Your message dated Sun, 29 Jun 2014 19:17:06 +0000
with message-id <[email protected]>
and subject line Bug#752497: fixed in gnupg 1.4.12-7+deb7u4
has caused the Debian Bug report #752497,
regarding gnupg: CVE-2014-4617: DoS due to garbled compressed data packets
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
752497: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752497
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gnupg
Version: 1.4.10-4
Severity: important
Tags: security upstream fixed-upstream
Hi
For reference it the BTS, gnupg 1.4.17 was released containing a fix
for a denial of service due to garbled compressed data packets[1].
[1] http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html
[2]
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gnupg
Source-Version: 1.4.12-7+deb7u4
We believe that the bug you reported is fixed in the latest version of
gnupg, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated gnupg package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 24 Jun 2014 11:21:36 +0200
Source: gnupg
Binary: gnupg gnupg-curl gpgv gnupg-udeb gpgv-udeb gpgv-win32
Architecture: source all amd64
Version: 1.4.12-7+deb7u4
Distribution: wheezy-security
Urgency: high
Maintainer: Debian GnuPG-Maintainers <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Description:
gnupg - GNU privacy guard - a free PGP replacement
gnupg-curl - GNU privacy guard - a free PGP replacement (cURL)
gnupg-udeb - GNU privacy guard - a free PGP replacement (udeb)
gpgv - GNU privacy guard - signature verification tool
gpgv-udeb - minimal signature verification tool (udeb)
gpgv-win32 - GNU privacy guard - signature verification tool (win32 build)
Closes: 752497
Changes:
gnupg (1.4.12-7+deb7u4) wheezy-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2014-4617: Avoid DoS due to garbled compressed data packets.
Apply upstream commit to stop a possible DoS using garbled compressed
data packets which can be used to put gpg into an infinite loop.
(Closes: #752497)
Checksums-Sha1:
61f290cbbafd310f455d9acac9e743b902711322 2324 gnupg_1.4.12-7+deb7u4.dsc
bf4ac31553ac27d3709ed89acf55385c6f8004ac 104243
gnupg_1.4.12-7+deb7u4.debian.tar.gz
0f056402e05f249064a371c2b5e29ca918f7e391 614400
gpgv-win32_1.4.12-7+deb7u4_all.deb
32ca4b4faee03b5f166372b4115753b434c33d7e 1953538
gnupg_1.4.12-7+deb7u4_amd64.deb
b5e7e7e1ed23a714feed0dda12dc92c547077ee5 64104
gnupg-curl_1.4.12-7+deb7u4_amd64.deb
c031378a5ed0aa4ffa34f8f6245d6063749cc5d9 226674 gpgv_1.4.12-7+deb7u4_amd64.deb
78e8ea13ff478adda308b9322b47b74454ae106b 352888
gnupg-udeb_1.4.12-7+deb7u4_amd64.udeb
2c85fc453625c7091a06a31a2afbe6639eff7a92 129738
gpgv-udeb_1.4.12-7+deb7u4_amd64.udeb
Checksums-Sha256:
31f9cfe4e94d25311d1530c4ed9dab6e7a1dc28cc3ad10bc30719101958009eb 2324
gnupg_1.4.12-7+deb7u4.dsc
11745cb3e5c89735957b55d46b8cd36470d0dfbca300fa28134216584ef4fa84 104243
gnupg_1.4.12-7+deb7u4.debian.tar.gz
2d6955dcec3ef31b02ba8d56171528c6f8f2dc9a0e274ba1b057ec372f4936d3 614400
gpgv-win32_1.4.12-7+deb7u4_all.deb
c5d30fb81ed2b20b8de140a6193214895dd751e223d0513f08c789276ba859ad 1953538
gnupg_1.4.12-7+deb7u4_amd64.deb
8f021ee545a71efc7cc7c89f98ffe1ad7520f6d19a3250c6158bc27c9cbbbbc1 64104
gnupg-curl_1.4.12-7+deb7u4_amd64.deb
6bae5b6125d3a1d8d453d316c6c3f7236ae154b477475c15db912c2ffe194398 226674
gpgv_1.4.12-7+deb7u4_amd64.deb
88386a304eaa9666f361f942bba33f0b7854cf07f711f6e7f0b008136489fcef 352888
gnupg-udeb_1.4.12-7+deb7u4_amd64.udeb
13c4f31f5036e83c906dab5f116366452f8d6ceff47c1d2c64b3999c0411439e 129738
gpgv-udeb_1.4.12-7+deb7u4_amd64.udeb
Files:
580b486123beef6ea35e0927dd535301 2324 utils important gnupg_1.4.12-7+deb7u4.dsc
25786cbe082755577e84b8fe89676abd 104243 utils important
gnupg_1.4.12-7+deb7u4.debian.tar.gz
0f85528f49d858ba8f10a88284d22df4 614400 utils extra
gpgv-win32_1.4.12-7+deb7u4_all.deb
156e30ec6d669421f6ef299cc6b639ea 1953538 utils important
gnupg_1.4.12-7+deb7u4_amd64.deb
4bdd3c55c2d7e0321020acd806425197 64104 utils optional
gnupg-curl_1.4.12-7+deb7u4_amd64.deb
7cfeaee9c167eef422b4db95994be384 226674 utils important
gpgv_1.4.12-7+deb7u4_amd64.deb
c4773c274790971679bf9473ad76b14b 352888 debian-installer extra
gnupg-udeb_1.4.12-7+deb7u4_amd64.udeb
e05b2bfcd7fedb7442de65f59237db73 129738 debian-installer extra
gpgv-udeb_1.4.12-7+deb7u4_amd64.udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJTqY55AAoJEAVMuPMTQ89EjQ4P/RjeQf3X1ccyCamxyqe+75Dn
R9h+FIUt52Hh3yTIuNByD3P8Z1hdirYJVWHGNCWQ2WU6hUodzKWHTewcPf6io5+a
zVBDkKZnRSGxofYmQk4H3O66utV1JPm/1KbCUkq2gzOA/RjoRsr9kzB59a3BgFmG
v9rr6SQOeWjAQ0Mxq4iTmBwF3d0SBggOCwicfcECCcnj7OWWdG+v1o0y5Yjza8K1
fKEzlt8I0hM0upT/gnaU8DyKtp3lgF7AF0bC5OEwE7Tx7YlGU17LdgI/VM1P3cny
cqBty028Vkg3DUMjAviHc96Ppqk2pxagYsaRWv7jFT2XEfDGUTFpH4kH/kuNnucj
y3ao/QgO0cU5LG85XYxyocuFTwT6dbz1TGJVngfZVTFL0eLZt6lb0uoG6I3A02Ts
VPumkv5HyEph+rr9POnxGXbq5gLOSVKylcSkr90xexIufiGA3asvWdfhgdN8+wyl
TDD1GhQ8lEsX6wl7R1KmyMg/5MzhyvxZuDJKsLU41xYUN/uzbYNDiX+Jgn9DFf42
KykXofqGF9tUB9/0YFN7nZZWrpIJz08Pv6GLEhTxxQyZOyfEw6vPcLihg32mKclT
bq61KHVYqvvSpTtBO6W2grXertzO+cU1/TCALkY+mugl4VxtcO9RilB4G13jgs6o
XypXmViClbCkb6c1v8Za
=JYTB
-----END PGP SIGNATURE-----
--- End Message ---
