Bug#787137: marked as done ("Logjam" security notes.)

2019-07-08 Thread Debian Bug Tracking System 
Your message dated Mon, 08 Jul 2019 11:52:58 +0200
with message-id <87y318ettx@arioch.leonhardt.eu>
and subject line Re: "Logjam" security notes.
has caused the Debian Bug report #787137,
regarding "Logjam" security notes.
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
787137: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787137
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Package: pound
Version: 2.6-6.1

I did some checking with the site: https://www.ssllabs.com/ssltest/

This highlighted a couple of issues.

1) The new "Logjam" issue has made 1024bit DH keys problematic. Pound will 
normally use an "uncommon" prime so it's probably not insecure, but it's 
not completely certain as Debian uses binary packages.


2) Pound does NOT support ECDHE based key exchange at all. OpenSSL does, 
but it needs more configuration to enable it. From my recent reading it 
appears that this is now the preferred protocol both because it's faster 
than a secure DHE and it's possibly more secure.



Both these changes are now in the upstream version 2.7 so I'm requesting a 
refresh. Hopefully into stable as they are significant security issues 
even if they are not immediate threats.



--
Rob.  (Robert de Bath )
 
--- End Message ---
--- Begin Message ---
Version: 2.7-1

As stated in the bug report, the bug was addressed with pound 2.7.

Thank you for the report.--- End Message ---

Bug#787137: marked as done ("Logjam" security notes.)

2018-02-23 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Feb 2018 04:36:04 +
with message-id 
and subject line Bug#891248: Removed package(s) from unstable
has caused the Debian Bug report #787137,
regarding "Logjam" security notes.
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
787137: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787137
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Package: pound
Version: 2.6-6.1

I did some checking with the site: https://www.ssllabs.com/ssltest/

This highlighted a couple of issues.

1) The new "Logjam" issue has made 1024bit DH keys problematic. Pound will 
normally use an "uncommon" prime so it's probably not insecure, but it's 
not completely certain as Debian uses binary packages.


2) Pound does NOT support ECDHE based key exchange at all. OpenSSL does, 
but it needs more configuration to enable it. From my recent reading it 
appears that this is now the preferred protocol both because it's faster 
than a secure DHE and it's possibly more secure.



Both these changes are now in the upstream version 2.7 so I'm requesting a 
refresh. Hopefully into stable as they are significant security issues 
even if they are not immediate threats.



--
Rob.  (Robert de Bath )
 
--- End Message ---
--- Begin Message ---
Version: 2.7-1.3+rm

Dear submitter,

as the package pound has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/891248

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---