Your message dated Mon, 18 Feb 2019 23:18:42 +0000
with message-id <e1gvsbo-0006mx...@fasolo.debian.org>
and subject line Bug#921725: fixed in libu2f-host 1.1.2-2+deb9u1
has caused the Debian Bug report #921725,
regarding libu2f-host: CVE-2018-20340
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
921725: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921725
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libu2f-host
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for libu2f-host.
CVE-2018-20340[0]:
Unchecked buffer in libu2f-host before 1.1.7 ...
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-20340
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20340
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: libu2f-host
Source-Version: 1.1.2-2+deb9u1
We believe that the bug you reported is fixed in the latest version of
libu2f-host, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 921...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nicolas Braud-Santoni <ni...@debian.org> (supplier of updated libu2f-host
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 08 Feb 2019 21:42:16 +0100
Source: libu2f-host
Binary: libu2f-host0 libu2f-host-dev u2f-host
Architecture: source amd64
Version: 1.1.2-2+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Authentication Maintainers
<pkg-auth-maintain...@lists.alioth.debian.org>
Changed-By: Nicolas Braud-Santoni <ni...@debian.org>
Description:
libu2f-host-dev - Development files for the U2F host C library libu2f-host
libu2f-host0 - Universal 2nd Factor (U2F) host communication C Library
u2f-host - Command line tool to do Universal 2nd Factor (U2F) operations
Closes: 921725
Changes:
libu2f-host (1.1.2-2+deb9u1) stretch-security; urgency=high
.
* Backport patch for CVE-2018-20340 (Closes: #921725)
Checksums-Sha1:
233bae3a54d0736d5963b2aa6676485e9358e97b 2342 libu2f-host_1.1.2-2+deb9u1.dsc
c3e6ebb9c48924c87d9fb4f41436620a36a8f064 456160 libu2f-host_1.1.2.orig.tar.xz
c15f5dc02f38b18ae66cc0630c3288ffde019782 61548
libu2f-host_1.1.2-2+deb9u1.debian.tar.xz
a26ea85b2fa1caac2d32f6e0e6c0698f4fe9a540 117190
libu2f-host-dev_1.1.2-2+deb9u1_amd64.deb
0539be4886bdf57321f9362c37d73f028a262af2 34022
libu2f-host0-dbgsym_1.1.2-2+deb9u1_amd64.deb
ee01e16d371ca717fe071b943e099f93a73c9b8c 24982
libu2f-host0_1.1.2-2+deb9u1_amd64.deb
51d7ccbb563829ea92bc33543bf5f671bec7f3a9 11970
libu2f-host_1.1.2-2+deb9u1_amd64.buildinfo
f3a899fca46f3bc8eaac7647c657a17460162cfa 14914
u2f-host-dbgsym_1.1.2-2+deb9u1_amd64.deb
b326f61580a3fb0d37e29a8e90af4d1f27b7d4f5 14624
u2f-host_1.1.2-2+deb9u1_amd64.deb
Checksums-Sha256:
edcd5e634758c0134efb6f833ed08fc1daebc7169d77bae301981353aeb0606e 2342
libu2f-host_1.1.2-2+deb9u1.dsc
5bcdfbc5e6f972da5395185b71de2272f9a397f0f0d431860e71545f52f1c56a 456160
libu2f-host_1.1.2.orig.tar.xz
e79b799d66dfd31655b63f43de7845e2f703062eda0af8c22d6b6c3a6de384f2 61548
libu2f-host_1.1.2-2+deb9u1.debian.tar.xz
a4022a9cf554e7371c4613fffe11f3c2bddcf2c2ce7a23b83a40f542b04a5161 117190
libu2f-host-dev_1.1.2-2+deb9u1_amd64.deb
d2894190d9cf66009d2995a11765e775523412a1f6e029eeaf56dd290f7fb2a0 34022
libu2f-host0-dbgsym_1.1.2-2+deb9u1_amd64.deb
2d8fbfef9bcfcc53d2b757284a90d0362bac2ccb4c2cdb29a67f86f53d1318d2 24982
libu2f-host0_1.1.2-2+deb9u1_amd64.deb
4a3f7bff9ac07bed93bddc3f32641ddf603b9f90478988a54a7aacd2573bd12c 11970
libu2f-host_1.1.2-2+deb9u1_amd64.buildinfo
cd4dd2e62e88756a8ad0ec467999c81b4199400edc8abc303453c855b8524da6 14914
u2f-host-dbgsym_1.1.2-2+deb9u1_amd64.deb
cb9e455b7a3ffcbbd5d619c50e03220d26c270f82244dec2293be473da3aa491 14624
u2f-host_1.1.2-2+deb9u1_amd64.deb
Files:
0dd7fae6e3f5249d64e4b48605886760 2342 utils extra
libu2f-host_1.1.2-2+deb9u1.dsc
92fde5650151623635e97287bd389592 456160 utils extra
libu2f-host_1.1.2.orig.tar.xz
0e987f39b76a6130876b011570d688c5 61548 utils extra
libu2f-host_1.1.2-2+deb9u1.debian.tar.xz
808f76238aa2290149dae16a7a3fca1d 117190 libdevel extra
libu2f-host-dev_1.1.2-2+deb9u1_amd64.deb
e4489125af443c518d7468ba671640f7 34022 debug extra
libu2f-host0-dbgsym_1.1.2-2+deb9u1_amd64.deb
d3a9e819b8dd44072048527c5f3d88e0 24982 libs extra
libu2f-host0_1.1.2-2+deb9u1_amd64.deb
99f5dc4daad95474272db5d4ce037208 11970 utils extra
libu2f-host_1.1.2-2+deb9u1_amd64.buildinfo
4259a698c465ba61719efe13f047b7c9 14914 debug extra
u2f-host-dbgsym_1.1.2-2+deb9u1_amd64.deb
d5e38bd248b18e420b0596c8d0fc0540 14624 utils extra
u2f-host_1.1.2-2+deb9u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEU7EqA8ZVHYoLJhPE5vmO4pLV7MsFAlxeztsACgkQ5vmO4pLV
7MuxWw//V8Zy5lcTrzJUN+ptOLjd/dAOsUvKIMzP6ph1GZH+TxLV9MwGZDo9xXN2
wcFw/+Bz61KUBvi/rCkY+av/XqS4uUd1QXKInR9LYAttMzVhp9xIpQobkSorzD15
brv3Dyiq8gydjW7DMMYsCMGOKWzLzN0Q72+Boh2kgeXdDuopoZl49QBmy0nR6ijS
ZNith6lkOT/PSad3njiPhno56lODq/fJJme5m8bzdILVvubeuJzuZcKnqp9zQLbm
tC5fXZrDP4hgwMLaoKrEog8tAa2zAUXZF/kl4SUskHzZQXAiyHxTy/ojS9ZYu/7h
uI3JLqb78s2jazyfy09AafDIeTjlwkL8566ppE32Q8l1nt6LAe05lYbE+iqWvJEz
cxMYGDg2Z07X6nqB+MfFT0OTMN9E6SN99342uRQDOfn4poi+mDjNOaLFzkUZCuuJ
1Z+0P9ULrj9bVmjWIs3BfuLMOblnbd2Rk9Eu5lFMZ2u6K+7b7F8eOti56jjMtTc/
2U82xMQNc7LAEGcBbKZsiAx/vNhO83GVJQ+GTp2pmnXvfoS5cNMyU1kYXIO4PR0/
QYmd0PhVFrAXada8khSeWc+T2qWq+6N3tKd4ngWV/6lCKWXi50iKQbxNhRatXTjZ
/4CDDItHWL/JMBJIp9D8YPUAtDQ4Vj4tf8UC+pfX/FDKem4F5mI=
=CKmw
-----END PGP SIGNATURE-----
--- End Message ---
