Your message dated Mon, 19 Jun 2006 03:32:06 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#368416: fixed in netkit-telnet-ssl 0.17.24+0.1-11
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: telnet-ssl
Version: 0.17.24+0.1-10
Severity: critical
Justification: breaks unrelated software
RC abuse of /etc/ssl/certs, rendering certificate validation
inoperable.
There are two problems with this packages use of /etc/ssl/certs:
* Files in /etc/ssl/certs must be a+r
- GNUTLS reads files in /etc/ssl/certs, and will not verify a
remote certificate once it encounters an unreadable file in
/etc/ssl/certs.
- OPENSSL also must read files in /etc/ssl/certs, but seems to
be more forgiving of errors incurred in the process.
* This packages combines the key and cert into one file - which
of course means it can't be world readable... and there for should
not be in /etc/ssl/certs. At least the key file should be in some
package private /etc/ directory - with the appropriate
permissions.
You can still use a combined file, but it just needs to be
elsewhere.
I noticed this when I couldn't connect to my corporate LDAP servers
using ldaps://, but the breakage is going to be further spread (likely any
GNUTLS client app needing to lookup certificate chains).
-- System Information:
Debian Release: testing/unstable
APT prefers testing-proposed-updates
APT policy: (500, 'testing-proposed-updates'), (500, 'proposed-updates'),
(500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages telnet-ssl depends on:
ii libc6 2.3.6-9 GNU C Library: Shared libraries
ii libgcc1 1:4.1.0-4 GCC support library
ii libncurses5 5.5-2 Shared libraries for terminal hand
ii libssl0.9.8 0.9.8b-2 SSL shared libraries
ii libstdc++6 4.1.0-4 The GNU Standard C++ Library v3
telnet-ssl recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: netkit-telnet-ssl
Source-Version: 0.17.24+0.1-11
We believe that the bug you reported is fixed in the latest version of
netkit-telnet-ssl, which is due to be installed in the Debian FTP archive:
netkit-telnet-ssl_0.17.24+0.1-11.diff.gz
to pool/main/n/netkit-telnet-ssl/netkit-telnet-ssl_0.17.24+0.1-11.diff.gz
netkit-telnet-ssl_0.17.24+0.1-11.dsc
to pool/main/n/netkit-telnet-ssl/netkit-telnet-ssl_0.17.24+0.1-11.dsc
telnet-ssl_0.17.24+0.1-11_i386.deb
to pool/main/n/netkit-telnet-ssl/telnet-ssl_0.17.24+0.1-11_i386.deb
telnetd-ssl_0.17.24+0.1-11_i386.deb
to pool/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.24+0.1-11_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ian Beckwith <[EMAIL PROTECTED]> (supplier of updated netkit-telnet-ssl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 16 Jun 2006 19:10:02 +0100
Source: netkit-telnet-ssl
Binary: telnet-ssl telnetd-ssl
Architecture: source i386
Version: 0.17.24+0.1-11
Distribution: unstable
Urgency: low
Maintainer: Ian Beckwith <[EMAIL PROTECTED]>
Changed-By: Ian Beckwith <[EMAIL PROTECTED]>
Description:
telnet-ssl - The telnet client with SSL encryption support
telnetd-ssl - The telnet server with SSL encryption support
Closes: 368416 372105
Changes:
netkit-telnet-ssl (0.17.24+0.1-11) unstable; urgency=low
.
* Move telnetd.pem to /etc/telnetd-ssl (Closes: #368416):
* Use private copy of openssl.cnf (from openssl_0.9.8b-2) (Closes: #372105).
* Set Common Name to FQDN when generating certificate.
* Standards-Version: 3.7.2 (No changes).
Files:
4185af0c6db289eca33addf897bad031 1007 net extra
netkit-telnet-ssl_0.17.24+0.1-11.dsc
24515308f683ef64fb3ed8ce68a72931 29849 net extra
netkit-telnet-ssl_0.17.24+0.1-11.diff.gz
dd08351a2e4e4e81aad4c4c2b41eec9c 83126 net extra
telnet-ssl_0.17.24+0.1-11_i386.deb
b3af3c13c05482a55b7ca6df62f05072 56872 net extra
telnetd-ssl_0.17.24+0.1-11_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iQEVAwUBRJZ48m4/9k35XC9tAQLRJwgAxCG6WXGA/ujl/xlQkannRjXi024A3XLX
0D4n9X7qP+YtMJ9fYyUbR1LbKW3Pun1TamFNBsT1ll8uRi+85JphMYIpWIVAToN+
04em+gPHgaD6Uu8EkobMpRr7/7FD40+6kU4zhti8mFbU5xkXlDZDeQX4uMK3Qy+E
PQO7qcyEBuiaqlfFLk+a8bD3KkOHbmWbWRW3s6GFSZf1Fjbk6bjPTHL0uLZXXtNZ
eBxOW++520VjLBS8tdrJ0hwpKJX1bfIkOeC7t78PvDqDSSNUw0aKepHbmXpHgOgT
1jenwRjo9u0vz2EJq9b3qoG9Iw560xO7ev0Q8ra6Py4DqrRH3ypWEQ==
=x2fJ
-----END PGP SIGNATURE-----
--- End Message ---
