Your message dated Wed, 11 Jul 2018 16:21:16 +0000 with message-id <e1fdhrg-000avp...@fasolo.debian.org> and subject line Bug#901626: fixed in libtomcrypt 1.18.2-1 has caused the Debian Bug report #901626, regarding libtomcrypt: CVE-2018-12437 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 901626: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901626 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libtomcrypt Version: 1.18.1-1 Severity: grave Tags: security upstream Hi, The following vulnerability was published for libtomcrypt. CVE-2018-12437[0]: | LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on | ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. | To discover an ECDSA key, the attacker needs access to either the local | machine or a different virtual machine on the same physical host. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-12437 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12437 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libtomcrypt Source-Version: 1.18.2-1 We believe that the bug you reported is fixed in the latest version of libtomcrypt, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 901...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Stapelberg <stapelb...@debian.org> (supplier of updated libtomcrypt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 11 Jul 2018 17:55:41 +0200 Source: libtomcrypt Binary: libtomcrypt-dev libtomcrypt1 Architecture: source Version: 1.18.2-1 Distribution: unstable Urgency: medium Maintainer: Michael Stapelberg <stapelb...@debian.org> Changed-By: Michael Stapelberg <stapelb...@debian.org> Description: libtomcrypt-dev - static library, header files and documentation for libtomcrypt libtomcrypt1 - public domain open source cryptographic toolkit Closes: 901626 903334 Changes: libtomcrypt (1.18.2-1) unstable; urgency=medium . * New upstream version 1.18.2, containing fixes for CVE-2018-12437 CVE-2018-0739 (Closes: #901626) * debian/docs: README → README.md, remove TODO (Closes: #903334) Checksums-Sha1: 11cdf66b0285313f3366e1e7a2c2bfb73418f88e 2059 libtomcrypt_1.18.2-1.dsc 55bd8c2015f39bba73aca13b5e4e37f44a292b3f 2638064 libtomcrypt_1.18.2.orig.tar.xz d4cf1d3dd99ee0bbc2e6b3ced8e9a7fbd0a015fe 15380 libtomcrypt_1.18.2-1.debian.tar.xz 47e4507ef9e76f4256f1c6ac7e63146eb3e9e414 8677 libtomcrypt_1.18.2-1_amd64.buildinfo Checksums-Sha256: 748f34b4bcd13ae16bae5356e0ed11fb4165c137de4661f5040b45506a76ab53 2059 libtomcrypt_1.18.2-1.dsc 96ad4c3b8336050993c5bc2cf6c057484f2b0f9f763448151567fbab5e767b84 2638064 libtomcrypt_1.18.2.orig.tar.xz 119d07663b3b479446019c2d08c6d63d229674ab2592afb089a81ca88b925410 15380 libtomcrypt_1.18.2-1.debian.tar.xz fb75c2422a3a11e7c4c83f86274c2aa2893c4f1ea438d3ec6b43da0cd443ae0b 8677 libtomcrypt_1.18.2-1_amd64.buildinfo Files: 5a33251468fcdc1940651d88a16e2881 2059 libs optional libtomcrypt_1.18.2-1.dsc e8d22351b7c95bef423c1cd02dcf836d 2638064 libs optional libtomcrypt_1.18.2.orig.tar.xz a23e6653cc268bcd37dde4d23028333a 15380 libs optional libtomcrypt_1.18.2-1.debian.tar.xz 5f044c58eab5d9e2d54f948374b42179 8677 libs optional libtomcrypt_1.18.2-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEQk4U1wPnxtQ9nW82TnFg7UrI7h0FAltGKp8ACgkQTnFg7UrI 7h1IPhAAxbiwiXv0qO/AntCWjZ+9Ko+byeVCYeOet4luSxiUVvEoW77wdJyqwmK1 LBDUVi+pPAmfpyM8K5FTa5PEXjULFpIpjY8L/pRLvwN/QM6C+J95Zy7lFmWjUeSr 9s4dbLUkb3O5YrSxliNH1FGnz9SbUXnt17rZgaA0aAEejXbrTo7cu1P6bZo/4nNB bLgNvn3QjdBiXDnDH9dHfQWmuXJXMigdF1hcn4Zq0cae1vnk01xpRT3lsbmqeP8I /XZLSr8khDbw5PxwdbNia7XiqFIfbN8FYsInRex2bfQrz6iEP6IYWWYI31+C31Yj 3OrUb+Kv8xfSGIz/FuUhqyX+rxFtKF+s/EGQEHIjyFCyVTmb/H15XEe4QudrG73K nK03TXKJP39TykKui/nq78UL0qk/YoEW7DYGHgNUAd8pEfNgrZSDJseEIO9JTKtH OX3+aXWz84jGHmE27BTrGLM+ZEqEZtzLF4ZxtUw0yHOuZblGFNxKWvmTUyKefmrg FW2XD9lpszL20u135UbDP5xOwzqg74OcgU92WuZFDHHJZSb3RU/iGYx3sFwBugRY VelOVLYo/vrfdb5y7exaalnkDAvb0MMbH2dCFRWzH2wNlEtVt5ZjP2i58BY1ZcSk vZLFr7/cg8DV/wP5aEy9MvfoAn8/8R2Vxht6+j2ygY9KHAhA5Eg= =6P8x -----END PGP SIGNATURE-----
--- End Message ---
