Your message dated Mon, 30 Jun 2014 19:33:35 +0000
with message-id <[email protected]>
and subject line Bug#752497: fixed in gnupg 1.4.10-4+squeeze5
has caused the Debian Bug report #752497,
regarding gnupg: CVE-2014-4617: DoS due to garbled compressed data packets
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
752497: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752497
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gnupg
Version: 1.4.10-4
Severity: important
Tags: security upstream fixed-upstream
Hi
For reference it the BTS, gnupg 1.4.17 was released containing a fix
for a denial of service due to garbled compressed data packets[1].
[1] http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html
[2]
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gnupg
Source-Version: 1.4.10-4+squeeze5
We believe that the bug you reported is fixed in the latest version of
gnupg, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thijs Kinkhorst <[email protected]> (supplier of updated gnupg package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 30 Jun 2014 15:41:56 +0200
Source: gnupg
Binary: gnupg gnupg-curl gpgv gnupg-udeb gpgv-udeb
Architecture: source amd64
Version: 1.4.10-4+squeeze5
Distribution: squeeze-lts
Urgency: high
Maintainer: Debian GnuPG-Maintainers <[email protected]>
Changed-By: Thijs Kinkhorst <[email protected]>
Description:
gnupg - GNU privacy guard - a free PGP replacement
gnupg-curl - GNU privacy guard - a free PGP replacement (cURL)
gnupg-udeb - GNU privacy guard - a free PGP replacement (udeb)
gpgv - GNU privacy guard - signature verification tool
gpgv-udeb - minimal signature verification tool (udeb)
Closes: 752497
Changes:
gnupg (1.4.10-4+squeeze5) squeeze-lts; urgency=high
.
* CVE-2014-4617: Avoid DoS due to garbled compressed data packets.
Apply upstream commit to stop a possible DoS using garbled compressed
data packets which can be used to put gpg into an infinite loop.
(Closes: #752497)
Checksums-Sha1:
9601a33b655a5da51ac2038a7cf20c117f5d6f5b 2068 gnupg_1.4.10-4+squeeze5.dsc
8c443439c132595d82e6b23f0b2e6a051f34912b 40589 gnupg_1.4.10-4+squeeze5.diff.gz
a0029f20d957e951e4ea0f2a85168f661c207d8d 2148580
gnupg_1.4.10-4+squeeze5_amd64.deb
c00bcc0e5eb0e6e5852fa2e2b327b3a426ca4b0d 75106
gnupg-curl_1.4.10-4+squeeze5_amd64.deb
523f1e11d441ec38ce70415b755484f8c24da997 222448
gpgv_1.4.10-4+squeeze5_amd64.deb
23f1960d8c90f73550fa1697e0acadc9745ff838 413540
gnupg-udeb_1.4.10-4+squeeze5_amd64.udeb
31267fe56f25a9f2ab08c1cb7193d4e8d4fd4e2d 149800
gpgv-udeb_1.4.10-4+squeeze5_amd64.udeb
Checksums-Sha256:
b545ffca30b7e19772a9ce07eef9a6a618051efa3dc9860ca4e4573e238af204 2068
gnupg_1.4.10-4+squeeze5.dsc
0c66b8b45d86a139a7c7a6c6a12542d553022263f95ba33d0f1e07dd50342c13 40589
gnupg_1.4.10-4+squeeze5.diff.gz
42c18a4f4b66582fc3ee4c5a5db251567b8c928e01bfb3045cd1a86a49ae1874 2148580
gnupg_1.4.10-4+squeeze5_amd64.deb
f419265f651717fd5eab1e1e307f537a593da1d0864e2333e959ae66fb08d8c0 75106
gnupg-curl_1.4.10-4+squeeze5_amd64.deb
5cabcd49692b5dd3d28d3a6b2d5c8c029107488a6207143138d9372a7886ce66 222448
gpgv_1.4.10-4+squeeze5_amd64.deb
8f23c47a509ea0ad55327b0a9fd25d9aa1cd52c3d3a22134547616bfb7d8d904 413540
gnupg-udeb_1.4.10-4+squeeze5_amd64.udeb
29204182226383af437ff769b9e8ce9ad41cba2f67afc0f80ab43d5114c6b3b6 149800
gpgv-udeb_1.4.10-4+squeeze5_amd64.udeb
Files:
b1f0d511958851d449d4d774d78a7c9e 2068 utils important
gnupg_1.4.10-4+squeeze5.dsc
2a460bb5832f45358c76471d89720ad2 40589 utils important
gnupg_1.4.10-4+squeeze5.diff.gz
cb9e2004a52270f0af314515b46eae56 2148580 utils important
gnupg_1.4.10-4+squeeze5_amd64.deb
02edfbb7fd3e7b675311f74d8f3e8e88 75106 utils optional
gnupg-curl_1.4.10-4+squeeze5_amd64.deb
4a42643fcc70640d8550b31b4afc649e 222448 utils important
gpgv_1.4.10-4+squeeze5_amd64.deb
80fd89d1809f037150d6c7eaa6c870de 413540 debian-installer extra
gnupg-udeb_1.4.10-4+squeeze5_amd64.udeb
4fe9755d6e601323c98477e20dec3132 149800 debian-installer extra
gpgv-udeb_1.4.10-4+squeeze5_amd64.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJTsbfKAAoJEAVMuPMTQ89EcNwP/RUUjETBQ5ZGIdgiOlsYbz7a
z/B5nd6IlJNW96gDkzWk5SvUk4xwPvcmabSY3WTUtgrcJUT2WHK+Wiizd2UTPhtb
p03qAukWRt0fHnJErALEuuN+bMHmxnhHM0ZRVEUaVAdNCkzPZnMho+BWd2B2tD36
+ABbKACdzIbEGoAo8Pg6DsvLKPDNPrVXjq00oUERVDM7eCCDxjVwcy+dYE+52gJX
FBEe8On3aBHLKWuJ7NVNPtnYbLkjCkSCjYXQWwY1Ljp4HHTZP1hoPozYG+c7lO85
m50ClB9fXhCHs5FDXiW+eaUI6zyn02w4LaZYByAdL5hcd47QMytES/qhNzWBc+UC
ZoFXE8QlLXguI5FxcPtBkgnLGVOjz0dqVGyhM0ZjYpwgIP7nCKQkiHxK13/CeHSy
hCVgkJMX4eUGJpytp+FU9hzfoBm7WbIjr2QnSVIW9a6K7+wmdF18BL9G/1hMkXzB
+mXqsfiF3Vd3scSwk2/d8VJUvssAntWubbtmmlnVKw0BHYqKO1PTettWfDyPQvj3
TBzdEZXyv5xk1iih98NaA8IKgGaPUgASf2h1L6++KpfOMcStNIfaHezYIlTGIrJC
XB7scST++sRZjpKHDtZtANpJNQ0RPRpVa6ZgW1dTZKo6UPfsIZO6RFhoctjEfi+o
+JBwaGQHVSz6+RiIdxKP
=XUtj
-----END PGP SIGNATURE-----
--- End Message ---
