Your message dated Sun, 06 Nov 2016 19:32:09 +0000
with message-id <[email protected]>
and subject line Bug#832983: fixed in nettle 2.7.1-5+deb8u2
has caused the Debian Bug report #832983,
regarding nettle: CVE-2016-6489
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
832983: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832983
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: nettle
Version: 3.2-1
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for nettle.
CVE-2016-6489[0]:
RSA code is vulnerable to cache sharing related attacks
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-6489
[1] https://lists.lysator.liu.se/pipermail/nettle-bugs/2016/003093.html
[2]
https://git.lysator.liu.se/nettle/nettle/commit/3fe1d6549765ecfb24f0b80b2ed086fdc818bff3
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: nettle
Source-Version: 2.7.1-5+deb8u2
We believe that the bug you reported is fixed in the latest version of
nettle, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Magnus Holmgren <[email protected]> (supplier of updated nettle package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 05 Nov 2016 17:37:13 +0100
Source: nettle
Binary: libnettle4 libhogweed2 nettle-dev nettle-bin nettle-dbg
Architecture: source amd64
Version: 2.7.1-5+deb8u2
Distribution: stable
Urgency: medium
Maintainer: Magnus Holmgren <[email protected]>
Changed-By: Magnus Holmgren <[email protected]>
Description:
libhogweed2 - low level cryptographic library (public-key cryptos)
libnettle4 - low level cryptographic library (symmetric and one-way cryptos)
nettle-bin - low level cryptographic library (binary tools)
nettle-dbg - low level cryptographic library (debugging symbols)
nettle-dev - low level cryptographic library (development files)
Closes: 832983
Changes:
nettle (2.7.1-5+deb8u2) stable; urgency=medium
.
* [SECURITY] cve-2016-6489.patch: Protect against potential side-channel
attacks against exponentiation operations as described in
CVE-2016-6489 "RSA code is vulnerable to cache sharing related
attacks" (Closes: #832983).
Checksums-Sha1:
ecf7f401d74f97d18d1a4a8144d4ba1b351f3396 2078 nettle_2.7.1-5+deb8u2.dsc
0cfdef182d82f5950b63fcec5b1e2146f7334de9 20496
nettle_2.7.1-5+deb8u2.debian.tar.xz
1375a4c9bbc2ad7ddf2c408b8204a3c534725c8b 176416
libnettle4_2.7.1-5+deb8u2_amd64.deb
7792610be38c2b667be62108e6a4dd573c4ab6e4 125340
libhogweed2_2.7.1-5+deb8u2_amd64.deb
fdccbc89976c2791d5ae20f9f9ab8a9f20b27a90 839474
nettle-dev_2.7.1-5+deb8u2_amd64.deb
977194eba9ecc0c9072a5c49ce54a46d77b23d69 21436
nettle-bin_2.7.1-5+deb8u2_amd64.deb
3b33863b5ff926891fe658a52da62a6f805dbaf9 291584
nettle-dbg_2.7.1-5+deb8u2_amd64.deb
Checksums-Sha256:
9169cedb90e4eb552f4383172b56107c4365a7a43769c9e6d113072abc975223 2078
nettle_2.7.1-5+deb8u2.dsc
0edb103b1268e6b3e8909883c1e9c7416dd75a51c9116047ca60031377e01141 20496
nettle_2.7.1-5+deb8u2.debian.tar.xz
6917d0fd576ec89004eef355a5700eeb51fc35678e660797621af2a8f483fcf0 176416
libnettle4_2.7.1-5+deb8u2_amd64.deb
9b95be6e2db3bbb912fcb7fa4bb306e2f6abb029d26c7ea63e942380a3535763 125340
libhogweed2_2.7.1-5+deb8u2_amd64.deb
8b30381b6eac9705a9b0035f3ca91221cbc47eda7756f01f9f34e62a78302d4f 839474
nettle-dev_2.7.1-5+deb8u2_amd64.deb
1fce8a39fba8c7f51ef58baf3fd4c36cc840983b8fb1d7fe8543ad3f823e1b9a 21436
nettle-bin_2.7.1-5+deb8u2_amd64.deb
f3957c6267009509de6e8eb50d6b260d589d2a8f48ed13a11f9349c56e8548af 291584
nettle-dbg_2.7.1-5+deb8u2_amd64.deb
Files:
1f7198c40ee480c7c995cddab28627ad 2078 libs optional nettle_2.7.1-5+deb8u2.dsc
50551495ed5ddc5dcc6f7cad02f3e2c1 20496 libs optional
nettle_2.7.1-5+deb8u2.debian.tar.xz
691f6e0d51288658f085e5d4c875d042 176416 libs optional
libnettle4_2.7.1-5+deb8u2_amd64.deb
730af1fd53f62218c3fc37fb8341538f 125340 libs optional
libhogweed2_2.7.1-5+deb8u2_amd64.deb
32ca8048f3ca9b4d6fd07ca4c6530a0e 839474 libdevel optional
nettle-dev_2.7.1-5+deb8u2_amd64.deb
5607862ac270e85b88360b127d6deddc 21436 misc optional
nettle-bin_2.7.1-5+deb8u2_amd64.deb
a8f17917a8301fd0cd30cde73527dbe1 291584 debug extra
nettle-dbg_2.7.1-5+deb8u2_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJYHhDoAAoJENTyGb/smYSJM4YP/3YZYTOZgHM+Sb5a6uFbFnnr
Bm5Wb0nA8VTJGqSXqwI6JLqqQB1/hA2PsQSGGy2Ed3vqXxnL03pZ9lcGidc5DWD2
FAVDpkHYJXlT13ySkfFOtHU/N/ea0ZLx2U7ztRyF0eNf6yGVfllHMLmoYo+NAd7U
E9RoN2Cnx8NNbuabKODEnP1IsRtAsJKqb6zse3qs7sAuAQYo/z3jSMbLc0S2asHP
rFVjoyKoHtKg4KrUOzYnrMkSp2wg5mKQFr3+0bcDI1w+viJX4zhCyyG1KQfAiuB5
BtHPKH4V0iycaiKIyh8EoeyMZZmARg+rnmcEkIXdV15ueyxejmzcrDBrQXJBkYlM
PNJdpW2lpR8jNZ5rJmBfLDMnpYS5/rN6BMydwyD9Eh9y13IQZXOILZuk2H6D3U0X
2s0oV7uZYjTvt2h+nqwIK0W02f8TMJl0Ta/Z3YEWkMtzJC+fKXHrF6ch5ACVIoPC
Hnhy8FHG80dZNFgyzYvpg7D8zRG33hZmwtuw18KgiTe1Ex1M/LIUmlIinmx+pHoh
ULrSB4tiUXt/2/i5P9be+HS0FwCybMCOjAq9moT3BemkgtHoguzlJezOqVmpjAza
uSstMY9P5Q+jmmyG+xo8yuC82Z7Ns7NNi+dcRNZgyQAjgiciLXJGcIeU5oB7nRqV
rPUPRckUL1Blk3TakcTR
=K2UX
-----END PGP SIGNATURE-----
--- End Message ---
