Your message dated Mon, 29 Aug 2016 16:21:10 +0000 with message-id <e1bepj8-0005ip...@franck.debian.org> and subject line Bug#834893: fixed in gnupg1 1.4.21-1 has caused the Debian Bug report #834893, regarding gnupg: CVE-2016-6313: RNG prediction vulnerability to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 834893: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834893 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: gnupg Version: 1.4.12-1 Severity: grave Tags: security upstream patch fixed-upstream Control: fixed -1 1.4.18-7+deb8u2 Hi, the following vulnerability was published for gnupg. CVE-2016-6313[0]: libgcrypt: PRNG output is predictable If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-6313 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: gnupg1 Source-Version: 1.4.21-1 We believe that the bug you reported is fixed in the latest version of gnupg1, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 834...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Daniel Kahn Gillmor <d...@fifthhorseman.net> (supplier of updated gnupg1 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 29 Aug 2016 10:03:15 -0400 Source: gnupg1 Binary: gnupg1 gnupg1-curl gpgv1 gpgv1.4-udeb gnupg1-l10n Architecture: source Version: 1.4.21-1 Distribution: unstable Urgency: medium Maintainer: Debian GnuPG-Maintainers <pkg-gnupg-ma...@lists.alioth.debian.org> Changed-By: Daniel Kahn Gillmor <d...@fifthhorseman.net> Description: gnupg1 - GNU privacy guard - a free PGP replacement ("classic" version) gnupg1-curl - GNU privacy guard - a free PGP replacement (cURL helpers for "cla gnupg1-l10n - GNU privacy guard "classic" - localization files gpgv1 - GNU privacy guard - signature verification tool ("classic" versio gpgv1.4-udeb - minimal signature verification tool (udeb) Closes: 806494 834757 834893 Changes: gnupg1 (1.4.21-1) unstable; urgency=medium . * new upstream release (Closes: #834893) * drop already upstreamed patches, refresh remainder * build reproducibly (Closes: #806494) * gnupg1 is Priority: extra (Closes: #834757) Checksums-Sha1: dd110e2a95020d1f765cdd4d4e7a5f96d5ad5534 2474 gnupg1_1.4.21-1.dsc e3bdb585026f752ae91360f45c28e76e4a15d338 3689305 gnupg1_1.4.21.orig.tar.bz2 0669b04a617b7d91c1e69d7565748efa6393eba4 32836 gnupg1_1.4.21-1.debian.tar.xz Checksums-Sha256: 9c0b7672cf68070b715a9694d656bc759b790b4754252046a33b4d06c083e51c 2474 gnupg1_1.4.21-1.dsc 6b47a3100c857dcab3c60e6152e56a997f2c7862c1b8b2b25adf3884a1ae2276 3689305 gnupg1_1.4.21.orig.tar.bz2 20648f68e91b54e7cabbec6cf219be70b6a84c2d8ead4522077a227f1f3717a0 32836 gnupg1_1.4.21-1.debian.tar.xz Files: 8e76e0b7deded18e37b615db34d1e14a 2474 utils extra gnupg1_1.4.21-1.dsc 9bdeabf3c0f87ff21cb3f9216efdd01d 3689305 utils extra gnupg1_1.4.21.orig.tar.bz2 3ff8c347d12a2d55685beffb8dfe9739 32836 utils extra gnupg1_1.4.21-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9BQJXxErOXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFREIyRTc0RjU2RkNGMkI2NzI5N0I3MzUy NEVDRkY1QUZGNjgzNzBBFhxka2dAZmlmdGhob3JzZW1hbi5uZXQACgkQJOz/Wv9o NwqJbw/+LJRypGZjQQdOEb5LXkUolyNmKL90nRf30p4ANFnaXgLsMnyIt2PreU5y SL/bTfzzlPu0CzRll1/qmyvRVOh4To6UepbmdE9T9fzqduzmXUrl1ijs3pD6lv19 NmXNuYDgyWdyOpbTmYdPPKhUqalEwusFSl7W2+jFCCKcINrM+v7cwVnGqQEt3U7m onICZVXZLrxbdrT6dgp4JRzvMT/cKdPgsMSJM1oxZ0tHJyflqQKb+WLyFLxPvJgL NzOha/aCpyAN0L9NlnBgjYMRk5VXWAXS/iCBlBmXAG9rDhYZnQjEaV/OyUOaae2E AhdC1MdgPJFVqWQDe0sraUAmeKUlsl1Adu/AQCUYLhqZCr/VdNuaTB/LW4dlTg/P J46cEPuW+1xyceKRWATrV93hkX0eZc1OrhtRNjfFbexNfY4r54jut9g5CLTC7Lbd 57Kmyg9WqUXKUjs2XeU931tHCGrWm1uJxNWNT8GOMqKl+M5hRXfvepBA2wI4Ugy6 uv/6+/bzu9nDzlmfOTjyeqj0YQENRk8jnffCZdfSWzcEirD6QLCzlsVUkMkse9/U Pg8Rsa0J0m7AyDEPvHAqfNE03jVY7anHU7dr1iyK5phOjaibnC7in3jkQ2TBTlo7 eGixaK0/SY3DDRoOljXwapwMSDhR5DIeUgn55cz5AD/TFbwVI0s= =kj7I -----END PGP SIGNATURE-----
--- End Message ---
