Your message dated Sat, 19 Dec 2020 13:18:50 +0000 with message-id <e1kqc8i-000b4s...@fasolo.debian.org> and subject line Bug#969530: fixed in rsync 3.2.3-3 has caused the Debian Bug report #969530, regarding rsync: CVE-2020-14387 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 969530: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969530 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: rsync Version: 3.2.3-2 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 3.2.0-1 Hi, The following vulnerability was published for rsync. CVE-2020-14387[0]: | rsync-ssl does not verify the hostname in the server certificate | when using openssl If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-14387 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14387 [1] https://git.samba.org/?p=rsync.git;a=commitdiff;h=c3f7414c450faaf6a8281cc4a4403529aeb7d859 [2] https://bugzilla.redhat.com/show_bug.cgi?id=1875549 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: rsync Source-Version: 3.2.3-3 Done: Samuel Henrique <samuel...@debian.org> We believe that the bug you reported is fixed in the latest version of rsync, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 969...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Samuel Henrique <samuel...@debian.org> (supplier of updated rsync package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 19 Dec 2020 12:48:33 +0000 Source: rsync Architecture: source Version: 3.2.3-3 Distribution: unstable Urgency: high Maintainer: Paul Slootman <p...@debian.org> Changed-By: Samuel Henrique <samuel...@debian.org> Closes: 969530 Changes: rsync (3.2.3-3) unstable; urgency=high . * d/p/CVE-2020-14387.patch: New patch to fix an openssl related CVE (closes: #969530, CVE-2020-14387) Checksums-Sha1: 86c1b143ccd986316fc125a95f65b2cc4a2939ef 2231 rsync_3.2.3-3.dsc b5e3b487544a2d46472a05f31b7bd8f5e10c237e 24380 rsync_3.2.3-3.debian.tar.xz 0ecd4174d6e7f3c730bc1241757dd1a5ae7b1d46 6373 rsync_3.2.3-3_amd64.buildinfo Checksums-Sha256: 97e505afd38a2fd0a1abbfe6fd19e9dafa8fbd59aad7d2b9bbe134ebd6bb3ede 2231 rsync_3.2.3-3.dsc e86ac32c48d7b51fe4ed50c10f3b091c7405cc2e343975ba8b1d80073c71a1a4 24380 rsync_3.2.3-3.debian.tar.xz 1ef3d4cbb0043b3a31764183be2a1a3b10f93a8cc834922507fe21a5d403b4df 6373 rsync_3.2.3-3_amd64.buildinfo Files: e9ae7ca62675f61344eccc8690b5ba8e 2231 net optional rsync_3.2.3-3.dsc e2639f935af1c5fb0692d6f45fc4fcb1 24380 net optional rsync_3.2.3-3.debian.tar.xz 504cd5cfdf8a6beb6716011ff6e21c69 6373 net optional rsync_3.2.3-3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEBdtqg34QX0sdAsVfu6n6rcz7RwcFAl/d+Y0ACgkQu6n6rcz7 RwcrlQ//Y9EJyMyyghN0NET0MiYmqdLMsar8Nm+aC0qPlsTj/o4Vq+iLtqIDnEju RcjV0TilBoO8WzjUKgQ33efQBdyieKZcMarzc7ELpdGjKmDbtfuz7oMUAFS4Nyue mKz60BCzzcsUJzL22WmbFS5rby6Y4+jjn+vi7+woArceOboMtsqMkLOqN0gbz+G7 OYTBGXYnBaaGPvtzf+7J2jVG8wLo089XhTtoJQR11Yh/NNpflGFEJhxDwXem7VPp pXrv9oFa05+g3eO529w1FqUMgGHmPYiWcgCL7ypnCOUE+9WJORp3y8yOJDfFErRz fHUKRIzyGUY+IAWssaZIZLzyLNNwRAJBksubQOa2IgLOujusUZuq1GrHW1jDLGsO jZXiuiv+egz7lxRXGKtsqLuccrAkr7l5mbINiHiHTvScm3V7cCGzzD2yjxcgVTcL 82cTh7Jen4l87l9q63i8S982P4dmxBqHiYRJlcfRu++QKO6WCM5G+GnvY17an9ga HUyhoEogO9Mak/hPF7setIQGleKRZN414w3zebjNadY5sAMSNs6Gratq0S60Ui/u jdrZX6us7zV2XVRL4oPvV7GohWrKkoqMH4Dc145586pJcOXilVHLqkPjn6ZoF1NZ ExVMO1bPhr1JLjn18jGIIek71iOQ7VYxpP+3FC49k1qTaxsoEfg= =J7Cm -----END PGP SIGNATURE-----
--- End Message ---
