Your message dated Thu, 10 Nov 2022 19:00:14 +0000 with message-id <e1otcmc-007bqt...@fasolo.debian.org> and subject line Bug#1023574: fixed in wolfssl 5.5.3-1 has caused the Debian Bug report #1023574, regarding wolfssl: CVE-2022-42961 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1023574: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023574 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: wolfssl Version: 5.2.0-2 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for wolfssl. CVE-2022-42961[0]: | An issue was discovered in wolfSSL before 5.5.0. A fault injection | attack on RAM via Rowhammer leads to ECDSA key disclosure. Users | performing signing operations with private ECC keys, such as in | server-side TLS connections, might leak faulty ECC signatures. These | signatures can be processed via an advanced technique for ECDSA key | recovery. (In 5.5.0 and later, WOLFSSL_CHECK_SIG_FAULTS can be used to | address the vulnerability.) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-42961 https://www.cve.org/CVERecord?id=CVE-2022-42961 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: wolfssl Source-Version: 5.5.3-1 Done: Jacob Barthelmeh <sirkilam...@msn.com> We believe that the bug you reported is fixed in the latest version of wolfssl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1023...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jacob Barthelmeh <sirkilam...@msn.com> (supplier of updated wolfssl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 9 Nov 2022 16:10:39 -0800 Source: wolfssl Binary: libwolfssl-dev libwolfssl35 libwolfssl35-dbgsym Architecture: source amd64 Version: 5.5.3-1 Distribution: unstable Urgency: medium Maintainer: Jacob Barthelmeh <sirkilam...@msn.com> Changed-By: Jacob Barthelmeh <sirkilam...@msn.com> Description: libwolfssl-dev - Development files for the wolfSSL encryption library libwolfssl35 - wolfSSL encryption library Closes: 1014867 1016981 1021021 1023574 Changes: wolfssl (5.5.3-1) unstable; urgency=medium . * New upstream release. (Closes: #1014867, #1016981, #1021021, #1023574) * Fixes CVE-2022-34293, CVE-2022-38152, CVE-2022-38153, CVE-2022-39173, CVE-2022-42961 * Bump SONAME version to 35. * Update symbols file. * Drop patch turn-off-fastmath-for-amd64.patch; now using sp-math everywhere. * Ship docs/QUIC.md with the development files. * Bump Standards-Version to 4.6.1. * Drop Vcs-Git and Vcs-Browser; upstream releases often do not share a common history, especially for security releases fixing vulnerabilities. * Fix watch file to look at tags instead of releases. * Add Jacob Barthelmeh as Maintainer and move self into Uploaders. Checksums-Sha1: ae77e0818ae1538f1d9aa510f73f25e152ef4adc 2343 wolfssl_5.5.3-1.dsc 9f50833f798f8f3b5451ad8d56acb8d597d7a2d6 19153825 wolfssl_5.5.3.orig.tar.gz b5b468c1bb45d9a27f66b776e4f6a3e153df09a3 488 wolfssl_5.5.3.orig.tar.gz.asc e5214188ab5f828fd0074e3e988003c2dda93e4a 31436 wolfssl_5.5.3-1.debian.tar.xz 4ebb5b29091423ad7a2914d9ba2e7e9b7ad132e0 1307764 libwolfssl-dev_5.5.3-1_amd64.deb bf91702b272bac131645ecbb6323b13a056775c8 2460352 libwolfssl35-dbgsym_5.5.3-1_amd64.deb fdd27d82ef11bea5917439464fba34d8b26717f5 884496 libwolfssl35_5.5.3-1_amd64.deb 1326a8cec117e498cbea79686247898296258f5e 6715 wolfssl_5.5.3-1_amd64.buildinfo Checksums-Sha256: 272f96cc8a188c84d313ad4354728aa5eb47fad5b8b9e7b4b2359a10e7481c2d 2343 wolfssl_5.5.3-1.dsc fd3135b8657d09fb96a8aad16585da850b96ea420ae8ce5ac4d5fdfc614c2683 19153825 wolfssl_5.5.3.orig.tar.gz 9037df9ea6e19de743ec30c73d9e90440a63733fb2d50ef20f3253f46c60576d 488 wolfssl_5.5.3.orig.tar.gz.asc e6ead09a6aac5d947c796291f191398f81a9385eee509a0f87384f666d3d304e 31436 wolfssl_5.5.3-1.debian.tar.xz 227249371b5d14fae34b2cf0015ef0c185faf7d934ebb9efb12456814712da89 1307764 libwolfssl-dev_5.5.3-1_amd64.deb da65dc0f998e14c669a3e496666c9a0c4fc48687a0741b05f3f156ae9761d34f 2460352 libwolfssl35-dbgsym_5.5.3-1_amd64.deb 6e93c58bf9fdf42790cb19a30f032131998e85bbfe12a7f3b4f3720846c14b08 884496 libwolfssl35_5.5.3-1_amd64.deb 47cb0aae753768e636be9158ac0d425f030fd0a2be93eba15f2b87f77b61e0b1 6715 wolfssl_5.5.3-1_amd64.buildinfo Files: e59a057f575a12ac6290241c396b3f47 2343 libs optional wolfssl_5.5.3-1.dsc 0776c6d8a83ac1476879dba572ef5c71 19153825 libs optional wolfssl_5.5.3.orig.tar.gz 1d14c91a8c65a77f8365b59efe90546b 488 libs optional wolfssl_5.5.3.orig.tar.gz.asc d26eccfe8c5e2d71f132d47d615b2a2c 31436 libs optional wolfssl_5.5.3-1.debian.tar.xz f1f61730bb4556c12346723d02fa1a3a 1307764 libdevel optional libwolfssl-dev_5.5.3-1_amd64.deb d8d6e3138c87bca89c84f076a95ea9a1 2460352 debug optional libwolfssl35-dbgsym_5.5.3-1_amd64.deb c93f531189e851a0b96c856729956946 884496 libs optional libwolfssl35_5.5.3-1_amd64.deb 508592daccffa53d47811c75d83bb89f 6715 libs optional wolfssl_5.5.3-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKvBAEBCgCZFiEE8E0cIgLi+g0BiFTarFipTxFhjuAFAmNshIJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEYw NEQxQzIyMDJFMkZBMEQwMTg4NTREQUFDNThBOTRGMTE2MThFRTAbHGZlbGl4Lmxl Y2huZXJAbGVhc2UtdXAuY29tAAoJEKxYqU8RYY7gEKwQANcajfQUG3Bhi0OxvYqb v0LDI2LbKDwXseqOJ8n0BthBmiS50g7B32oif/HahDaj8lCHJdxrj1/79SCFgmtU sKSr4UZ6bz+H0VlMRW+pDuGTAtPzSdtrw49Xqgei3lhYHHAfNSVaKK2cXXG6Vnfw JZy7XJ18T89kzQBJZznWV3A8VwvBb2aGv3K7fDwM/fKwKH2Pbv7TxOh1jZADQvV6 P6R4GLfCpvcjYv48M0vncF+AJqfJTyRIsh1eyWhb/8veKMt6j7mkglDKzVrjJ6eP WTy6WeEKlRwPNdAznQqG5vC+gfyX3DOvtdldyLsulzZsV+6LZEgkhwEO9/KoZVjH L7/4Kvjy46jaP6XrPu2mnOP+4yE1qSMqTZ+xBNJyCGlxTnwocfR6S9L9eRVjTJjj U79cNm32Bdia3Qesa0wjNVl1t9YTx0LGfedC/CxfPVkC9YgkS2VLYbrk5RB95rF2 mQhOcA0YnC0/PbpxHPwWZvUS1pOvWyFlnVXLwfi7jkxjC2/YUGd+7dQfuXeuVqq6 eBhBvc/eOXiNMjOCuRsizoT92a4XcyBAMymmJLidMdHbT9rIkeq7QA9txpnE3iCm Ck1u2TSuQ/RMyM3qjyHlKLcZwkxVeT/pGAXUSANz0JXzuCYKA/9hNPemjUdolsyu wMGqdxhpe7NnZpzoFo/pgLs5 =02J/ -----END PGP SIGNATURE-----
--- End Message ---
