Your message dated Thu, 04 Mar 2021 00:48:29 +0000 with message-id <e1lhcah-0006lo...@fasolo.debian.org> and subject line Bug#982578: fixed in stunnel4 3:5.56+dfsg-8 has caused the Debian Bug report #982578, regarding stunnel4: CVE-2021-20230: client certificate not correctly verified when redirect and verifyChain options are used to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 982578: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982578 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: stunnel4 Version: 3:5.56+dfsg-6 Severity: grave Tags: patch security upstream fixed-upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for stunnel4. CVE-2021-20230[0]: | client certificate not correctly verified when redirect and | verifyChain options are used If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-20230 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20230 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1925226 [2] https://bugzilla.suse.com/show_bug.cgi?id=1177580 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: stunnel4 Source-Version: 3:5.56+dfsg-8 Done: Peter Pentchev <r...@debian.org> We believe that the bug you reported is fixed in the latest version of stunnel4, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 982...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Peter Pentchev <r...@debian.org> (supplier of updated stunnel4 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 04 Mar 2021 00:59:13 +0200 Source: stunnel4 Architecture: source Version: 3:5.56+dfsg-8 Distribution: unstable Urgency: medium Maintainer: Peter Pentchev <r...@debian.org> Changed-By: Peter Pentchev <r...@debian.org> Closes: 982578 Changes: stunnel4 (3:5.56+dfsg-8) unstable; urgency=medium . * Add some patches cherry-picked from stunnel-5.57 and 5.58: - 09-verify-redirect and 10-verify-noredirect: CVE-2021-20230 - 11-test-netcat-source: ensure netcat is invoked properly by the test suite - 12-bio-free: fix a memory allocation/deallocation inconsistency - 13-tls13: TLS 1.3 compatibility fixes needed to let the internal tests pass with the verification/redirect fixes . All of this together Closes: #982578 Checksums-Sha1: 2015ed8fca44cf19de65332c55c188211be72406 2847 stunnel4_5.56+dfsg-8.dsc 0a6373ea19c3f76279a5c399bf9e8f6de3701521 51308 stunnel4_5.56+dfsg-8.debian.tar.xz Checksums-Sha256: 1f13970587fcc49b97acabf35d75ed4b5451922a36fa618c4df4cd85643db669 2847 stunnel4_5.56+dfsg-8.dsc 6e8fc108c5b384d96a6126072e185fa9d2b29f889866b0a99f154ab59a102aaf 51308 stunnel4_5.56+dfsg-8.debian.tar.xz Files: 4a93a80f75e0150f1975313b41283e7c 2847 net optional stunnel4_5.56+dfsg-8.dsc ebc782535dfd538fc7eab676b082b8f5 51308 net optional stunnel4_5.56+dfsg-8.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQJEBAEBCgAuFiEELuenpRf8EkzxFcNUZR7vsCUn3xMFAmBAKVcQHHJvYW1AZGVi aWFuLm9yZwAKCRBlHu+wJSffE0+tEADD7ENkuX5Zj4DQjXTzDhed0sbPWphbCMpc fE90BTtQUi4/Gn0zkWgWDA29LNP2lrVEks52w7ETU0bQEolx9Lvbjr483uTTosM8 brb0QkF74r0EFCvyp/hRpWSSCZATLMBP1tMvVCP6CIv2ycUtY8jIOisLr+PLhFBq rA23UMYfjaZQnAtaN585K10wqU6MYjtaiH+C1zaKLgJmM/j5sJGtsuMXOY3xxlkI Yx88wMz3wnu6v6bzLoVcxELIOcOUPfbH2m4jC9wz7JXn5kGXLTy1Urq0aJS1gFmB CuruTmQ5LNAWPUtlY/Z9jikoJgXoGl9vQMwBiMj5Kc2LDVMQUDd0hfeeUHsuiC0r DwnVX3fkDCwIi2pOaAWGnVzBsW/yt9ZzQHJcBCccXGQNFR9WGFyBCgvZ/bkOBYYu YS44rbqdbGCtEWIhGwk84KtKhTIzoAtK2E9UIh0cM5AscpT7r+ly5Vds2AJ0Ix8E i8EEBMLmFeuaUCoEfejZ4hIPuhiSFV6iV5eer0jkIkZDbvOZqgN6Tqbjvgxp7cgx MlMbtM9WzhNsq2CTGmE2wWZip675Bw8w5LVMm2fQ9MoGr/K5Hxr0QokRxvLxX/+E btG3t1G1+4tJdJRcFc3W2S4ZcOOkBwbWkegmYAp/y8409R7jh2hppnDYTnBTijXC MWmf+yayTQ== =MXSu -----END PGP SIGNATURE-----
--- End Message ---
