQ7p4VQ8oA5cACdcz46C3SZZua7Sx7ek0yfTlYTnxV5XpYSuyJnV9 BgnI20o4fZl5suNcA0lZVa2J/s0jJUBg3+RiC0dJFUB4NDFCTTypt7jp+w6DPX3a 5VYERWqL4Pe26+QJ8rFJg2dMO+Nh2jAIVRLT8s+DM8CVKFVRCdvZjSrrF7P+7g9l r3tZC7WUQsf39HA/qwJhaEPsQaGzQtDGl3aCQ+5hmDkFqfHT8pyxVbEtyCnd/dI9 BvjlQCsd/AV6q41WIeXXirZoPNuh50Nvqn2auKUoLzjYOGinCa9FykMtliGYO14O udKOzRvMffzQ55S1kU5v =TCvG -----END PGP SIGNATURE-----
--- End Message ---
