Debian Bug report logs -
#884235
wolfssl: CVE-2017-13099
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Felix Lechner <felix.lechner@lease-up.com>:
Bug#884235; Package src:wolfssl.
(Tue, 12 Dec 2017 20:27:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Felix Lechner <felix.lechner@lease-up.com>.
(Tue, 12 Dec 2017 20:27:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: wolfssl
Version: 3.12.2+dfsg-1
Severity: grave
Tags: patch security upstream
Forwarded: https://github.com/wolfSSL/wolfssl/pull/1229
Hi,
the following vulnerability was published for wolfssl.
CVE-2017-13099[0]:
| ROBOT attack / Fix handling of static RSA padding failures.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-13099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13099
[1] https://github.com/wolfSSL/wolfssl/pull/1229
Regards,
Salvatore
Added tag(s) fixed-upstream.
Request was from bts-link-upstream@lists.alioth.debian.org
to control@bugs.debian.org.
(Mon, 18 Dec 2017 17:06:35 GMT) (full text, mbox, link).
Reply sent
to Felix Lechner <felix.lechner@lease-up.com>:
You have taken responsibility.
(Sat, 23 Dec 2017 00:03:03 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sat, 23 Dec 2017 00:03:04 GMT) (full text, mbox, link).
Message #12 received at 884235-close@bugs.debian.org (full text, mbox, reply):
Source: wolfssl
Source-Version: 3.13.0+dfsg-1
We believe that the bug you reported is fixed in the latest version of
wolfssl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 884235@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Felix Lechner <felix.lechner@lease-up.com> (supplier of updated wolfssl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 21 Dec 2017 15:43:45 -0800
Source: wolfssl
Binary: libwolfssl15 libwolfssl-dev
Architecture: source amd64
Version: 3.13.0+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Felix Lechner <felix.lechner@lease-up.com>
Changed-By: Felix Lechner <felix.lechner@lease-up.com>
Description:
libwolfssl-dev - Development files for the wolfSSL encryption library
libwolfssl15 - wolfSSL encryption library
Closes: 884235
Changes:
wolfssl (3.13.0+dfsg-1) unstable; urgency=medium
.
* New upstream release
* Fixes "robot attack" CVE-2017-13099 (Closes: #884235)
* New major number 15
* Set Standards-Version: 4.1.2
* Improved clean target for repeated builds
Checksums-Sha1:
e0390df647ee0dde910ec4721e756b7d6300e82d 1869 wolfssl_3.13.0+dfsg-1.dsc
cb1f2130e99b2c26181f894ad6b90d23f77f3aa0 2386396 wolfssl_3.13.0+dfsg.orig.tar.gz
454621edcc99c1d8a8f3136ca08c12951b4f66bd 16144 wolfssl_3.13.0+dfsg-1.debian.tar.xz
4bd531bd323392af638576d5ecd3e74167b81053 579396 libwolfssl-dev_3.13.0+dfsg-1_amd64.deb
d78594a368787dffcabdb337d7d9e889b10754ae 1095100 libwolfssl15-dbgsym_3.13.0+dfsg-1_amd64.deb
903a4f80152a015e9ed19f1fd7b7138bb77644c1 393220 libwolfssl15_3.13.0+dfsg-1_amd64.deb
955ff1bd5f931eb7cb435274756263d95e72c1a8 5959 wolfssl_3.13.0+dfsg-1_amd64.buildinfo
Checksums-Sha256:
48261c9814314ff791a8a961b15ff4c7bd7864cbe1ba2d44e56b19cff2d1a159 1869 wolfssl_3.13.0+dfsg-1.dsc
2f0eec65bd5957ade116d54ae0e49a061a545d3d62c8eff248bde08154dae85d 2386396 wolfssl_3.13.0+dfsg.orig.tar.gz
bb89af8f367f072d09ec533ffcfcc06963de8716704e28053ca9169b97baa9b2 16144 wolfssl_3.13.0+dfsg-1.debian.tar.xz
9a997738dc2f7a91d8ba2cffb44f580c8b1e070eef0caaf60bf16c197f0220a6 579396 libwolfssl-dev_3.13.0+dfsg-1_amd64.deb
2b12e45045ced356e0a7d0b8f74e7431329b06df574caf75ad579cc0976aaee9 1095100 libwolfssl15-dbgsym_3.13.0+dfsg-1_amd64.deb
1d46fc2a68b1b5c2058c5d6922dc86c81a440230925b3ef66c261e3cb8d9a4eb 393220 libwolfssl15_3.13.0+dfsg-1_amd64.deb
c5e7934f54a4547dff430f5fdae0359b0c9c1f823e6a5f049a4c0b4f6317380f 5959 wolfssl_3.13.0+dfsg-1_amd64.buildinfo
Files:
f002811bb862504c7db60c2417e5d5dd 1869 libs optional wolfssl_3.13.0+dfsg-1.dsc
e7d54399ee5d3b2c9b6494dd345bef73 2386396 libs optional wolfssl_3.13.0+dfsg.orig.tar.gz
5c9feca321143b87a18837bd1f44d289 16144 libs optional wolfssl_3.13.0+dfsg-1.debian.tar.xz
4d5984fe65606c7389a2486e3315527a 579396 libdevel optional libwolfssl-dev_3.13.0+dfsg-1_amd64.deb
ad0b207f1ba61ba01b44ff7f074f557e 1095100 debug optional libwolfssl15-dbgsym_3.13.0+dfsg-1_amd64.deb
d1b270b001434fa3d237ae0e587144e4 393220 libs optional libwolfssl15_3.13.0+dfsg-1_amd64.deb
a1164a2cdd8992621ed56d9d9989a889 5959 libs optional wolfssl_3.13.0+dfsg-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlo8zXoACgkQHpU+J9Qx
HliYvQ//SQaOW918aKkktb6/B0lU98TMJZu0BZSQDCeyYEKWW3eU4igxvhzehQf3
C82Xr4EIpkROOmDOPj+tFboewz6EgxbzbgfIoyzUFQjPGpCCb8Wj7SEIgxTEeTKI
dksnvVvwqziIB58dai6LiRqX8b8hpsObFtQonUS+UgBIBDokq2sOV4l7OY9TRQnJ
2v2QP8oD+Byw1S0N/BZHu4cF0AtVNOxEqBxMw/nAzmq4TtgOe0y9cKXW/R8hh94v
9MTC/pFh6y26gT7TNLC0CKmJ6Yh5spKOWTwQ85RkNxA1+KyxWnSMewzw4VWV74R2
ZwL7t2I4xfkKuAL+4QxidgN6msColSFw1uYVjvksU9lgiqKqMCFzZi7VuhX6e+Ds
sHI7owBBhjq8/IcWnSs5T2cEIsA+mG9aYDQEMnw1IteAE33GSbsyB1jNzFNv2EoV
QHbm/PnHcsTQTc8BLyX5y+zJ0uLtkNOfJ1fdLvucrfVhC6MELDcv9imuyHoERZmr
PPo4cgtCqmtTn7/SLi5pxTcKh0Ku/+wi5jqu2IXF29oZjtWu9GTcmvIqrvVJ9Ie6
QClta3ldJ2pCPW3DFXPdhuSbFfs00Ot96VEub/IQ4NCAlY5uuZMvLVrzPGlPO9gM
0C2SEsPXUGSV+K4etjaiyireP1LDQx93DC5OgTcZ45FMB/7xo0Q=
=58tD
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 25 Jan 2018 07:27:43 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:09:31 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon