Debian Bug report logs -
#862154
wolfssl: CVE-2017-2800 / TALOS-2017-0293
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 9 May 2017 06:51:01 UTC
Severity: grave
Tags: security, upstream
Found in version wolfssl/3.10.2+dfsg-2
Fixed in version wolfssl/3.12.0+dfsg-1
Done: Felix Lechner <felix.lechner@lease-up.com>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Felix Lechner <felix.lechner@lease-up.com>:
Bug#862154; Package src:wolfssl.
(Tue, 09 May 2017 06:51:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Felix Lechner <felix.lechner@lease-up.com>.
(Tue, 09 May 2017 06:51:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: wolfssl
Version: 3.10.2+dfsg-2
Severity: grave
Tags: upstream security
Hi,
the following vulnerability was published for wolfssl.
CVE-2017-2800[0]:
No description was found (try on a search engine)
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-2800
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2800
[1] http://www.talosintelligence.com/reports/TALOS-2017-0293/
Regards,
Salvatore
Reply sent
to Felix Lechner <felix.lechner@lease-up.com>:
You have taken responsibility.
(Sun, 27 Aug 2017 12:03:20 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sun, 27 Aug 2017 12:03:20 GMT) (full text, mbox, link).
Message #10 received at 862154-close@bugs.debian.org (full text, mbox, reply):
Source: wolfssl
Source-Version: 3.12.0+dfsg-1
We believe that the bug you reported is fixed in the latest version of
wolfssl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 862154@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Felix Lechner <felix.lechner@lease-up.com> (supplier of updated wolfssl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 13 Aug 2017 21:00:54 -0700
Source: wolfssl
Binary: libwolfssl12 libwolfssl-dev
Architecture: source amd64
Version: 3.12.0+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Felix Lechner <felix.lechner@lease-up.com>
Changed-By: Felix Lechner <felix.lechner@lease-up.com>
Description:
libwolfssl-dev - Development files for the wolfSSL encryption library
libwolfssl12 - wolfSSL encryption library
Closes: 862154 870170
Changes:
wolfssl (3.12.0+dfsg-1) unstable; urgency=medium
.
* New upstream release
* Shared object version is now 12
* CVE-2017-2800 was fixed in 3.11.0 (Closes: #862154)
* CVE-2017-8855 was fixed in 3.11.0 (Closes: #870170)
* Removed "--with-sha224" from rules; now included in "--enable-distro"
* Cannot override lintian for missing upstream signature; source was
repackaged (DFSG)
* Removed unnecessary Build-Depends: dh-autoreconf
* Removed unnecessary Build-Depends: autotools-dev
* Updated to Standards-Version: 4.0.0
Checksums-Sha1:
6ebd2e06e8b07d868acb8eee4be789745d2a3368 1869 wolfssl_3.12.0+dfsg-1.dsc
f06cc10c932a2f6e5b6edebd9a2aea800ef85c2d 1839359 wolfssl_3.12.0+dfsg.orig.tar.gz
e762c7288be0407899969ddbba0c5ce6283a9a70 16724 wolfssl_3.12.0+dfsg-1.debian.tar.xz
447dd5125e315ebd005fbe98d3d61dffec729398 570690 libwolfssl-dev_3.12.0+dfsg-1_amd64.deb
ac91f58894b68a73fc01bfad2f8f4fce38c58cfd 1093630 libwolfssl12-dbgsym_3.12.0+dfsg-1_amd64.deb
0c86c3f1f038125a88a20844da2871c475d83c31 392310 libwolfssl12_3.12.0+dfsg-1_amd64.deb
c8e99e971625cf9594fcc27cdce45d036adc2dfe 5847 wolfssl_3.12.0+dfsg-1_amd64.buildinfo
Checksums-Sha256:
a4dc3215fe531ab09b0ea62c1a1efd2302f791283e498a06fae280adae3dea81 1869 wolfssl_3.12.0+dfsg-1.dsc
dadb4b4b7924df891dd510cabee427ccad7af84d874536b0a834e94d7b982585 1839359 wolfssl_3.12.0+dfsg.orig.tar.gz
9c8e5643d4a8304c8523166639df790d7247146e1f1e4949cd00482f72be8519 16724 wolfssl_3.12.0+dfsg-1.debian.tar.xz
9c9ded7d27ae5c50e2af476746789f0eb4c629c55c9ef3442da080512f2c9d25 570690 libwolfssl-dev_3.12.0+dfsg-1_amd64.deb
95e2df4110c75aa340382b49f3e447c309efb7ec047bc52e7c1d65e6d799942e 1093630 libwolfssl12-dbgsym_3.12.0+dfsg-1_amd64.deb
008b9079d10a8983e945e89b7af656d382d91351d000e270a9511416815a1002 392310 libwolfssl12_3.12.0+dfsg-1_amd64.deb
64cb38d74a1732c5b01633cb1cb9aa87a8b3028f5017a31aca84deb962e02fed 5847 wolfssl_3.12.0+dfsg-1_amd64.buildinfo
Files:
433adcdc46031490129d695b0bef0010 1869 libs optional wolfssl_3.12.0+dfsg-1.dsc
338b8a975e2a0dc39d4c5534ae3c5d68 1839359 libs optional wolfssl_3.12.0+dfsg.orig.tar.gz
0f42a952430b5472d98e4a2969cfaac6 16724 libs optional wolfssl_3.12.0+dfsg-1.debian.tar.xz
9b051fc16c5d464f1c6395989ef33ad4 570690 libdevel optional libwolfssl-dev_3.12.0+dfsg-1_amd64.deb
d2513459196d3dfa207de1ff120f1e8d 1093630 debug extra libwolfssl12-dbgsym_3.12.0+dfsg-1_amd64.deb
3961cfe32ce170935e794956b3a124e0 392310 libs optional libwolfssl12_3.12.0+dfsg-1_amd64.deb
30be1e1da33b94ac6531010ab6dbadfd 5847 libs optional wolfssl_3.12.0+dfsg-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlmRu84ACgkQHpU+J9Qx
HliaFRAAsH+mYM6zQxoN664ktQLs0SAfunLdRJCuO3WhQPZIuRbayBUIAZU/BR9e
57WCDcFqOlxB++oqs8mRRksZ61o14IAttJKc9h7wlCo54EhsdzghcDkfis3Sgjqq
0HXHQGLUFZLhL16jwIoh4WWYNBWnGr0He8DG3ew/6t/Twns00C/25oSm/lgeqmGl
N9XoecFYdXdwgEzAY3JFesXOhM/l+vWNTN1Dob51uCrbrpK9cb75srwus3N/IHIN
NhFjBc4dZUQl7tJ5wFRH+0bEPctsJc6HJCtJQoynptzmjWSk++vUfGUhF87pPIrJ
OOm7FQeQZ6otsfjXfGq+mRtuYjxkKmJmxvfCEU2YyQQgzZPmy6bHS0eN1r/5OKA1
g7nv0b1XSrMnNbKUbzEYm++TFIFUPYIJQv7CiDOKwA8XO2Qhk9kJOS+bSnYyjy3Y
o/Nv+dRJZ3al6tXcLsAU6VOw7IAa8jtXKwNFSFCQwi/VXPTB7LspPofxLCjgpMpt
ncmwZe297Hg3Y055KCO6uhVwonWGPrlZTPuA+OJNjrUIrRPw+VVrPOzl6EQ6r/2W
H7P5kCpRzdlv/CCXhkbMvmMiTMa8KeH4IA21Wi47qm44ourdKu5rasudLZjYgIgD
5tkEtG4ELJ07Lrf1Y5pKiC8JSXcw59uw4lKqfJXQEGkTb98IT6w=
=w6ox
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 30 Sep 2017 07:29:43 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:34:21 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon