Your message dated Sat, 08 Sep 2012 13:17:05 +0000 with message-id <e1takuh-0006x0...@franck.debian.org> and subject line Bug#684890: fixed in beaker 1.5.4-4+squeeze1 has caused the Debian Bug report #684890, regarding CVE-2012-3458: Information disclosure to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 684890: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684890 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: beaker Severity: grave Tags: security Justification: user security hole Please see https://groups.google.com/forum/?fromgroups#!topic/pylons-devel/zOx8OhIDru4[1-25] Remember we're in freeze, so please fix this in sid through the isolated fix instead of updating to 1.6.4. Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: beaker Source-Version: 1.5.4-4+squeeze1 We believe that the bug you reported is fixed in the latest version of beaker, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 684...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. David Prévot <taf...@debian.org> (supplier of updated beaker package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 07 Sep 2012 13:40:57 -0400 Source: beaker Binary: python-beaker python3-beaker Architecture: source all Version: 1.5.4-4+squeeze1 Distribution: squeeze-security Urgency: high Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org> Changed-By: David Prévot <taf...@debian.org> Description: python-beaker - cache and session library python3-beaker - cache and session library for Python 3 Closes: 684890 Changes: beaker (1.5.4-4+squeeze1) squeeze-security; urgency=high . * Non-maintainer upload. * Fix security issue, with PyCrypto not securing data such that an attacker could possibly determine parts of the encrypted payload. Patch by Miloslav Trmac of Redhat. [CVE-2012-3458] Closes: #684890 Checksums-Sha1: 4a78eeaf30901e283b30a7d40344528b9de7ac1a 2122 beaker_1.5.4-4+squeeze1.dsc 72a696854e36e2ea92f4535209e4538baf06caa0 46238 beaker_1.5.4.orig.tar.gz 21372e8ad8f754d7364e44afa3e83149e6ed7305 5767 beaker_1.5.4-4+squeeze1.diff.gz 493543c9528ead0e4fbb36b2402efeb783db7a3c 33304 python-beaker_1.5.4-4+squeeze1_all.deb 2c2bd7488f25e0fbe46f0efa7cf99d85885418a6 33284 python3-beaker_1.5.4-4+squeeze1_all.deb Checksums-Sha256: ffadd14ed5e91b61142d5ae6c626b9ccac6251384833b6c5874d1c548e99d5da 2122 beaker_1.5.4-4+squeeze1.dsc a13dc6ae0e9490c85fc2c1ba035ea5b21cd684ee3b4b70b6a9e473f0550a716b 46238 beaker_1.5.4.orig.tar.gz 43c9d79047aac323f296b5e41e7c266b53c01c236c96cd2fe10abbf0b3289a42 5767 beaker_1.5.4-4+squeeze1.diff.gz 0f84c37a655113a7d89255569774b530c457404ee94fade2685bfd8c4b5dfdff 33304 python-beaker_1.5.4-4+squeeze1_all.deb 52ef8c4272f2ca2a82f6581aa0edb39651b8052cf2b779105ab7df86bd65bf65 33284 python3-beaker_1.5.4-4+squeeze1_all.deb Files: 99ce2ed4cc8be7ebddeb8db732f68d3f 2122 python optional beaker_1.5.4-4+squeeze1.dsc de84e7511119dc0b8eb4ac177d3e2512 46238 python optional beaker_1.5.4.orig.tar.gz 412446990d36a0f27fcfb652e7e0bf22 5767 python optional beaker_1.5.4-4+squeeze1.diff.gz 57a6048cb010460957445b0531096e89 33304 python optional python-beaker_1.5.4-4+squeeze1_all.deb aec6971e8848ff2f10e01d9cce1f8435 33284 python optional python3-beaker_1.5.4-4+squeeze1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJQSjQxAAoJELgqIXr9/gny+YUP/AlHxhgop26ZSZCv5k9k3H65 hfE9YdfPQoLMQ787vrIgRoeQR4/m00pDJR2Lg5R2s3eA3mgINjqVrQjOxokXdiMH C7TX5vSnPYW861IFVP7lculoNorZ95Dvz/IQLkpqyZNImYdNn/6MdOnB+/A1H1EO 7P7wYA7dVU6fCzaGaCKrmNpbYonD/PZw2Ot5aH4P4vZvtoml/QChhNvQym1iszF0 yCSJpJr2jNIsJXiw8SdGL10th+98ZdX+YPvpRw2T8PFjaRp9Tudhw1pZiWMlJZNR rFmCrWyfnvtzDj+924XDnWKXXhGg0DR61h7zWfe9X8I4ZvNLcscTLIoPUyz2L4l5 ZdubgAj406kgXF3SgHe7Y8D3H9Z8sBYiqIZmyZzXqTY1yI96Uzz/HA9BrSsV1HrT Pmk3lrwffNfhMjrM9X6Lgiq1VBGV7qqVYIsguYJetWVv3ho1p0+GYVErZ9Gf94NW jugXrOX1d7vBbZCrxQVdTkg4WhOZET4HmlZHmSJIZwP/5gY4x2E1ttvOclXmj6cv vVv14aacqvJ6ip+joGikDqwn9z9tAVrlsmOk1Apl8TSxAFTTv5RBYMbhjKMS2C9G HYp26mE6Ii96VsRN9x0gqj6dRkUG6kz6ws5vTDltdksym5wOKgHvtZGwEZYc1L9f IUkP1Ip09lFTMKpP6fJb =ctCX -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ Python-modules-team mailing list Python-modules-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team
