Debian Bug report logs -
#833467
python-hpack: CVE-2016-6581
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 4 Aug 2016 18:09:01 UTC
Severity: important
Tags: fixed-upstream, patch, security, upstream
Found in version python-hpack/2.2.0-1
Fixed in version python-hpack/2.3.0-1
Done: Sebastien Delafond <seb@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Sebastien Delafond <seb@debian.org>:
Bug#833467; Package src:python-hpack.
(Thu, 04 Aug 2016 18:09:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Sebastien Delafond <seb@debian.org>.
(Thu, 04 Aug 2016 18:09:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: python-hpack
Version: 2.2.0-1
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for python-hpack.
CVE-2016-6581[0]:
HPACK Bomb
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-6581
[1] https://github.com/python-hyper/hpack/pull/56
Regards,
Salvatore
Reply sent
to Sebastien Delafond <seb@debian.org>:
You have taken responsibility.
(Sat, 06 Aug 2016 16:27:04 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sat, 06 Aug 2016 16:27:04 GMT) (full text, mbox, link).
Message #10 received at 833467-close@bugs.debian.org (full text, mbox, reply):
Source: python-hpack
Source-Version: 2.3.0-1
We believe that the bug you reported is fixed in the latest version of
python-hpack, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 833467@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sebastien Delafond <seb@debian.org> (supplier of updated python-hpack package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 06 Aug 2016 08:28:46 -0700
Source: python-hpack
Binary: python-hpack python3-hpack
Architecture: source all
Version: 2.3.0-1
Distribution: unstable
Urgency: medium
Maintainer: Sebastien Delafond <seb@debian.org>
Changed-By: Sebastien Delafond <seb@debian.org>
Description:
python-hpack - Pure-Python HTTP/2 header encoding (HPACK)
python3-hpack - Pure-Python3 HTTP/2 header encoding (HPACK)
Closes: 833467
Changes:
python-hpack (2.3.0-1) unstable; urgency=medium
.
* Imported Upstream version 2.3.0 (Closes: #833467, CVE-2016-6581)
Checksums-Sha1:
6dfcf411d2581c22229684ed1fe14de61d06fd3d 1720 python-hpack_2.3.0-1.dsc
7e9a9261c49ca46980407cf346e995668f619a60 3437860 python-hpack_2.3.0.orig.tar.bz2
a85dedcb06fde2db53a4dd73afe2ba9a791d9740 2112 python-hpack_2.3.0-1.debian.tar.xz
43b9338a316e4bc1c6caf2ac5f2a1ba02097032a 41470 python-hpack_2.3.0-1_all.deb
553c30b8f71a02bd3fc94f42f0a01db4d89b57e6 38924 python3-hpack_2.3.0-1_all.deb
Checksums-Sha256:
ed73952f2c948f6b75d5106e4868aa419805633663d56f6ee3a5df411bf16235 1720 python-hpack_2.3.0-1.dsc
87a8df2ae284896a491ac4dbd7276237c763f57c45062c43baf50e228b139b21 3437860 python-hpack_2.3.0.orig.tar.bz2
f7ca0c4ad9cc087ef7f55004ba0d3ae2f3bbc12e0e866fd9ce5983f1b0281430 2112 python-hpack_2.3.0-1.debian.tar.xz
4ba3bb0aec41be8f244b3108e1a794babced509ce4f4d0133260b4c64af70526 41470 python-hpack_2.3.0-1_all.deb
4f0bc8eaa206715df19d90a5e269321f553ca6076788d37ff3dd22a2c6ec38e1 38924 python3-hpack_2.3.0-1_all.deb
Files:
49a36cfab19ae71efb3de7de37145b58 1720 python optional python-hpack_2.3.0-1.dsc
402af9567e1551a9528059ddd807d689 3437860 python optional python-hpack_2.3.0.orig.tar.bz2
f777956c24907063ab3a5ffa781e1700 2112 python optional python-hpack_2.3.0-1.debian.tar.xz
ee03fca970884aa437a5e8387d7761bc 41470 python optional python-hpack_2.3.0-1_all.deb
c4cd3f50376edd5a2308e55a124b6129 38924 python optional python3-hpack_2.3.0-1_all.deb
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCgAGBQJXpgW1AAoJEBC+iYPz1Z1kwTkH/iqXhsvyiTsm2BWINCZ5pikt
DNTof9Km6xVULM4s/0+ciJ/rRpqaDIBPQpbesQgN5dKDW9Aki4yp/FoQycBXXfuj
G0nqTIyFaIFM9DvoPp04H72ltxOVVt/svrV5rV3xyWnRALTtqKmuwzCCh8R32ZB5
wCbgnpdDdGuMIwipZRIWnw0sqUfonfTBkfJFUL5aLGPjd45UH4HfmqrmW6JtpJFl
FQpTwdzkKqUdG4taTIuRyg1IkBEdWdn5RX0D293+STE4XykNEqv9UyNEUHPMhpkW
XcPGnLyR0ci1obfEP7gYrzm3COZ72+dDPf+pxVl3sQY6MAAcsMmKSgj03pG6o68=
=KYiA
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 11 Sep 2016 08:03:09 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:22:03 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon