Bug#664032: marked as done ([CVE-2012-1177] libgdata do not verify SSL certs)

[Debian Bug Tracking System]

Your message dated Thu, 15 Mar 2012 00:28:10 +0100
with message-id <4f61298a.9080...@debian.org>
and subject line Re: Bug#664032: [CVE-2012-1177] libgdata do not verify SSL 
certs
has caused the Debian Bug report #664032,
regarding [CVE-2012-1177] libgdata do not verify SSL certs
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
664032: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664032
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libgdata
Severity: grave
Tags: security patch

The following vulnerability had been reported against libgdata: 
http://www.openwall.com/lists/oss-security/2012/03/14/3

The upstream patch:
http://git.gnome.org/browse/libgdata/commit/?id=6799f2c525a584dc998821a6ce897e463dad7840
http://git.gnome.org/browse/libgdata/commit/?h=libgdata-0-10&id=8eff8fa9138859e03e58c2aa76600ab63eb5c29c

Please use CVE-2012-1177 for this issue. Since the bug affects other 
applications (like evolution) and looks quite important, please contact the 
security team if it also affects stable.

Cheers,
luciano

signature.asc
Description: This is a digitally signed message part.

--- End Message ---

--- Begin Message ---

Version: 0.11.1-1
On 15.03.2012 00:18, Luciano Bello wrote:
> Package: libgdata
> Severity: grave
> Tags: security patch
> 
> The following vulnerability had been reported against libgdata: 
> http://www.openwall.com/lists/oss-security/2012/03/14/3
> 
> The upstream patch:
> http://git.gnome.org/browse/libgdata/commit/?id=6799f2c525a584dc998821a6ce897e463dad7840
> http://git.gnome.org/browse/libgdata/commit/?h=libgdata-0-10&id=8eff8fa9138859e03e58c2aa76600ab63eb5c29c
> 
> Please use CVE-2012-1177 for this issue. Since the bug affects other 
> applications (like evolution) and looks quite important, please contact the 
> security team if it also affects stable.

Fixed in the just uploaded 0.11.1-1


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

signature.asc
Description: OpenPGP digital signature

--- End Message ---