Your message dated Wed, 25 Jun 2014 05:03:39 +0000
with message-id <[email protected]>
and subject line Bug#752498: fixed in gnupg2 2.0.24-1
has caused the Debian Bug report #752498,
regarding gnupg2: CVE-2014-4617: DoS due to garbled compressed data packets
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
752498: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752498
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gnupg2
Version: 2.0.14-2
Severity: important
Tags: security upstream patch fixed-upstream
Hi
For reference it the BTS, gnupg 1.4.17 was released containing a fix for a
denial of service due to garbled compressed data packets[1], which also affects
the 2.x branch[2].
[1] http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html
[2]
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=014b2103fcb12f261135e3954f26e9e07b39e342
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gnupg2
Source-Version: 2.0.24-1
We believe that the bug you reported is fixed in the latest version of
gnupg2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Eric Dorland <[email protected]> (supplier of updated gnupg2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 25 Jun 2014 00:11:19 -0400
Source: gnupg2
Binary: gnupg-agent scdaemon gpgsm gnupg2 gpgv2
Architecture: source amd64
Version: 2.0.24-1
Distribution: unstable
Urgency: high
Maintainer: Eric Dorland <[email protected]>
Changed-By: Eric Dorland <[email protected]>
Description:
gnupg-agent - GNU privacy guard - password agent
gnupg2 - GNU privacy guard - a free PGP replacement (new v2.x)
gpgsm - GNU privacy guard - S/MIME version
gpgv2 - GNU privacy guard - signature verification tool (new v2.x)
scdaemon - GNU privacy guard - smart card support
Closes: 752498
Changes:
gnupg2 (2.0.24-1) unstable; urgency=high
.
* New upstream release. Fixes CVE-2014-4617 "infinite loop when
decompressing data packets". (Closes: #752498)
* debian/patches/02-gpgv2-dont-link-libassuan.diff: Drop, now
upstreamed.
Checksums-Sha1:
31bc5ec1a55dd9c9089589f88cc69397423ed04e 2331 gnupg2_2.0.24-1.dsc
010e027d5f622778cadc4c124013fe515ed705cf 4301922 gnupg2_2.0.24.orig.tar.bz2
eb4b88a57bb0d8051f971cc786284ef3125b9847 26418 gnupg2_2.0.24-1.debian.tar.bz2
cebb1377aa63b236a4e7f9bd78f988b8ce369688 269468 gnupg-agent_2.0.24-1_amd64.deb
728a7b1ab2e5c77ad0fb11b5ab3cfed27a72efde 201492 scdaemon_2.0.24-1_amd64.deb
14337c439cbab857cfcdf4855ed4a23343355c35 232434 gpgsm_2.0.24-1_amd64.deb
db2e5ec02cdf8d072fd1976a39ec4d0a5ea70d5e 1365240 gnupg2_2.0.24-1_amd64.deb
d04fc3bdee865ee01f594b71f830a19833e93786 186176 gpgv2_2.0.24-1_amd64.deb
Checksums-Sha256:
22cea942c4caa99e79124c39b9193f99f60d07ffbb78f56fc2cb8ebf92725574 2331
gnupg2_2.0.24-1.dsc
d974a1d86c9470571411346368416d96200ef9510028763c1303cd66e3820232 4301922
gnupg2_2.0.24.orig.tar.bz2
57517c038f02cc67619fe1fac7bcfd3dfc5a0ac608bfe3199d15e97bef64c67d 26418
gnupg2_2.0.24-1.debian.tar.bz2
5cdc3b4c6cc2ab15eca677ba09df82b942f2c0ed607e91db1fa65845efed36ff 269468
gnupg-agent_2.0.24-1_amd64.deb
77a5a927f205d363993f4ae18b8790b695ded298e509c10072ee70b1a1200444 201492
scdaemon_2.0.24-1_amd64.deb
829b60bc5e816da603d847c3f7c7465a64857d9226a1b2fd923c1eaff42fbb6e 232434
gpgsm_2.0.24-1_amd64.deb
98f6ac6ae3c86b8a2b32eeb1812b130f6026a3345d4eb5f630f70b219a8dfa7f 1365240
gnupg2_2.0.24-1_amd64.deb
032f9b9d61ad8ba853bc9775a621af6329f5f42bbd396dc086869a17bdbfed94 186176
gpgv2_2.0.24-1_amd64.deb
Files:
d35de5c30406cdc00872d74d0ca54ad7 269468 utils optional
gnupg-agent_2.0.24-1_amd64.deb
5df358f98a3bb06372ed1ceb798da40a 201492 utils optional
scdaemon_2.0.24-1_amd64.deb
b0f3d0e28027b09b78793747bda336b2 232434 utils optional gpgsm_2.0.24-1_amd64.deb
7f2a62b9c427e6148d9c8359d893fc0b 1365240 utils optional
gnupg2_2.0.24-1_amd64.deb
7b0dffebb703773506544fb8423b6abc 186176 utils optional gpgv2_2.0.24-1_amd64.deb
fa180e96a8086d9d9b1eab0c3564b740 2331 utils optional gnupg2_2.0.24-1.dsc
94cd984321b44ab622aa50f93ee66671 4301922 utils optional
gnupg2_2.0.24.orig.tar.bz2
2d4c5705fc06bf6b0629a082ea24755a 26418 utils optional
gnupg2_2.0.24-1.debian.tar.bz2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJTqlYGAAoJEBiP/EqTqnFyGKYP/iayl4phwYmLxTR/Yky/WT4l
A7EyzmEeGX7boD4ZPkWgz1xgiyatZVl1hIlbaKJhVKRnUKc176+2FlYssnw2GQwA
vFMjn0G7YsOgBh6UK7AD0qnN4gPulPNlnAKQKs7pyW7/B1xvl1zvBWXLf+Znmegp
z50y6xFCqI4oClK4rO+TdgGibmUilfebT8+/AMco5EpyIDU3ZwUwMcp+3ItUiY+8
oFCwzPYTRtG2sczpYkJfUqGwe1feaKwUx9oXfbHLgjppPslLaycL/qpQQYlH8w1t
jrFb04hVRBbVE3AKZmj4umPF9V3+KZ7oSchUmHXzL+ZeJ4bTJiJpT5NbYTdy+gCZ
TNlQFcxOEUZ6HLy45AghDBoY7nn5LCjCNw11f7SYhH490WoCyCtZhvRelMgYn5QQ
2yrU5mpzcyzWZaQfulpyaH+fQKukS02gvOpMhEbTEc+FH3/P4W1xNiplagme7ouk
BrChYMtH9rWKPdQS4ZBXilBdB3R1jrsai5eEag4na0Q5CRQKzE0w3mmlb2/l7WuY
NtuGUVNHnMJ8m/pKHWpKJdomiJvmoS6RJM+yInxDhvLIXVOLNKnPB5RRkRg/yQsx
0gCQFY3Doe0fNob8l320OaG7I0Xa4eomVqLgtPsZXE/aPc9cJguJ+J9yFpsfc7Qs
jsImCSzlcfJNWFBgLLEm
=xnCE
-----END PGP SIGNATURE-----
--- End Message ---
