Bug#972806: marked as done (mbedtls security advisories: local side channel attacks)

Sat, 26 Dec 2020 18:51:17 -0800 

Your message dated Sun, 27 Dec 2020 02:49:04 +0000
with message-id <[email protected]>
and subject line Bug#972806: fixed in mbedtls 2.16.9-0.1
has caused the Debian Bug report #972806,
regarding mbedtls security advisories: local side channel attacks
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
972806: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972806
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: mbedtls
Version: 2.16.0-1
Severity: serious
Tags: security
Justification: security

Dear Maintainer,

Mbed TLS 2.16.8 released 1 Sep 2020 addresses 3 security advisories
==> Please update mbedtls in all active Debian releases.  Thank you.

https://github.com/ARMmbed/mbedtls/releases
https://tls.mbed.org/tech-updates/security-advisories

Local side channel attack on classical CBC decryption in (D)TLS
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1
  CVE-2020-16150
  Severity: High
Local side channel attack on RSA and static Diffie-Hellman
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-2
  Severity: High
Protocol weakness in DHE-PSK key exchange
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-3
  Severity: Low

-- System Information:
Debian Release: 10.6
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-12-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

--- End Message ---
--- Begin Message --- 
Source: mbedtls
Source-Version: 2.16.9-0.1
Done: Wookey <[email protected]>

We believe that the bug you reported is fixed in the latest version of
mbedtls, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Wookey <[email protected]> (supplier of updated mbedtls package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 17 Dec 2020 18:55:19 +0000
Source: mbedtls
Architecture: source
Version: 2.16.9-0.1
Distribution: unstable
Urgency: medium
Maintainer: James Cowgill <[email protected]>
Changed-By: Wookey <[email protected]>
Closes: 963159 972806
Changes:
 mbedtls (2.16.9-0.1) unstable; urgency=medium
 .
   * Non-maintainer upload
   * New upstream release
   * Fixes CVE-2020-10932 (Closes: #963159)
   * Fixes CVE-2020-16150 (Closes: #972806)
   * Updated watch and Homepage to new github upstream
   * Updated symbols file (two new for 2.6.19)
Checksums-Sha1:
 032320a768a3f6516914d343531c1db5342eb5e8 2225 mbedtls_2.16.9-0.1.dsc
 696b997ff8d97f1ec2b502fa8446cf40000e9d5e 2668292 mbedtls_2.16.9.orig.tar.gz
 66d0c7a54148c58ebac1482fba5afaca6204f9eb 12832 mbedtls_2.16.9-0.1.debian.tar.xz
 7dece3503b9337a6908ba947078b4fe1fd2ed0c1 6274 
mbedtls_2.16.9-0.1_source.buildinfo
Checksums-Sha256:
 d93394bbda38c7f2d6353fede0943abb890b208bd430fcf15af9499ee8015341 2225 
mbedtls_2.16.9-0.1.dsc
 fc17ff7d8c11d08f23ae2800a18269408ad2c24ea6bb8b9363e41a01c2425697 2668292 
mbedtls_2.16.9.orig.tar.gz
 fc9bb78ea425d660911f6740c1ebf77bb1d768b9e54af5eadde5c8f0bd504806 12832 
mbedtls_2.16.9-0.1.debian.tar.xz
 584d0940793ccd1f5e310a8efff99f6e97e048958f36d103e747e8f2b35295d4 6274 
mbedtls_2.16.9-0.1_source.buildinfo
Files:
 7f6cc9df0823dd04bf389ee342411fff 2225 libs optional mbedtls_2.16.9-0.1.dsc
 82ae1332c2e9e917be6eb8e1ed27ecbc 2668292 libs optional 
mbedtls_2.16.9.orig.tar.gz
 60d45250aaf6a8b124fd95632b4c3a4e 12832 libs optional 
mbedtls_2.16.9-0.1.debian.tar.xz
 db88726a913a3488935ae11afb7d0637 6274 libs optional 
mbedtls_2.16.9-0.1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEER4nvI8Pe/wVWh5yq+4YyUahvnkcFAl/lTc4ACgkQ+4YyUahv
nkdhSg/8DfuKxk0pcUpIRHwRXzwI/xdDV+cTfX/UBPg6/U1jMI8hROW/jfrACuhs
0jaRUDixxW5sCtvU5RmBRpbz85UQgMzJNwcaaGusxcW+qRsVxFYRurxc5M4fL/PM
yzNeBA1BU4pzsyqFp4h84ST7ozUIEnoZpD1c8ppKO8nLQHjpLAkd80gyp5Vzr8f6
nqDSQIZlT1h4qs6j2uYSoGuWkTbA/npC0za/1TT13R017Y/rp9bdQAxNaaZMtElW
MJMFQ7wHDF0TP4GkoSg6fqLgrv4xXwjE097iHnP/sH0b41sG+hIjNtxKwfVOJ1a0
07SD5Rc570Fj53kZmGb+rybJ5IspbBEtQ0uZ8nGYHrIEDQudLtJY3MqwzjoiZoWZ
3893SFLigd6o+pGpK/Ts4njmEgpwfXWX30pzfhxiqHXD/vV+YPgp7rMMwQde2Vfa
YaW+0ObzZoL+e2XznO99xC/Fj+FkKcV25QrYHLJ9WKvzEQvPVYqwFJgYqXM9+0lG
O5yKJOnnJMiBFQabvwM6B6DcMtp+NNtEFwz7F8QHurpfS7BGSL3MOQFRLgrq7BbZ
+V9QPVBLBFOq0scKjpC+siWRsCylAGABLQ/1iak2KpAHUlCxn/HSynZxcRwzclK1
0xmOPsXA2sgl5qEf4UUB2scRKXPW5gXgxSIladjgPdmxL3Q8Z3M=
=dmgO
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to