Your message dated Sun, 28 Feb 2016 23:36:12 +0000 with message-id <e1aaasm-0008ed...@franck.debian.org> and subject line Bug#815662: fixed in libssh2 1.5.0-2.1 has caused the Debian Bug report #815662, regarding libssh2: 2016-0787: Weak Diffie-Hellman secret generation to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 815662: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815662 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libssh2 Version: 1.2.6-1 Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for libssh2. CVE-2016-0787[0]: Weak Diffie-Hellman secret generation in libssh2 before 1.7.0 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-0787 [1] https://www.libssh2.org/changes.html Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libssh2 Source-Version: 1.5.0-2.1 We believe that the bug you reported is fixed in the latest version of libssh2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 815...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated libssh2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 23 Feb 2016 20:22:46 +0100 Source: libssh2 Binary: libssh2-1 libssh2-1-dev libssh2-1-dbg Architecture: source Version: 1.5.0-2.1 Distribution: unstable Urgency: medium Maintainer: Mikhail Gusarov <dotted...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 815662 Description: libssh2-1 - SSH2 client-side library libssh2-1-dbg - SSH2 client-side library (debug package) libssh2-1-dev - SSH2 client-side library (development headers) Changes: libssh2 (1.5.0-2.1) unstable; urgency=medium . * Non-maintainer upload. * CVE-2016-0787: bits/bytes confusion resulting in truncated Diffie-Hellman secret length (Closes: #815662) Checksums-Sha1: d85ac40d5ef7ade31d0a5d1d11deeac1449ab46d 1854 libssh2_1.5.0-2.1.dsc 61c9266ee5ad8ea79e31d7d0a9c06164be09d6f0 6840 libssh2_1.5.0-2.1.debian.tar.xz Checksums-Sha256: 4360d32eee336a792f254c519a7087d89753d9db8ac824af33382399e02af218 1854 libssh2_1.5.0-2.1.dsc 0b28eaa37f4d11e8e529883c95387549854ba370989ff7fa6eed059ac4d3aa43 6840 libssh2_1.5.0-2.1.debian.tar.xz Files: 8df09b0207557deec9186244a107f5da 1854 libs optional libssh2_1.5.0-2.1.dsc 2d9518a458f096b9a3947e35f8081c1d 6840 libs optional libssh2_1.5.0-2.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWzLKzAAoJEAVMuPMTQ89EW3AP/RH27uvoPaGWoyT+aDhyNabq g5my9Lmd9Sb5YqQf9/sL1EDFP7lp4pIM96skadkxBv4jwBwNCTXJ5VdJ5v+Vrz72 tsrVq7bpN0yj3rslEmgAy8xGzKYZyyKYQecNZB2L7PQ28spQykPSLpLCRgttnM/X BEJvAccBXoWjroOyAsI+I20/IQxb4a7w9kNUTPQDcQfYHdnGCZ1TODf9IE/mCRHa qd1nn4QIh0nw6Le6Zc2S4Y0iji7ZuF6D1vFRchIAtFxWkQo3ysKIvXSkKxGsmnAR 0WGuWBt4zpndgQ8qQoWff7WziFX5Q85UcMo8nVE0T9Ipt3D6MsBZGa2Po82ejht5 6JnI1ajaIElnEZiiBZV7eDFNq+bYaCbGrWDUvvE7htkCL/5f15EInNFhHn9rYRiW FF1QLQHrvybaq8uDl4ArIQT36HYgj1ebTTirvMPzhjh44R3UdwHx+CGLiKS1D+qa RLtJB/61+p6jeAPFcXl5XzJDvM9de5ikXYpHAPjR5fk/oBJbQsqjEU/l4CbSewtk 0vOqIYeBb4/+MI4qJeHDfnmMl/YYx9ZIMgovt4/ehIVlG2mw7HX679Kg+L4tFmeY 31netLiclHbrN6oyzgAY1rpJ5t6EHtK3gEMpCYxIjpAIt7iBnmtuiUy/EBjutnzT b3eifsq8OPYy7W/KonCw =9nso -----END PGP SIGNATURE-----
--- End Message ---
