Your message dated Mon, 17 Feb 2014 22:02:04 +0000 with message-id <[email protected]> and subject line Bug#738134: fixed in parcimonie 0.7.1-1+deb7u1 has caused the Debian Bug report #738134, regarding parcimonie: CVE-2014-1921: possible correlation between key fetches to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 738134: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738134 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---package: parcimonie Hi intri, I've been running parcimonie --verbose and in each loop it's telling me: Using 104.425551854823 seconds as average sleep time. [...] Will now sleep 600 seconds. I havent actually measured the times myself, but it seems, it always sleeping exactly 10min?!? That probably matches the design, but not the user expectations... :-) I also think this bug should be severity "imporant" as it breaks one of the two main features of parcemonie (random sleep & change of tor circuit between each key update). But then I don't know how many users are affected by this bug, I do have *lots* of keys in my keyring. cheers, Holger
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---Source: parcimonie Source-Version: 0.7.1-1+deb7u1 We believe that the bug you reported is fixed in the latest version of parcimonie, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. intrigeri <[email protected]> (supplier of updated parcimonie package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 11 Feb 2014 01:04:20 CET Source: parcimonie Binary: parcimonie Architecture: source all Version: 0.7.1-1+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: intrigeri <[email protected]> Changed-By: intrigeri <[email protected]> Description: parcimonie - privacy-friendly helper to refresh a GnuPG keyring Closes: 738004 738134 Changes: parcimonie (0.7.1-1+deb7u1) wheezy-security; urgency=high . * Cherry-pick two upstream patches: - Sleep a random amount of time if the computed random sleep time is too low (CVE-2014-1921, Closes: #738134). - Clarify lapse time with large number of keys (Closes: #738004). Thanks Holger Levsen <[email protected]> for the bug reports! Checksums-Sha256: 591f775cd0bb743607237c9d986f719cd4438dcf24e1021a8fa6e340326f1781 2752 parcimonie_0.7.1-1+deb7u1.dsc c86f9ebf17248ee3415eccef89a898c13930e63929a4b9dc1ce3f35b54004ee2 6321 parcimonie_0.7.1-1+deb7u1.debian.tar.gz 83c2f9c3f27120f141e15075730e4274dc4378a2f093e61a0349dc5c007aa2fe 41906 parcimonie_0.7.1-1+deb7u1_all.deb 1672056cfaa8d20f6baa2787e6fe300349758648303d5ab8ca6c53369332c0e1 54775 parcimonie_0.7.1.orig.tar.gz Checksums-Sha1: c3029aabad61de0d678c37b93b1273c3732b479c 2752 parcimonie_0.7.1-1+deb7u1.dsc 6530df822664e54591f5ed4c757aa41da22f9d1f 6321 parcimonie_0.7.1-1+deb7u1.debian.tar.gz 9259ed5c571c8129717208da4848e68257c39a9c 41906 parcimonie_0.7.1-1+deb7u1_all.deb e9b10f41561fa936d2ac73ebbcde1df5a50e4239 54775 parcimonie_0.7.1.orig.tar.gz Files: 951946c4b9d8c53edca40ecb2f293da2 2752 perl optional parcimonie_0.7.1-1+deb7u1.dsc f1fee27a82bc0296c0ca1edaf174cc51 6321 perl optional parcimonie_0.7.1-1+deb7u1.debian.tar.gz 19622fb9be62b1a5f012a89c2cc38b03 41906 perl optional parcimonie_0.7.1-1+deb7u1_all.deb 1dc6b119440c6bebc31205cf54820634 54775 perl optional parcimonie_0.7.1.orig.tar.gz -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJS+WmdAAoJELrOFdKldJj/kD0QAMx8Y4c+ObV2iIjd57C5F+QB fpmpExvA78cHmA5ZIHJyeJnHMplMp79G7jRJm0ugZcYfOcUAatSHeX7s8UMMAgHg 3NJlGNsVhVvQzK3A5Fkn/dDjyplJQsLIi7JEnFoBqB6hT+z4jYFBvZ3c43uIDost Kn/eV7WYfFTmiRJ/Wfy0Zk7lb5o3Sd5hdUBFuKl4LRanmNM3OmyGW0EKJI4bnjIk 2vmBR7Jg2vkxfzKVVFAUR2PJ9XyKlF63h6iaDrCaWIFMijBqgeh3CLL0chvRt3MN jTRUS2FCBAXvJ/EROf5yHloa4ZZlF4vLKT9bIQRVl8hhwbir8PzX1f/+JpLboQRu gWurEzG2qdK/udd6nt2ebn9ENSJjRu/2aDGZ/YsHmQwesmUV17gVW9nWqNmYhHsp tePvTP2dWTYEPKWRKDESxR6MvWVqg/PalY4GmIWBcRCFDgVytli/hGlr6Rh0zN9n fPrhI24lbBjdfX3YIVYu4/JqO4u2hWnCfxPzIYTVEby8otJ01CRG9KPLIWzHSkVa GXFg/wwdrOpB4w2o4paI8YyQ6Feslts2krwZBuApdaIOb8O4z8KxlI7AeGpMVqn8 loxYrbOfuQ2U+J39Zcs5inzlAg+A3mXcC2m/nolIbMvJ9WqHjA3iU6DfxMyA6OLP KkJxKK+6vPTDPaDI9OpX =Hytj -----END PGP SIGNATURE-----
--- End Message ---
