Your message dated Sun, 20 Oct 2013 22:47:05 +0000 with message-id <e1vy1m5-00076k...@franck.debian.org> and subject line Bug#725359: fixed in polarssl 1.2.9-1~deb7u1 has caused the Debian Bug report #725359, regarding polarssl: CVE-2013-5914 CVE-2013-5915 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 725359: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725359 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: polarssl Severity: grave Tags: security Justification: user security hole https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-04 https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-05 CVE-2013-5915 doesn't sound backportable. Since polarssl has no reverse deps in Wheezy I suggest we update stable to 1.2.9. What do you think? Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: polarssl Source-Version: 1.2.9-1~deb7u1 We believe that the bug you reported is fixed in the latest version of polarssl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 725...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Roland Stigge <sti...@antcom.de> (supplier of updated polarssl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 16 Oct 2013 20:04:47 +0200 Source: polarssl Binary: libpolarssl-dev libpolarssl-runtime libpolarssl0 Architecture: source amd64 Version: 1.2.9-1~deb7u1 Distribution: stable-security Urgency: low Maintainer: Roland Stigge <sti...@antcom.de> Changed-By: Roland Stigge <sti...@antcom.de> Description: libpolarssl-dev - lightweight crypto and SSL/TLS library libpolarssl-runtime - lightweight crypto and SSL/TLS library libpolarssl0 - lightweight crypto and SSL/TLS library Closes: 725359 Changes: polarssl (1.2.9-1~deb7u1) stable-security; urgency=low . * New upstream release - Fixes CVE-2013-5914 CVE-2013-5915 (Closes: #725359) Checksums-Sha1: 836aef0a593b69eebe67a9db183046d60185db83 1196 polarssl_1.2.9-1~deb7u1.dsc c870ba466ddf6a9fc3b62c57bf8a316c331f104b 999668 polarssl_1.2.9.orig.tar.gz ce182d11d72906e90c0f21d000f506c184a43dae 4788 polarssl_1.2.9-1~deb7u1.debian.tar.gz 9d44400489b1c70464f93b2d1577276f02f06098 275776 libpolarssl-dev_1.2.9-1~deb7u1_amd64.deb 308c7c18638348dba8ffde199a8718de0f2040c2 2785662 libpolarssl-runtime_1.2.9-1~deb7u1_amd64.deb b4c193ab745038dfd780c1babb0d92a512c8f558 185846 libpolarssl0_1.2.9-1~deb7u1_amd64.deb Checksums-Sha256: b68f260eb5ce2af38b5efa58449e59550636b585319a9a7f46eaa764fa464549 1196 polarssl_1.2.9-1~deb7u1.dsc d125a6e7eb6eb3e5110035df1469099c5463837b1ef734e60771095dafc0ef56 999668 polarssl_1.2.9.orig.tar.gz 1aa1523e1e05a17e02e80a061db5df53a23c2d5578c7c26bcb566541ad5094df 4788 polarssl_1.2.9-1~deb7u1.debian.tar.gz 7b5f452c8efebea6d9f1bd358045c21de7713c09e30fdbf275b7341cbdf266a3 275776 libpolarssl-dev_1.2.9-1~deb7u1_amd64.deb 7fa706db6727c1a09670c76d4097d713f8e49766e1e2ffa59e01ad258921d000 2785662 libpolarssl-runtime_1.2.9-1~deb7u1_amd64.deb 36cf9d2ba34df0538e9af76ef9e8fd4e72406085e53875219d8797ebc2970465 185846 libpolarssl0_1.2.9-1~deb7u1_amd64.deb Files: 4e93dd1efb47260a50cd1dd50f4fb65d 1196 libs optional polarssl_1.2.9-1~deb7u1.dsc 3d8e01537e747d7997993c70f2e108db 999668 libs optional polarssl_1.2.9.orig.tar.gz 587c95e5d6b2920282daaea3fafe6800 4788 libs optional polarssl_1.2.9-1~deb7u1.debian.tar.gz 4007136af6fc31879d13735576a8d2d9 275776 libdevel optional libpolarssl-dev_1.2.9-1~deb7u1_amd64.deb b3a63307c92c6fd67b6003c48eca7ac0 2785662 libdevel optional libpolarssl-runtime_1.2.9-1~deb7u1_amd64.deb e05b892cf4b1abd680e2b973e93d68e3 185846 libs optional libpolarssl0_1.2.9-1~deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFSYaC+caH/YBv43g8RAieUAJ9aTY7hrBxIUgbY3aKULardJLdfrACfSeIG nM4J2UWl9iEcEKkV48rq2yc= =ii09 -----END PGP SIGNATURE-----
--- End Message ---
