Your message dated Mon, 09 Dec 2024 15:19:49 +0000
with message-id <[email protected]>
and subject line Bug#993592: fixed in libgda5 5.2.10-5
has caused the Debian Bug report #993592,
regarding libgda5: CVE-2021-39359
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
993592: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993592
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libgda5
Version: 5.2.9-2
Severity: important
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/libgda/-/issues/249
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for libgda5.
CVE-2021-39359[0]:
| In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS
| certificate verification on the SoupSessionSync objects it creates,
| leaving users vulnerable to network MITM attacks. NOTE: this is
| similar to CVE-2016-20011.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-39359
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39359
[1] https://gitlab.gnome.org/GNOME/libgda/-/issues/249
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libgda5
Source-Version: 5.2.10-5
Done: Jeremy Bícha <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libgda5, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jeremy Bícha <[email protected]> (supplier of updated libgda5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 09 Dec 2024 10:05:06 -0500
Source: libgda5
Built-For-Profiles: noudeb
Architecture: source
Version: 5.2.10-5
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers
<[email protected]>
Changed-By: Jeremy Bícha <[email protected]>
Closes: 993592 1075169
Changes:
libgda5 (5.2.10-5) unstable; urgency=medium
.
[ Rebecca N. Palmer ]
* Allow building with gcc-14. (Closes: #1075169)
* Enable SSL certificate validation. (Closes: #993592)
.
[ Jeremy Bícha ]
* Bump Standards Version to 4.7.0
Checksums-Sha1:
ad8ea6f68c9ed1a6e5a1fe22231b39f2b4baf4e4 2945 libgda5_5.2.10-5.dsc
719fd125ce6f4ae75bcb0c47b5fe34558ae9be59 27312 libgda5_5.2.10-5.debian.tar.xz
eb5f2a9795b7f0dba79626476379c8a3d3507e09 11670
libgda5_5.2.10-5_source.buildinfo
Checksums-Sha256:
f19147c214c91f92c44c8da06691c53dde18c552621e04440a060f0aeb2e2284 2945
libgda5_5.2.10-5.dsc
0779dc7d15f0faf6a76207ed5855cf14235325db83754a27a7b46a0fc9fffdde 27312
libgda5_5.2.10-5.debian.tar.xz
814dff7d3d8505529ba8ec21ae7117f3c4085e06400eb571a0c18c05062a9fd6 11670
libgda5_5.2.10-5_source.buildinfo
Files:
a582b47f67fbf8319f07a36e5add6de8 2945 libs optional libgda5_5.2.10-5.dsc
cdeca7e0f29e831546088a5c08d823a4 27312 libs optional
libgda5_5.2.10-5.debian.tar.xz
20f342f1d01e19515bc183dca32d7b9e 11670 libs optional
libgda5_5.2.10-5_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAmdXB1gACgkQ5mx3Wuv+
bH19iRAAu/Pc4TtYNM+MTQ7LaMXpW4fZHGbM8iHLmqXFKDXBPtnlCOPdLCP7yuv6
rDJIbnzf53NJZwJ6wL8iD9hLwyfMiQ0YwnDLY2wcScZK0nN5zdhgEoLkibNKSF3X
6Zizr/n3SZ98y1HSuaSmkM8sEIsXUH0+uhSBHlvGsxUmclM9XfalS8EIy4mliIgh
UlUz54/IfKEqPIQiL5Xo3VAIbnFvmbSHiokssNBoXbZLUOobXOVxY29SSDWzE373
Um0SWSuhEEeJsImAqHgUDb7vn6D1LmG0d9Oyj4j2NPrML8fTsIeqgeX/gnGC132I
sNUMX4C1Nf7Knel/xiAQWKC9HkM5kS4z+THHp/QUXr1+VVDC+ptTbBmgTHXpb9Td
W4QLVR8CLrAAf0W/qgewNIj109EKwVPEheBhlYeCUYW81uKSOZF5oM/yX4BaAQQ5
iW3bGnJBOc/6L4GGl4IBStztmIXoHXkCZJO4zIZ5tgH3q1VU22AnbOb8oBGi1xJ9
Jhoni5Z5gG1viJ2uqnmdC7yyNoeHB3o+4ctPFE7evTeKZ2j8I203NRtLgHbA2mvS
puklpreaaEBuc/1lmCaTETLFgm1rB+pAaxsMT+9FMMZGiZaKqFs2+6sV+eL740Aa
6I/EABfRbILPJw34pSqleJzKjXbI4AZ7nH9cR0qcU6saNSfIQEk=
=bVdM
-----END PGP SIGNATURE-----
pgpGDbQe0EzxT.pgp
Description: PGP signature
--- End Message ---