Bug#749903: marked as done (libduo3: duo_unix must be upgraded to 1.9.6+ by June 30, 2014)

Thu, 12 Jun 2014 00:37:27 -0700 

Your message dated Thu, 12 Jun 2014 07:32:04 +0000
with message-id <[email protected]>
and subject line Bug#749903: fixed in duo-unix 1.8.1-1~deb7u1
has caused the Debian Bug report #749903,
regarding libduo3: duo_unix must be upgraded to 1.9.6+ by June 30, 2014
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
749903: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749903
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: libduo3
Version: 1.8-1
Severity: normal

Dear Maintainer,

yesterday I got an email from Duo Security Support saying:

"To ensure your Duo-protected services remain operational, you must
upgrade the Duo integration software associated with each affected
service by June 30, 2014."

"Every integration communicates with Duo’s service over SSL. Several
integrations add an additional layer of protection to SSL by
implementing Certificate Authority (CA) pinning. Due to changes in
agreements between certificate authorities and evolving best practices
in the industry, Duo is updating our list of trusted certificates.

Our old list will no longer be supported by certificate authorities in
July 2014. The new list also contains stronger certificates for
increased resilience against attack."

https://www.duosecurity.com/docs/integration_certification_upgrade

Maybe you could just backport libduo3 1.9.6-1 from jessie to wheezy?
Many thanks in advance! :)


-- System Information:
Debian Release: 7.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 3.12-0.bpo.1-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libduo3 depends on:
ii  libc6              2.13-38+deb7u1
ii  libpam0g           1.1.3-7.1
ii  libssl1.0.0        1.0.1e-2+deb7u9
ii  multiarch-support  2.13-38+deb7u1

libduo3 recommends no packages.

libduo3 suggests no packages.

-- no debconf information


--
Mit freundlichen Grüßen,

Jörg Ludwig

IServ GmbH
Bültenweg 73
38106 Braunschweig

Telefon:     0531-2243666-0
Fax:         0531-2243666-9
Mobil:       0179-9101055
E-Mail:      [email protected]
Internet:    www.iserv.eu
USt.-IdNr.:  DE265149425

--- End Message ---
--- Begin Message --- 
Source: duo-unix
Source-Version: 1.8.1-1~deb7u1

We believe that the bug you reported is fixed in the latest version of
duo-unix, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kees Cook <[email protected]> (supplier of updated duo-unix package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 11 Jun 2014 16:15:34 -0700
Source: duo-unix
Binary: libpam-duo login-duo libduo3 libduo-dev
Architecture: source amd64
Version: 1.8.1-1~deb7u1
Distribution: stable-proposed-updates
Urgency: medium
Maintainer: Kees Cook <[email protected]>
Changed-By: Kees Cook <[email protected]>
Description: 
 libduo-dev - Duo Security development libraries and header files
 libduo3    - Duo Security library
 libpam-duo - PAM module for Duo Security two-factor authentication
 login-duo  - login wrapper for Duo Security two-factor authentication
Closes: 749903
Changes: 
 duo-unix (1.8.1-1~deb7u1) stable-proposed-updates; urgency=medium
 .
   * New upstream micro release.
     - Fixes user-agent and certificate chain (Closes: 749903).
Checksums-Sha1: 
 9fee51485ef3e3eab4d4b827fce3ff66098baff8 1929 duo-unix_1.8.1-1~deb7u1.dsc
 3f5e930761f15a71923666d14cd9086314cbb445 446534 duo-unix_1.8.1.orig.tar.gz
 49ba70addcfc3ed4a95628a6b08abb6ddf35914e 9388 
duo-unix_1.8.1-1~deb7u1.debian.tar.gz
 7892e874988e252c560b4085a7b0039cf41397ed 16278 
libpam-duo_1.8.1-1~deb7u1_amd64.deb
 134cba2003950ff098576fdd06067af588b791e7 18102 
login-duo_1.8.1-1~deb7u1_amd64.deb
 277991931d00706e7edda2e520a61b1cb4960486 43276 libduo3_1.8.1-1~deb7u1_amd64.deb
 41cd03209771a35688f146c61b4950a67880b24e 7312 
libduo-dev_1.8.1-1~deb7u1_amd64.deb
Checksums-Sha256: 
 e7a73801d424f50aa339927ee705bb78459d105a6c0e0a46a06922bb3b4f2234 1929 
duo-unix_1.8.1-1~deb7u1.dsc
 b2f02dadbc8ab8abea4e7c7a6b848c326180163736ee1df0c8ad6d7e99d22a9b 446534 
duo-unix_1.8.1.orig.tar.gz
 a1d54c746a5a91490b4c48f9a0763d07d2d2a48b43d6afdf0a438c2e552dc761 9388 
duo-unix_1.8.1-1~deb7u1.debian.tar.gz
 b87110d4a57a3e1bdb68386e77e395a4b14fad1ea8df2accbf7987476271ad84 16278 
libpam-duo_1.8.1-1~deb7u1_amd64.deb
 39428c9436130b9b2c9f4e84ecdf86211e11ffe66af0ce4a24384bb75036c0b7 18102 
login-duo_1.8.1-1~deb7u1_amd64.deb
 47a5f9a5cd53fd53a67d9e28448cacda6ee638c1300d46b724376d0c829267bb 43276 
libduo3_1.8.1-1~deb7u1_amd64.deb
 5353315aa83577439a29473119364204f59ae90a0c66f2c838d3c5d7c59ce4da 7312 
libduo-dev_1.8.1-1~deb7u1_amd64.deb
Files: 
 b34f09b2398790baf923c4b26bc9b8ba 1929 libs extra duo-unix_1.8.1-1~deb7u1.dsc
 27758050456157496c8f0d331834cf8e 446534 libs extra duo-unix_1.8.1.orig.tar.gz
 8438ec2b0631ec63092ad91f294294f5 9388 libs extra 
duo-unix_1.8.1-1~deb7u1.debian.tar.gz
 100164f41d465d899878be2e508e62c7 16278 libs extra 
libpam-duo_1.8.1-1~deb7u1_amd64.deb
 f7ea8683d4615deb7a7ad51d7e9c37cc 18102 admin extra 
login-duo_1.8.1-1~deb7u1_amd64.deb
 01d542768f04768df46b288ad46e07b2 43276 libs extra 
libduo3_1.8.1-1~deb7u1_amd64.deb
 653973ae29ac82be269145743527ca97 7312 libdevel extra 
libduo-dev_1.8.1-1~deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Kees Cook <[email protected]>

iQIcBAEBCgAGBQJTmOqaAAoJEIly9N/cbcAmGfgP+gOYRihJCSPH6NdjIB10sVud
gSMnzQQHXWvhG9ysfU5s1KkgLAPY5owCOm54VN4AYC6bQtMaTMrBAJ21yZYCu0Uw
z5+Gy2euuIusONAkwAyyDF8PolyHHxad+PFEm6wt0JbTuiLTlWmYHjya0r00Lpml
IXSjfVaomor9EnWpD9u4lV/7IwL5EW4aSEoab0QZr2wxrMrNKI0DzfVcHk5hKqjH
lqePYmd2PmVs0zS640EV9u5YV7IVoZnaw/VyzVfKD4uz74CtFnnRTRySwrdJB/tU
2lh/MHYgCqz+Z3wJ4sc0I1vkmXwabQ6WEl5GuqTFNb0SHTVxRS8H9aq6esm82wNS
Tr/eYiLUzfFs6lSw07y66+cx/qfjqVGq2qlhjk+CARGd0m4QKZ6DFHSnPALk7WfP
yKC+m3cYdBsJrwFpyscPVyvJjk28LEqV4/o0/YjwSBBz7WMJzR6ZDuu8qliNueHX
Wr10Dtj5sHGKePRsYVgmxpKYBp66u6dv7TiF8uBf+l/xmPnVA4QGjHPRJMrRG2dc
IiJC7wy7wWsHHOcj28fmheZ7jS/B0yWHTvkhl5rrtZBFgjZgFcDKIxHdP7xNNENw
Q9/xn/5yCHuu9/yqUXG7zaIh0sWqtekFAM1fw8xKUdxVi80cV9h35auInLwDbwXw
PRmIjEjXe/Qhio90cxb+
=cPkU
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to