Your message dated Tue, 09 Jul 2013 15:33:23 +0000
with message-id <[email protected]>
and subject line Bug#714650: fixed in libzrtpcpp 2.3.4-1
has caused the Debian Bug report #714650,
regarding libzrtpcpp: CVE-2013-2221 CVE-2013-2222 CVE-2013-2223
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
714650: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714650
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libzrtpcpp
Severity: grave
Tags: security
Hi,
please see here
http://blog.azimuthsecurity.com/2013/06/attacking-crypto-phones-weaknesses-in.html
This was fixed here:
https://github.com/wernerd/ZRTPCPP/commit/c8617100f359b217a974938c5539a1dd8a120b0e
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: libzrtpcpp
Source-Version: 2.3.4-1
We believe that the bug you reported is fixed in the latest version of
libzrtpcpp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mark Purcell <[email protected]> (supplier of updated libzrtpcpp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 10 Jul 2013 00:55:55 +1000
Source: libzrtpcpp
Binary: libzrtpcpp-dev libzrtpcpp2
Architecture: source amd64
Version: 2.3.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian VoIP Team <[email protected]>
Changed-By: Mark Purcell <[email protected]>
Description:
libzrtpcpp-dev - Headers and static link library for libzrtpcpp
libzrtpcpp2 - ccrtp extension for zrtp/Zfone support
Closes: 714650
Changes:
libzrtpcpp (2.3.4-1) unstable; urgency=medium
.
* New upstream release
- Fixes "CVE-2013-2221 CVE-2013-2222 CVE-2013-2223" (Closes: #714650)
Checksums-Sha1:
ea9b9a22f9b16061d5b245ba4ba0efd2c6ef099c 1569 libzrtpcpp_2.3.4-1.dsc
5c2f268519e83e288229acd2aa6d61137c32a8a9 257234 libzrtpcpp_2.3.4.orig.tar.gz
f73249bc211f34d47f9b435db79dfafd4138ffce 6077 libzrtpcpp_2.3.4-1.debian.tar.gz
3c4feab28e13a7a3e1191b14cb19ba876b0f4204 39808 libzrtpcpp-dev_2.3.4-1_amd64.deb
7fef599764ae531805d1dde85fa15314d78ea201 95124 libzrtpcpp2_2.3.4-1_amd64.deb
Checksums-Sha256:
ff1ebd92b4fc4e4ecf0455de6adcdad50aaac9fc762ded394c6435bd9403889e 1569
libzrtpcpp_2.3.4-1.dsc
03e5d4de487fd154177cf2b7a45600b1c8df783136e4f01a9ebc6104b3771008 257234
libzrtpcpp_2.3.4.orig.tar.gz
53555343b55c2d7a84580646041ed915b056584834d18f0b2ddaefb90b4809ad 6077
libzrtpcpp_2.3.4-1.debian.tar.gz
fdf50f6a1b287ed344bee34ff21da37bdb52acc948d7b0b76a62b8f5c38d504a 39808
libzrtpcpp-dev_2.3.4-1_amd64.deb
69e78d6953eae7af8c826bf12009ca21aca1ff8b38359b3d299828ff779791f6 95124
libzrtpcpp2_2.3.4-1_amd64.deb
Files:
96461a112bf022cbe732a441c2cf185d 1569 libs optional libzrtpcpp_2.3.4-1.dsc
3aac59472c5649736e24de30080e2efd 257234 libs optional
libzrtpcpp_2.3.4.orig.tar.gz
e83415d0129fdb2fd2bdc8246682849c 6077 libs optional
libzrtpcpp_2.3.4-1.debian.tar.gz
bcd86560561b6f7c53dd43548326e9cc 39808 libdevel optional
libzrtpcpp-dev_2.3.4-1_amd64.deb
fc3c8b45f65276f39d7d63fb9bccd799 95124 libs optional
libzrtpcpp2_2.3.4-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlHcJWYACgkQoCzanz0IthK+mACcDjOT79cQsMVsU6MyxW6NAOZX
jDIAn2SD8w5iiHI1hZbq7Pqz6TuGat6/
=qW95
-----END PGP SIGNATURE-----
--- End Message ---
