Your message dated Sun, 09 Apr 2006 23:47:10 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#352182: fixed in libtasn1-2 0.3.1-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: libtasn1-2
Version: 0.2.17-1
Severity: grave
Tags: security
A crash in the DER decoder of GnuTLS has been disclosed.
From: Simon Josefsson <[EMAIL PROTECTED]>
Subject: GnuTLS 1.2.10 - Security release
Newsgroups: gnu.announce
To: [EMAIL PROTECTED], help-gnutls@gnu.org, info-gnu@gnu.org
Date: Thu, 09 Feb 2006 16:46:28 +0100
Message-ID: <[EMAIL PROTECTED]>
We are pleased to announce the availability of GnuTLS version 1.2.10,
a security bug-fix release on the stable 1.2.x branch.
This release fixes several serious bugs that would make the DER
decoder in libtasn1 crash on invalid input. The problems were
reported by Evgeny Legerov on the 31th of January.
[...]
--- End Message ---
--- Begin Message ---
Source: libtasn1-2
Source-Version: 0.3.1-1
We believe that the bug you reported is fixed in the latest version of
libtasn1-2, which is due to be installed in the Debian FTP archive:
libtasn1-2-bin_0.3.1-1_i386.deb
to pool/main/libt/libtasn1-2/libtasn1-2-bin_0.3.1-1_i386.deb
libtasn1-2-dbg_0.3.1-1_i386.deb
to pool/main/libt/libtasn1-2/libtasn1-2-dbg_0.3.1-1_i386.deb
libtasn1-2-dev_0.3.1-1_i386.deb
to pool/main/libt/libtasn1-2/libtasn1-2-dev_0.3.1-1_i386.deb
libtasn1-2_0.3.1-1.diff.gz
to pool/main/libt/libtasn1-2/libtasn1-2_0.3.1-1.diff.gz
libtasn1-2_0.3.1-1.dsc
to pool/main/libt/libtasn1-2/libtasn1-2_0.3.1-1.dsc
libtasn1-2_0.3.1-1_i386.deb
to pool/main/libt/libtasn1-2/libtasn1-2_0.3.1-1_i386.deb
libtasn1-2_0.3.1.orig.tar.gz
to pool/main/libt/libtasn1-2/libtasn1-2_0.3.1.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matthias Urlichs <[EMAIL PROTECTED]> (supplier of updated libtasn1-2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Changed-By: Matthias Urlichs <[EMAIL PROTECTED]>
Date: Sat, 18 Mar 2006 03:21:11 +0100
Version: 0.3.1-1
Distribution: unstable
Source: libtasn1-2
Urgency: high
Maintainer: Matthias Urlichs <[EMAIL PROTECTED]>
Binary: libtasn1-2 libtasn1-2-bin libtasn1-2-dbg libtasn1-2-dev
Architecture: i386 source
Closes: 352182
Changes:
libtasn1-2 (0.3.1-1) unstable; urgency=high
.
* New Upstream release.
- Fixes a buffer overrun: Closes:#352182
- Yes, I know, this release is *late*. Sorry about that.
Description:
libtasn1-2-dbg - Manage ASN.1 structures (development)
libtasn1-2 - Manage ASN.1 structures (runtime)
libtasn1-2-bin - Manage ASN.1 structures (binaries)
libtasn1-2-dev - Manage ASN.1 structures (development)
Files:
67a62367a45329f2f319b27a680fcd6a 20650 libs important
libtasn1-2-bin_0.3.1-1_i386.deb
e715c45fd7fa26041cb237efdd1b6452 46898 devel extra
libtasn1-2-dbg_0.3.1-1_i386.deb
8a6f537d3df3a353ef4d90d8a2464803 260300 libdevel optional
libtasn1-2-dev_0.3.1-1_i386.deb
b4221e36333b0e2db6e69d21c70ca4fc 332988 libs important
libtasn1-2_0.3.1-1.diff.gz
94d4f87af77f9a324bd3aafe76efbfbe 44078 libs important
libtasn1-2_0.3.1-1_i386.deb
87d93e2917e783f3bb1b6343ded9b199 713 libs important libtasn1-2_0.3.1-1.dsc
9e45106b0fe758caa9037d414739f570 466148 libs important
libtasn1-2_0.3.1.orig.tar.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEOdUF8+hUANcKr/kRAqT7AKCIYvjz6fzxyjXNa+9ya5yKsMinowCbBN/8
eNIsJhlCWipxty7x2T2+yto=
=ETRq
-----END PGP SIGNATURE-----
--- End Message ---
