Your message dated Sat, 28 Jul 2018 14:54:03 +0000 with message-id <e1fjqbb-0003xb...@fasolo.debian.org> and subject line Bug#904821: fixed in mbedtls 2.12.0-1 has caused the Debian Bug report #904821, regarding mbedtls: CVE-2018-0497, CVE-2018-0498: Remote plaintext recovery on use of CBC based ciphersuites through a timing side-channel to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 904821: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904821 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: mbedtls Version: 2.1.2-1 Severity: grave Tags: security upstream This security advisory was published for mbedTLS. All versions since 1.2 are affected. https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02 CVE-2018-0497: Remote plaintext recovery on use of CBC based ciphersuites through a timing side-channel CVE-2018-0498: Plaintext recovery on use of CBC based ciphersuites through a cache based side-channel James
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---Source: mbedtls Source-Version: 2.12.0-1 We believe that the bug you reported is fixed in the latest version of mbedtls, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 904...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. James Cowgill <jcowg...@debian.org> (supplier of updated mbedtls package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 28 Jul 2018 21:38:20 +0800 Source: mbedtls Binary: libmbedtls-dev libmbedcrypto1 libmbedtls10 libmbedx509-0 libmbedtls-doc Architecture: source Version: 2.12.0-1 Distribution: unstable Urgency: medium Maintainer: James Cowgill <jcowg...@debian.org> Changed-By: James Cowgill <jcowg...@debian.org> Description: libmbedcrypto1 - lightweight crypto and SSL/TLS library - crypto library libmbedtls-dev - lightweight crypto and SSL/TLS library - development files libmbedtls-doc - lightweight crypto and SSL/TLS library - documentation libmbedtls10 - lightweight crypto and SSL/TLS library - tls library libmbedx509-0 - lightweight crypto and SSL/TLS library - x509 certificate library Closes: 904821 Changes: mbedtls (2.12.0-1) unstable; urgency=medium . * New upstream release. - Fixes CVE-2018-0497 and CVE-2018-0498. (Closes: #904821) . * debian/control: Bump standards version to 4.1.5. * debian/patches: Refresh patches. * debian/libmbedcrypto1.symbols: - Add new symbols. - Remove the internal mbedtls_threading_gmtime_mutex symbol. Checksums-Sha1: 1c3b6d8e6ff77ba9bdd73e137f1b980e4b41e3c3 2199 mbedtls_2.12.0-1.dsc 84a22632322326d71f9ba2769b2f13edf1f90620 2390563 mbedtls_2.12.0.orig.tar.gz e1213195bfa801124101f4c2f1f00fb7a292cce8 12516 mbedtls_2.12.0-1.debian.tar.xz b7e07acda8a54bc0bc919cb9c01ad10dbc168888 6956 mbedtls_2.12.0-1_source.buildinfo Checksums-Sha256: 99319875a3a95cd322307dbcb0fdc9b67d77e4bb81a9e40e262a711f982ab848 2199 mbedtls_2.12.0-1.dsc a2bed048f41a19ec7b4dd2e96649145bbd68a6955c3b51aeb7ccbf8908c3ce97 2390563 mbedtls_2.12.0.orig.tar.gz 54f58e7ef8502603504df19207f6624ea89d19531266be1ae3de872e64649929 12516 mbedtls_2.12.0-1.debian.tar.xz f45fcc76a4cba559811d992dce013b14c11a3f6f5579fb2c39a81c8c9144cda7 6956 mbedtls_2.12.0-1_source.buildinfo Files: 2eeac75e1c3f8dbaccee14ad30a37e81 2199 libs optional mbedtls_2.12.0-1.dsc 90b55ca8c726f6612de8a31a2a090e94 2390563 libs optional mbedtls_2.12.0.orig.tar.gz c4f9b83eb5bc791990c7d33a4adc9e8f 12516 libs optional mbedtls_2.12.0-1.debian.tar.xz 2055141957a33db912d229fb14867836 6956 libs optional mbedtls_2.12.0-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEE+Ixt5DaZ6POztUwQx/FnbeotAe8FAltcc7AUHGpjb3dnaWxs QGRlYmlhbi5vcmcACgkQx/FnbeotAe8C5RAAg0s+z/txcMFfTn8F4zU4HbENgWAe dNEtotAV5t7Aas4aCJQXlhO/JfUqFCA+cZi78HhLE2RpShO7gwLTD5Y8C3w5qIde W/kdWbvlJ2N/USsut7bxQ+IF0jgDVgcKDGxZapiOgS7z58wPCd34DrCbW6ppD5EP QpRAY/jrFRd0/eOlXM8SDvHs+qMO3gF7WUCAJG0SsqsoA8mC39wNMNw8dPnOz5eG JvWZmgddIkR1uXHxUYJNpnAspR0g7Sbl460wfG0fi3WF0VWdud+XLFlRXcGy+bTG 5bNFCWC2uxzQhKP7oaJrORy8GK7F/g4goMGWZqXRKFqfhxv7gObRbThP82JnNjzx PhnfJ9a4VhvVxs7TSAtLefrSA5dnbB8yg3pHQTrS54VqFtFWIH/xFDkLIoqjZK8a CMORTwicOFy1Y9k8A9pCUnQ0JhAnvom5tG0+z0hfNSy2ne6ZdqD6fY1wn4L2inHJ QbjcYFOvtIkbFqn27wNxTPI0cV20hE2WibbyKNlyyxpK6IV+/wXLIouIuTcWVwpA Xx5S8k3Gxfvwyj0sLmuGIYKJ6Ixw3bDdOaSU3Teyn/bkD7OQaFGGVPGBLQx3U/Ah yJsACjugG62CxvS3GJosFScoiCxSrEOk4RAfFT4CWwg+GY02MK3KnjeBhd1ssrng +xHnpJ6f6+Cj9dg= =+yqn -----END PGP SIGNATURE-----
--- End Message ---
