[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[OATH-Toolkit-help] Bug#738515: marked as done (oath-toolkit: CVE-2013-7
|
From: |
Debian Bug Tracking System |
|
Subject: |
[OATH-Toolkit-help] Bug#738515: marked as done (oath-toolkit: CVE-2013-7322: certain one-time-passwords not invalidated correctly) |
|
Date: |
Thu, 11 Sep 2014 15:24:21 +0000 |
Your message dated Thu, 11 Sep 2014 15:22:32 +0000
with message-id <address@hidden>
and subject line Bug#738515: fixed in oath-toolkit 2.4.1-1
has caused the Debian Bug report #738515,
regarding oath-toolkit: CVE-2013-7322: certain one-time-passwords not
invalidated correctly
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact address@hidden
immediately.)
--
738515: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738515
Debian Bug Tracking System
Contact address@hidden with problems
--- Begin Message ---
|
Subject: |
oath-tookit: CVE-2013-7322: certain one-time-passwords not invalidated correctly |
|
Date: |
Mon, 10 Feb 2014 07:03:37 +0100 |
Package: oath-tookit
Severity: grave
Tags: security upstream
Hi,
the following vulnerability was published for oath-toolkit. It is to
track the isse both in BTS and security tracker.
CVE-2013-7322[0]:
certain one-time-passwords not invalidated correctly
A possible pach is found at [1].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://security-tracker.debian.org/tracker/CVE-2013-7322
[1]
http://lists.nongnu.org/archive/html/oath-toolkit-help/2013-12/txtUm85v7Wqcy.txt
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
|
Subject: |
Bug#738515: fixed in oath-toolkit 2.4.1-1 |
|
Date: |
Thu, 11 Sep 2014 15:22:32 +0000 |
Source: oath-toolkit
Source-Version: 2.4.1-1
We believe that the bug you reported is fixed in the latest version of
oath-toolkit, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to address@hidden,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon Josefsson <address@hidden> (supplier of updated oath-toolkit package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing address@hidden)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 11 Sep 2014 16:38:12 +0200
Source: oath-toolkit
Binary: liboath-dev liboath0 oathtool oath-dbg libpam-oath
Architecture: source
Version: 2.4.1-1
Distribution: unstable
Urgency: low
Maintainer: OATH Toolkit Team <address@hidden>
Changed-By: Simon Josefsson <address@hidden>
Description:
liboath-dev - Development files for the OATH Toolkit Liboath library
liboath0 - OATH Toolkit Liboath library
libpam-oath - OATH Toolkit libpam_oath PAM module
oath-dbg - OATH Toolkit debugging symbols
oathtool - OATH Toolkit oathtool command line tool
Closes: 738515 744641
Changes:
oath-toolkit (2.4.1-1) unstable; urgency=low
.
* New upstream release.
- New symbols added.
- Fixed CVE-2013-7322. Closes: #738515.
- Disable PSKC builds until I found a sponsor.
* Use dh-autoreconf. Closes: #744641.
* Bump to Debian Policy version 3.9.5.
* Add debian/upstream-signing-key.pgp and update watch file.
Checksums-Sha1:
39c89812bca12ec0636b40fb3afdb064ef16a101 1880 oath-toolkit_2.4.1-1.dsc
b0ca4c5f89c12c550f7227123c2f21f45b2bf969 4136649 oath-toolkit_2.4.1.orig.tar.gz
2168e75cb922af99cef24ad7c93bd4b415a71e55 15524
oath-toolkit_2.4.1-1.debian.tar.xz
Checksums-Sha256:
534053d49d92c74b1270aaf8dafaf737245faa7632e770074c425bcc6880163a 1880
oath-toolkit_2.4.1-1.dsc
9bfa42cbc100eb6c43d2bf83e3badc51d9e6f4950a92e07513ae586d0c5e9b24 4136649
oath-toolkit_2.4.1.orig.tar.gz
688eacab2898d99966b1a505ec4277f1cfc4a923d286b1884d4bd0002b4224ae 15524
oath-toolkit_2.4.1-1.debian.tar.xz
Files:
9c004a29c829521e6d9a1cb5c1aab0e5 1880 devel optional oath-toolkit_2.4.1-1.dsc
951bafd1d86e6013903c10be3b6623bb 4136649 devel optional
oath-toolkit_2.4.1.orig.tar.gz
4f91ad6cb4a1e8153d34acd5acd4066b 15524 devel optional
oath-toolkit_2.4.1-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJUEboxAAoJEIYLf7sy+BGdVi0H/jChscvMDL/dls/lw4zgf4rZ
FoOXW9dZBLUTNCwDp3ck7LVhvtLbZE11b5ski3OuCIj/WokSx/eyiqPWt19VQlzO
T08XtfWQjDH6z+fVWjLPENF6CcHffrTJtxtyepzUdGqtzqsHRxwyr7GsxLtWvaBD
do8AzCX0JmKFSDtE6IQyEi8sDVjr/pGvssMFxrcHjYQD+EHAMMAp9LRuhdr/pDll
mGqfn42TJgjSbWAVaKa0sTppdb/b9cl6SGyIaoeG1xujA0l0dcYsvZVx5n8wceah
mJdbuU6+RTPYDMZrqZk3EPHDjMN2s+7x3va+7Y1elp8r2eHcz70u6GTNETDw1Zc=
=np95
-----END PGP SIGNATURE-----
--- End Message ---
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [OATH-Toolkit-help] Bug#738515: marked as done (oath-toolkit: CVE-2013-7322: certain one-time-passwords not invalidated correctly),
Debian Bug Tracking System <=