Your message dated Wed, 24 May 2023 17:50:49 +0000 with message-id <e1q1sdn-00gqqm...@fasolo.debian.org> and subject line Bug#1034558: fixed in rnp 0.16.3-1 has caused the Debian Bug report #1034558, regarding rnp: CVE-2023-29479 CVE-2023-29480 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1034558: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034558 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: rnp Version: 0.16.2-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> *** /tmp/rnp.reportbug Package: rnp X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for rnp, [0] and [1]. The first one was as well affecting mentioned in the recent thunderbird mfsa. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-29479 https://www.cve.org/CVERecord?id=CVE-2023-29479 [1] https://security-tracker.debian.org/tracker/CVE-2023-29480 https://www.cve.org/CVERecord?id=CVE-2023-29480 [2] https://www.rnpgp.org/blog/2023-04-13-rnp-release-0-16-3/ Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: rnp Source-Version: 0.16.3-1 Done: Daniel Kahn Gillmor <d...@fifthhorseman.net> We believe that the bug you reported is fixed in the latest version of rnp, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1034...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Daniel Kahn Gillmor <d...@fifthhorseman.net> (supplier of updated rnp package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 24 May 2023 09:06:07 -0400 Source: rnp Architecture: source Version: 0.16.3-1 Distribution: unstable Urgency: medium Maintainer: Daniel Kahn Gillmor <d...@fifthhorseman.net> Changed-By: Daniel Kahn Gillmor <d...@fifthhorseman.net> Closes: 1034558 Changes: rnp (0.16.3-1) unstable; urgency=medium . * New upstream release, Closes: #1034558 - Fixes CVE-2023-29479 - Fixes CVE-2023-29480 * standards-version: bump to 4.6.2 (no changes needed) * drop unnecessary lintian overrides * d/copyright: include 2023 Checksums-Sha1: 594085c8fb5f4c2200c6cbb37f5c67d588a536e7 1572 rnp_0.16.3-1.dsc eab1b2fa97b9563170f2190952fb112983155576 2897854 rnp_0.16.3.orig.tar.gz a09d3d631c8b97e7b02e690ab76095cca7018953 8256 rnp_0.16.3-1.debian.tar.xz d32a5c6aa9f043a86dd53dfdbdd76bd336658847 17125 rnp_0.16.3-1_amd64.buildinfo Checksums-Sha256: 6a750a17b88b824a6ca82f7653c68237bd20c5d6b1763567e8557fae8fcc609f 1572 rnp_0.16.3-1.dsc 5c4951e46cc29524a9eae90378414f88e6e0b54b59a1f44c75101b9022835e96 2897854 rnp_0.16.3.orig.tar.gz c07a0999312ad20d9431e0fbfd27e1420c4e3008f9f5aefc657f4a148c75c863 8256 rnp_0.16.3-1.debian.tar.xz 6ff6c717a9a2fe380b685f443145ba12ad782fe19989331ebbd1ccd3e2a13255 17125 rnp_0.16.3-1_amd64.buildinfo Files: d7dc11e49e5073eaec7624e3d1f1e9b7 1572 utils optional rnp_0.16.3-1.dsc 2136b811ec79ad87388a5fe6585d228a 2897854 utils optional rnp_0.16.3.orig.tar.gz 80f16b9773ff430f5e2f07efa29f8341 8256 utils optional rnp_0.16.3-1.debian.tar.xz 7175ae672292ee4bbac103372f8c937a 17125 utils optional rnp_0.16.3-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQQttUkcnfDcj0MoY88+nXFzcd5WXAUCZG4crwAKCRA+nXFzcd5W XEPPAQCY5uvpGzAZeueMwqeIkvKZuZuCMQKOhCDIQFeK06A0GwD6A0RCY3+ianNs /J9IHLz0whDp6OFlRl5heI9LEx1HZg4= =tTdK -----END PGP SIGNATURE-----
--- End Message ---
