Your message dated Mon, 16 Jun 2014 11:21:09 +0000
with message-id <[email protected]>
and subject line Bug#746758: fixed in ldns 1.6.17-4
has caused the Debian Bug report #746758,
regarding ldnsutils: CVE-2014-3209: ldns-keygen creates private key world
readable
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
746758: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746758
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ldnsutils
Severity: important
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
The ldns-keygen tool creates a keypair, one of which should be kept
private. The tool apparently use default access rights for all files,
leading to the private key being created world readable.
- Jonas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQF8BAEBCgBmBQJTZMh7XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ3NjQ4ODQwMTIyRTJDNTBFQzUxRDQwRTI0
RUMxQjcyMjM3NEY5QkQ2AAoJEE7BtyI3T5vW+QgIAJdT1+2r/0fOHcL1DXn/JkF+
EccUvBXSNjhnxmWJdmYGwosKzZt6aL4S1vxZPaBvhnINTAy0uDmjt3Ct75nft9GC
1hwYJl3IZRbmmHFadK5a1xKizD/NTz/ndB+fIbR+QjvYdmsUItWKL9226alzrheA
bCDI3RnFFeDFjjGVrxkCXEG59G5ZlWZrD95KhXVcxhM5B6qMZbgM/qU2Pis2eH18
3cz40jPTDAsw238Bvom86d9jX9n/NUJ2xS1GBAxdSt083VuwTivr0cVkE/lbvuA7
FLJiq/gfJXGOE42xXvtmTvsHAsZY8olF4vUSzmfkDODW78bpvzbRIgavxLRGUO8=
=PU+Q
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: ldns
Source-Version: 1.6.17-4
We believe that the bug you reported is fixed in the latest version of
ldns, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ondřej Surý <[email protected]> (supplier of updated ldns package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 16 Jun 2014 11:40:18 +0200
Source: ldns
Binary: libldns1 libldns1-dbg libldns-dev ldnsutils python-ldns
Architecture: source amd64
Version: 1.6.17-4
Distribution: unstable
Urgency: high
Maintainer: Ondřej Surý <[email protected]>
Changed-By: Ondřej Surý <[email protected]>
Description:
ldnsutils - ldns library for DNS programming
libldns-dev - ldns library for DNS programming
libldns1 - ldns library for DNS programming
libldns1-dbg - ldns library for DNS programming (debug symbols)
python-ldns - Python bindings for the ldns library for DNS programming
Closes: 746758
Changes:
ldns (1.6.17-4) unstable; urgency=high
.
* [CVE-2014-3209]: fix ldns-keygen writing private DNSKEYs with default
umask (Closes: #746758)
Checksums-Sha1:
ec5dc314e871ac74c5a4cd2730dc4e9fcea4a2b9 2144 ldns_1.6.17-4.dsc
788fca5eba45b660d4c002288f132759cc613574 13088 ldns_1.6.17-4.debian.tar.xz
f6ee5dee692e081fedf9fa65fceb7d6365830314 153596 libldns1_1.6.17-4_amd64.deb
e92eb468c61a158c91bdb6b57a90f8e86d8802f7 270814 libldns1-dbg_1.6.17-4_amd64.deb
c9b1bf699c5e9b8c609fc40838e533edafeb9dd5 308538 libldns-dev_1.6.17-4_amd64.deb
6023b8025a433d791f0899e50f14538fa002f181 140728 ldnsutils_1.6.17-4_amd64.deb
1043d941909573bc9eea0adfad5449d1118f467f 179812 python-ldns_1.6.17-4_amd64.deb
Checksums-Sha256:
32caf94f6a93d26d71acf2f94a5fb77787136f6087d6297a07738e2213e903f0 2144
ldns_1.6.17-4.dsc
4d03f17721b5fc424e89c0948c4d8947b9c9a3f93f9a52e2f2b808435275e2f8 13088
ldns_1.6.17-4.debian.tar.xz
669b51860ac04544ffdc7eb0d252945882981ccbb4b4bff42322d35ef1a9b892 153596
libldns1_1.6.17-4_amd64.deb
8b7db6b78d70905bd17392bd462ed5d3feb85df8045d1d9bcc3e259af6047b5f 270814
libldns1-dbg_1.6.17-4_amd64.deb
469c972e17caaffc69e76f633ee4910f0c1d8b324d0025a0a64918427acd6fa2 308538
libldns-dev_1.6.17-4_amd64.deb
425c614b0446edc147b2afc4da0c5e455569fc96ffb0378cc45ba111e3ac3329 140728
ldnsutils_1.6.17-4_amd64.deb
5e59b4b0b161b42af3b03aa1390a0a1518e4ae3e6212b82930b1a3cd81c439f2 179812
python-ldns_1.6.17-4_amd64.deb
Files:
fe37214fbd3bee26b36795f6994507a1 153596 libs extra libldns1_1.6.17-4_amd64.deb
d1a9ea81f13971b1b8d3a1180e8540ab 270814 debug extra
libldns1-dbg_1.6.17-4_amd64.deb
917f077fa6cb92f720fb5343a5e9f0a3 308538 libdevel extra
libldns-dev_1.6.17-4_amd64.deb
b78d269d2c7c22aaa7ce381e8bae00e8 140728 net extra ldnsutils_1.6.17-4_amd64.deb
0755dbcdeb752b67d6c58b067f93f390 179812 python extra
python-ldns_1.6.17-4_amd64.deb
de126754f9cb8bf77dc6b9cab62fdd32 2144 net extra ldns_1.6.17-4.dsc
53eb32ba3a8e11fe4b4475a039acbf0d 13088 net extra ldns_1.6.17-4.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJTns2xAAoJEAyZtw70/LsH+ssP/i0+Bo9PHsbNQRIO3CBO9IU/
+fwDme56orDhL3IwGt19R65FfjHw2RzUsiiuhpRIVlRDhTLV9w9M6TwI3vgn5t5j
R1ArDADfRCCjxPZGjylrJYtucIUiaUu6W7NAOte/jeYJrwmqrN5jKw0Os/Ziu9gj
a96SYr1IK+bX339RVy63eWSEwr9zmjTf9ZmVNSWFdMaB70p39koa5B4/GCHd8jbx
2JKeaun+OA9/bVt3GSM2nfB4UjZ3i5koOaV9YLWLaC1T5BqrF8LRTNGeNannK5Zj
n7DneKXmQaIqtv3B4+eNu1VJp+L1OV9zX3zmVWgpqd5A/yzdYuk0KkNm86X1UD7O
5LBcCIJnnD/1rHNgm2WDSnDhjRtC2SgsxI9V976IbgptmP1zWQYGGuAJIwuzVcH/
MOkObWaHTCYF1I7kiJCzP4X7jh9dJ8yQlrzowkm5q2PSIsOCyJSBPFVO51nYMMKs
0eqsCBO/MGef0wGu9tFY0NQFES5rNjRp3X3sZmgmda53qWtqlNFDN/vyeVl9XwL8
CgnNIIBHE9IcskeLUjSw9j5dngHEWkQCyjakwp4k9c8iScf09yqCZklnJsRrIZJ8
ys+1LsifH2avIoVoxZADbZZxm1JlZwjjXzgNxoiopUGstxljwm18VaRIWVC9SySP
SsSz3mgv2fNwNtRUc4Il
=Mq+3
-----END PGP SIGNATURE-----
--- End Message ---
