Your message dated Thu, 09 Jul 2015 21:34:43 +0000
with message-id <e1zdjst-0001ss...@franck.debian.org>
and subject line Bug#791957: fixed in apache-directory-api 1.0.0~M20-3
has caused the Debian Bug report #791957,
regarding apache-directory-api: CVE-2015-3250
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
791957: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=791957
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: apache-directory-api
Version: 1.0.0~M20-1
Severity: important
Tags: security upstream fixed-upstream
Hi Emmanuel,
the following vulnerability was published for apache-directory-api,
filling a bug in the BTS to have it documented. AFAICS no much
information but it is fixed in new upstream version 1.0.0~M31. Could
you update the package to it?
CVE-2015-3250[0]:
timing attack vulnerability
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-3250
[1] http://www.openwall.com/lists/oss-security/2015/07/07/5 (note
there was a typo in the CVE referenced there)
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: apache-directory-api
Source-Version: 1.0.0~M20-3
We believe that the bug you reported is fixed in the latest version of
apache-directory-api, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 791...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Emmanuel Bourg <ebo...@apache.org> (supplier of updated apache-directory-api
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 09 Jul 2015 23:07:02 +0200
Source: apache-directory-api
Binary: libapache-directory-api-java
Architecture: source all
Version: 1.0.0~M20-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers
<pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Emmanuel Bourg <ebo...@apache.org>
Description:
libapache-directory-api-java - Apache Directory LDAP API
Closes: 791957
Changes:
apache-directory-api (1.0.0~M20-3) unstable; urgency=medium
.
* Fixed CVE-2015-3050: Timing Attack vulnerability (Closes: #791957)
Checksums-Sha1:
55aac573819d7404ea06fa22ffbad9ce4155310a 2445
apache-directory-api_1.0.0~M20-3.dsc
775948de97e40f9ae6370ad9ee21091c3a9aceee 6460
apache-directory-api_1.0.0~M20-3.debian.tar.xz
fd465fa8653497001b88465d2eda2932a24f5f94 2113946
libapache-directory-api-java_1.0.0~M20-3_all.deb
Checksums-Sha256:
31e5114ce0a0888575465c95eb7c7345bc11890b086aa2dd3fd88d07d6ae7c14 2445
apache-directory-api_1.0.0~M20-3.dsc
7de5c7cdf12c463b7470526f33c618756519509dc741175e9ca461992d3bd8a3 6460
apache-directory-api_1.0.0~M20-3.debian.tar.xz
0589105d955a827d150551951632f66eb9acbc8360165db51f4cd1d0d19442e1 2113946
libapache-directory-api-java_1.0.0~M20-3_all.deb
Files:
6986f30d644dd32d39e4ca5fe6d94c8c 2445 java optional
apache-directory-api_1.0.0~M20-3.dsc
33093c0de30f1c999db5b53c3e3d1585 6460 java optional
apache-directory-api_1.0.0~M20-3.debian.tar.xz
22a3271d97bae7d9aabe8046de1540b1 2113946 java optional
libapache-directory-api-java_1.0.0~M20-3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJVnuO2AAoJEPUTxBnkudCsYrEQAK8KNjbIBSojmfwPaq1in5Q6
BrCI85AKCYJgdjDEt+sRu/EI7nY6ybnroJLU5UL/tDXXeJ+q1hMqw2KfJSptZn27
lPoSr5JjipnnPFBYhRWXMHMthL7vsQi4uOcQ5mfE3ih2HV4ewcvAzIwbBmZrRShw
JxYad7QR8bNnedX5lb4Hf46y/bDW3gn35KzVAI+rjXaUADNcFoY+SyQr/7gabLFa
Lt3EfIr5+w0dGBDEW44kzdovNIChYjaeCo6XT8c5uW2luwxzFdUWOacIiuB0PiG0
eOinmcuwq9NW+5wh0OOWw9zBNsYqis79LtBykNv7ldt3tyH8A4N3AzbwJqCgQMf6
XVCLpuYkOajzHJbXEBO0hTyMhm7cgXk5/WoARksA6GNF7PhBGTFER7mzE8M4Ll/z
h5wBkfrYrHAB23KHq+UVXFov3Xxhq8KxBbeCmiyDuclqGeIdhCrYA19sNxSAlOQN
yP20HwHPQG21N+HI+8/K/CLqP3/ywN01Lb86P5JJa2LHa6r5faUQ1jiRpAbS1Gqq
K9RswYsxdlvwvNCUz+FyhGd2OAf1eg+8nqBj5RkoK7/cY+X2nS3SSVK5XTYZdoCI
DTUsk+kGqau3tsob3BQ3UNN8cReeXK79yqgy+COUZUaVyKsTBttdl1Ah6J9B7V0X
YymFrJ0ZyjmkjxBGwS2o
=H8cT
-----END PGP SIGNATURE-----
--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
debian-j...@lists.debian.org for discussions and questions.
