Your message dated Thu, 27 Jan 2005 12:17:10 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#292458: fixed in openswan 2.2.0-6
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 27 Jan 2005 06:38:29 +0000
>From [EMAIL PROTECTED] Wed Jan 26 22:38:29 2005
Return-path: <[EMAIL PROTECTED]>
Received: from luonnotar.infodrom.org [195.124.48.78]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cu3IT-0002Io-00; Wed, 26 Jan 2005 22:38:29 -0800
Received: by luonnotar.infodrom.org (Postfix, from userid 10)
id 9DB20366F2A; Thu, 27 Jan 2005 07:38:01 +0100 (CET)
Received: at Infodrom Oldenburg (/\##/\ Smail-3.2.0.102 1998-Aug-2 #2)
from infodrom.org by finlandia.Infodrom.North.DE
via smail from stdin
id <[EMAIL PROTECTED]>
for [EMAIL PROTECTED]; Thu, 27 Jan 2005 07:34:37 +0100 (CET)
Date: Thu, 27 Jan 2005 07:34:37 +0100
From: Martin Schulze <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Openswan XAUTH/PAM Buffer Overflow Vulnerability
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
X-Debbugs-Cc: [EMAIL PROTECTED]
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: openswan
Severity: grave
Tags: security sarge sid patch
Please see the advisory and patch here:
http://www.idefense.com/application/poi/display?id=190&type=vulnerabilities&flashstatus=false
Even though iDEFENSE wrote:
iDEFENSE has confirmed that Openswan 2.2.0 is vulnerable. All previous
versions of Openswan also contain the vulnerable code.
it seems that 2.3.0 in sid is vulnerable as well.
Regards,
Joey
--
Of course, I didn't mean that, which is why I didn't say it.
What I meant to say, I said. -- Thomas Bushnell
Please always Cc to me when replying to me on the lists.
---------------------------------------
Received: (at 292458-close) by bugs.debian.org; 27 Jan 2005 17:23:02 +0000
>From [EMAIL PROTECTED] Thu Jan 27 09:23:01 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CuDMD-0002fc-00; Thu, 27 Jan 2005 09:23:01 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1CuDGY-0004bP-00; Thu, 27 Jan 2005 12:17:10 -0500
From: Rene Mayrhofer <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#292458: fixed in openswan 2.2.0-6
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Thu, 27 Jan 2005 12:17:10 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 3
Source: openswan
Source-Version: 2.2.0-6
We believe that the bug you reported is fixed in the latest version of
openswan, which is due to be installed in the Debian FTP archive:
kernel-patch-openswan_2.2.0-6_all.deb
to pool/main/o/openswan/kernel-patch-openswan_2.2.0-6_all.deb
openswan-modules-source_2.2.0-6_all.deb
to pool/main/o/openswan/openswan-modules-source_2.2.0-6_all.deb
openswan_2.2.0-6.diff.gz
to pool/main/o/openswan/openswan_2.2.0-6.diff.gz
openswan_2.2.0-6.dsc
to pool/main/o/openswan/openswan_2.2.0-6.dsc
openswan_2.2.0-6_i386.deb
to pool/main/o/openswan/openswan_2.2.0-6_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Rene Mayrhofer <[EMAIL PROTECTED]> (supplier of updated openswan package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 27 Jan 2005 16:07:32 +0100
Source: openswan
Binary: openswan-modules-source kernel-patch-openswan openswan
Architecture: source all i386
Version: 2.2.0-6
Distribution: testing-proposed-updates
Urgency: high
Maintainer: Rene Mayrhofer <[EMAIL PROTECTED]>
Changed-By: Rene Mayrhofer <[EMAIL PROTECTED]>
Description:
kernel-patch-openswan - IPSEC kernel support for Openswan
openswan - IPSEC utilities for Openswan
openswan-modules-source - IPSEC kernel modules source for Openswan
Closes: 289600 291143 292458
Changes:
openswan (2.2.0-6) testing-proposed-updates; urgency=HIGH
.
Urgency HIGH due to security issue and problems with build-deps in sarge.
* Fix the security issue. Please see
http://www.idefense.com/application/poi/display?id=190&;
type=vulnerabilities&flashstatus=false
for more details. Thanks to Martin Schulze for informing me about
this issue.
Closes: #292458: Openswan XAUTH/PAM Buffer Overflow Vulnerability
* Updated Build-Deps from libopensc0-dev to libopensc1-dev. This
allows openswan to be buildable in sarge again. I had hoped that
2.3.0 would enter sarge, but it has a nasty upstream bug due to
which it should stay in unstable.
Closes: #289600: openswan: can't fulfill the build dependencies
* Added a Build-Dependency to lynx.
Closes: #291143: openswan: FTBFS: Missing build dependency.
Files:
2840b0f76cd7a932ad9a2c30e9bb0514 732 net optional openswan_2.2.0-6.dsc
b5171437b837b4f51d1651faa2c50e1b 203396 net optional openswan_2.2.0-6.diff.gz
a3aeb680bc8a08d6e3fab9f3f33ce550 489580 net optional
openswan-modules-source_2.2.0-6_all.deb
92ec582bce784f59811a26c5798adda1 488012 net optional
kernel-patch-openswan_2.2.0-6_all.deb
0a6392b493996868342f14b46678f28e 4938434 net optional openswan_2.2.0-6_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFB+R+fq7SPDcPCS94RAqViAJ47L7HNj0dY2FKg8IBI6r3EqKfoCwCgyrgB
M4vll0fHaa9xq1KA/Xqk0uw=
=lHyl
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
