Your message dated Sat, 06 May 2017 14:44:18 +0100 with message-id <1494078258.26551.13.camel@adam-barratt.org.uk> and subject line Closing bugs for updates included in 8.8 has caused the Debian Bug report #852998, regarding jessie-pu: package dropbear/2014.65-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 852998: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852998 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: jessie-pu: package dropbear/2014.65-1
- From: Guilhem Moulin <guilhem@guilhem.org>
- Date: Sat, 28 Jan 2017 20:38:34 +0100
- Message-id: <20170128193834.37wcxu5uv6d3dic5@localhost.localdomain>
Package: release.debian.org Severity: normal Tags: jessie User: release.debian.org@packages.debian.org Usertags: pu Moritz Mühlenhoff from the Security Team suggested to fix dropbear's known vulnerabilities (CVE-2016-3116 and CVE-2016-740[6-8]) via a point release, since they don't warrant a DSA. I enclosed a debdiff against dropbear_2014.65-1.dsc. As mentioned in the Changelog, the backported patches address the following: * If X11 forwarding is enabled a user could bypass any "command=" restrictions in authorized_keys and run any command as their own user. Cherry-picked from 2016.72, changeset 1229:a3e8389e01ff https://secure.ucc.asn.au/hg/dropbear/rev/a3e8389e01ff Fixes CVE-2016-3116 * Message printout was vulnerable to format string injection. If specific usernames including "%" symbols can be created on a system then an attacker could run arbitrary code as root when connecting to Dropbear server. Cherry-picked from 2016.74, changeset 1304:b66a483f3dcb https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb Fixes CVE-2016-7406 * dropbearconvert import of OpenSSH keys could run arbitrary code as the local dropbearconvert user when parsing malicious key files Cherry-picked from 2016.74, changeset 1306:34e6127ef02e, ignoring space/tab changes. https://secure.ucc.asn.au/hg/dropbear/rev/34e6127ef02e Fixes CVE-2016-7407 * dbclient could run arbitrary code as the local dbclient user if particular -m or -c arguments are provided. Cherry-picked from 2016.74, changeset 1303:eed9376a4ad6 https://secure.ucc.asn.au/hg/dropbear/rev/eed9376a4ad6 Fixes CVE-2016-7408 Could you consider to have it included in the upcoming point release? (BTW I was not maintaining dropbear yet when Jessie was released. Therefore -1+deb8u1 looks like an NMU with invalid version number. Should I leave it like this, should I add the proper suffix, or should I add myself as maintainer?) Thanks! Cheers, -- Guilhem.diff -u dropbear-2014.65/debian/changelog dropbear-2014.65/debian/changelog --- dropbear-2014.65/debian/changelog +++ dropbear-2014.65/debian/changelog @@ -1,3 +1,19 @@ +dropbear (2014.65-1+deb8u1) jessie; urgency=medium + + * Backport security fix from 2016.72: If X11 forwarding is enabled a user + could bypass any "command=" restrictions in authorized_keys and run any + command as their own user (CVE-2016-3116). + * Backport security fixes from 2016.74: + - Message printout was vulnerable to format string injection + (CVE-2016-7406). + - dropbearconvert import of OpenSSH keys could run arbitrary code as the + local dropbearconvert user when parsing malicious key files + (CVE-2016-7407). + - dbclient could run arbitrary code as the local dbclient user if + particular -m or -c arguments are provided (CVE-2016-7408). + + -- Guilhem Moulin <guilhem@guilhem.org> Sat, 28 Jan 2017 18:23:47 +0100 + dropbear (2014.65-1) unstable; urgency=low [ Matt Johnston ] only in patch2: unchanged: --- dropbear-2014.65.orig/debian/diff/003-Validate-xauth-input.diff +++ dropbear-2014.65/debian/diff/003-Validate-xauth-input.diff @@ -0,0 +1,78 @@ +From 3d0143c962d2514b512b25d2518fa9e5993922e1 Mon Sep 17 00:00:00 2001 +From: Guilhem Moulin <guilhem@guilhem.org> +Date: Sat, 28 Jan 2017 19:45:24 +0100 +Subject: [PATCH] Validate xauth input + +Cherry-picked from upstream changeset 1229:a3e8389e01ff +https://secure.ucc.asn.au/hg/dropbear/rev/a3e8389e01ff + +Fixes CVE-2016-3116. Quoting the 2016.72 release notes, + + If X11 forwarding is enabled a user could bypass any "command=" + restrictions in authorized_keys and run any command as their own + user (or perform other operations allowed by the "xauth" binary such + as writing files). It does not affect systems where command= + restrictions are not used. +--- + svr-x11fwd.c | 27 +++++++++++++++++++++++++-- + 1 file changed, 25 insertions(+), 2 deletions(-) + +diff --git a/svr-x11fwd.c b/svr-x11fwd.c +index ceca26a..5a489d4 100644 +--- a/svr-x11fwd.c ++++ b/svr-x11fwd.c +@@ -42,11 +42,29 @@ static void x11accept(struct Listener* listener, int sock); + static int bindport(int fd); + static int send_msg_channel_open_x11(int fd, struct sockaddr_in* addr); + ++/* Check untrusted xauth strings for metacharacters */ ++/* Returns DROPBEAR_SUCCESS/DROPBEAR_FAILURE */ ++static int ++xauth_valid_string(const char *s) ++{ ++ size_t i; ++ ++ for (i = 0; s[i] != '\0'; i++) { ++ if (!isalnum(s[i]) && ++ s[i] != '.' && s[i] != ':' && s[i] != '/' && ++ s[i] != '-' && s[i] != '_') { ++ return DROPBEAR_FAILURE; ++ } ++ } ++ return DROPBEAR_SUCCESS; ++} ++ ++ + /* called as a request for a session channel, sets up listening X11 */ + /* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ + int x11req(struct ChanSess * chansess) { + +- int fd; ++ int fd = -1; + + if (!svr_pubkey_allows_x11fwd()) { + return DROPBEAR_FAILURE; +@@ -62,6 +80,11 @@ int x11req(struct ChanSess * chansess) { + chansess->x11authcookie = buf_getstring(ses.payload, NULL); + chansess->x11screennum = buf_getint(ses.payload); + ++ if (xauth_valid_string(chansess->x11authprot) == DROPBEAR_FAILURE || ++ xauth_valid_string(chansess->x11authcookie) == DROPBEAR_FAILURE) { ++ dropbear_log(LOG_WARNING, "Bad xauth request"); ++ goto fail; ++ } + /* create listening socket */ + fd = socket(PF_INET, SOCK_STREAM, 0); + if (fd < 0) { +@@ -159,7 +182,7 @@ void x11setauth(struct ChanSess *chansess) { + return; + } + +- /* popen is a nice function - code is strongly based on OpenSSH's */ ++ /* code is strongly based on OpenSSH's */ + authprog = popen(XAUTH_COMMAND, "w"); + if (authprog) { + fprintf(authprog, "add %s %s %s\n", +-- +2.11.0 + only in patch2: unchanged: --- dropbear-2014.65.orig/debian/diff/004-Improve-exit-message-formatting.diff +++ dropbear-2014.65/debian/diff/004-Improve-exit-message-formatting.diff @@ -0,0 +1,115 @@ +From ce6faa122f49386583dd7d377bd3edb6cd22df76 Mon Sep 17 00:00:00 2001 +From: Guilhem Moulin <guilhem@guilhem.org> +Date: Sat, 28 Jan 2017 18:17:28 +0100 +Subject: [PATCH] Improve exit message formatting + +Cherry-picked from upstream changeset 1304:b66a483f3dcb +https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb + +Fixes CVE-2016-7406. Quoting the 2016.74 release notes, + + Security: Message printout was vulnerable to format string injection. + + If specific usernames including "%" symbols can be created on a system + (validated by getpwnam()) then an attacker could run arbitrary code as root + when connecting to Dropbear server. + + A dbclient user who can control username or host arguments could potentially + run arbitrary code as the dbclient user. This could be a problem if scripts + or webpages pass untrusted input to the dbclient program. +--- + cli-main.c | 17 +++++++++++------ + svr-session.c | 22 ++++++++++++---------- + 2 files changed, 23 insertions(+), 16 deletions(-) + +diff --git a/cli-main.c b/cli-main.c +index 0b4047c..3f8a43b 100644 +--- a/cli-main.c ++++ b/cli-main.c +@@ -89,17 +89,22 @@ int main(int argc, char ** argv) { + #endif /* DBMULTI stuff */ + + static void cli_dropbear_exit(int exitcode, const char* format, va_list param) { ++ char exitmsg[150]; ++ char fullmsg[300]; + +- char fmtbuf[300]; ++ /* Note that exit message must be rendered before session cleanup */ + ++ /* Render the formatted exit message */ ++ vsnprintf(exitmsg, sizeof(exitmsg), format, param); ++ ++ /* Add the prefix depending on session/auth state */ + if (!sessinitdone) { +- snprintf(fmtbuf, sizeof(fmtbuf), "Exited: %s", +- format); ++ snprintf(fullmsg, sizeof(fullmsg), "Exited: %s", exitmsg); + } else { +- snprintf(fmtbuf, sizeof(fmtbuf), ++ snprintf(fullmsg, sizeof(fullmsg), + "Connection to %s@%s:%s exited: %s", + cli_opts.username, cli_opts.remotehost, +- cli_opts.remoteport, format); ++ cli_opts.remoteport, exitmsg); + } + + /* Do the cleanup first, since then the terminal will be reset */ +@@ -107,7 +112,7 @@ static void cli_dropbear_exit(int exitcode, const char* format, va_list param) { + /* Avoid printing onwards from terminal cruft */ + fprintf(stderr, "\n"); + +- _dropbear_log(LOG_INFO, fmtbuf, param); ++ dropbear_log(LOG_INFO, "%s", fullmsg); + exit(exitcode); + } + +diff --git a/svr-session.c b/svr-session.c +index 4d3c058..5d899aa 100644 +--- a/svr-session.c ++++ b/svr-session.c +@@ -144,30 +144,32 @@ void svr_session(int sock, int childpipe) { + + /* failure exit - format must be <= 100 chars */ + void svr_dropbear_exit(int exitcode, const char* format, va_list param) { ++ char exitmsg[150]; ++ char fullmsg[300]; + +- char fmtbuf[300]; ++ /* Render the formatted exit message */ ++ vsnprintf(exitmsg, sizeof(exitmsg), format, param); + ++ /* Add the prefix depending on session/auth state */ + if (!sessinitdone) { + /* before session init */ +- snprintf(fmtbuf, sizeof(fmtbuf), +- "Early exit: %s", format); ++ snprintf(fullmsg, sizeof(fullmsg), "Early exit: %s", exitmsg); + } else if (ses.authstate.authdone) { + /* user has authenticated */ +- snprintf(fmtbuf, sizeof(fmtbuf), ++ snprintf(fullmsg, sizeof(fullmsg), + "Exit (%s): %s", +- ses.authstate.pw_name, format); ++ ses.authstate.pw_name, exitmsg); + } else if (ses.authstate.pw_name) { + /* we have a potential user */ +- snprintf(fmtbuf, sizeof(fmtbuf), ++ snprintf(fullmsg, sizeof(fullmsg), + "Exit before auth (user '%s', %d fails): %s", +- ses.authstate.pw_name, ses.authstate.failcount, format); ++ ses.authstate.pw_name, ses.authstate.failcount, exitmsg); + } else { + /* before userauth */ +- snprintf(fmtbuf, sizeof(fmtbuf), +- "Exit before auth: %s", format); ++ snprintf(fullmsg, sizeof(fullmsg), "Exit before auth: %s", exitmsg); + } + +- _dropbear_log(LOG_INFO, fmtbuf, param); ++ dropbear_log(LOG_INFO, "%s", fullmsg); + + #ifdef USE_VFORK + /* For uclinux only the main server process should cleanup - we don't want +-- +2.11.0 + only in patch2: unchanged: --- dropbear-2014.65.orig/debian/diff/005-Merge-fixes-from-PuTTY-import.c.diff +++ dropbear-2014.65/debian/diff/005-Merge-fixes-from-PuTTY-import.c.diff @@ -0,0 +1,151 @@ +From c81c9206f4c2367d4ed134e0688d39b836bb4167 Mon Sep 17 00:00:00 2001 +From: Guilhem Moulin <guilhem@guilhem.org> +Date: Sat, 28 Jan 2017 19:24:20 +0100 +Subject: [PATCH] Merge fixes from PuTTY import.c + +Cherry-picked from upstream changeset 1306:34e6127ef02e, ignoring space +vs. tab changes. https://secure.ucc.asn.au/hg/dropbear/rev/34e6127ef02e + +Fixes CVE-2016-7407. Quoting the 2016.74 release notes, + + Security: dropbearconvert import of OpenSSH keys could run arbitrary + code as the local dropbearconvert user when parsing malicious key + files +--- + keyimport.c | 56 +++++++++++++++++++++++++++++++++++++++++++------------- + 1 file changed, 43 insertions(+), 13 deletions(-) + +diff --git a/keyimport.c b/keyimport.c +index 66a7f55..f487e87 100644 +--- a/keyimport.c ++++ b/keyimport.c +@@ -60,6 +60,8 @@ static int openssh_write(const char *filename, sign_key *key, + static int dropbear_write(const char*filename, sign_key * key); + static sign_key *dropbear_read(const char* filename); + ++static int toint(unsigned u); ++ + #if 0 + static int sshcom_encrypted(const char *filename, char **comment); + static struct ssh2_userkey *sshcom_read(const char *filename, char *passphrase); +@@ -241,12 +243,11 @@ static int ber_read_id_len(void *source, int sourcelen, + if ((*p & 0x1F) == 0x1F) { + *id = 0; + while (*p & 0x80) { +- *id = (*id << 7) | (*p & 0x7F); + p++, sourcelen--; + if (sourcelen == 0) + return -1; ++ *id = (*id << 7) | (*p & 0x7F); + } +- *id = (*id << 7) | (*p & 0x7F); + p++, sourcelen--; + } else { + *id = *p & 0x1F; +@@ -257,14 +258,16 @@ static int ber_read_id_len(void *source, int sourcelen, + return -1; + + if (*p & 0x80) { ++ unsigned len; + int n = *p & 0x7F; + p++, sourcelen--; + if (sourcelen < n) + return -1; +- *length = 0; ++ len = 0; + while (n--) +- *length = (*length << 8) | (*p++); ++ len = (len << 8) | (*p++); + sourcelen -= n; ++ *length = toint(len); + } else { + *length = *p; + p++, sourcelen--; +@@ -584,7 +587,8 @@ static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase)) + /* Expect the SEQUENCE header. Take its absence as a failure to decrypt. */ + ret = ber_read_id_len(p, key->keyblob_len, &id, &len, &flags); + p += ret; +- if (ret < 0 || id != 16) { ++ if (ret < 0 || id != 16 || len < 0 || ++ key->keyblob+key->keyblob_len-p < len) { + errmsg = "ASN.1 decoding failure - wrong password?"; + goto error; + } +@@ -619,7 +623,7 @@ static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase)) + ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p, + &id, &len, &flags); + p += ret; +- if (ret < 0 || id != 2 || ++ if (ret < 0 || id != 2 || len < 0 || + key->keyblob+key->keyblob_len-p < len) { + errmsg = "ASN.1 decoding failure"; + goto error; +@@ -1408,11 +1412,12 @@ int sshcom_encrypted(const char *filename, char **comment) + pos = 8; + if (key->keyblob_len < pos+4) + goto done; /* key is far too short */ +- pos += 4 + GET_32BIT(key->keyblob + pos); /* skip key type */ +- if (key->keyblob_len < pos+4) ++ len = toint(GET_32BIT(key->keyblob + pos)); ++ if (len < 0 || len > key->keyblob_len - pos - 4) + goto done; /* key is far too short */ +- len = GET_32BIT(key->keyblob + pos); /* find cipher-type length */ +- if (key->keyblob_len < pos+4+len) ++ pos += 4 + len; /* skip key type */ ++ len = toint(GET_32BIT(key->keyblob + pos)); /* find cipher-type length */ ++ if (len < 0 || len > key->keyblob_len - pos - 4) + goto done; /* cipher type string is incomplete */ + if (len != 4 || 0 != memcmp(key->keyblob + pos + 4, "none", 4)) + answer = 1; +@@ -1602,8 +1607,8 @@ sign_key *sshcom_read(const char *filename, char *passphrase) + /* + * Strip away the containing string to get to the real meat. + */ +- len = GET_32BIT(ciphertext); +- if (len > cipherlen-4) { ++ len = toint(GET_32BIT(ciphertext)); ++ if (len < 0 || len > cipherlen-4) { + errmsg = "containing string was ill-formed"; + goto error; + } +@@ -1670,7 +1675,8 @@ sign_key *sshcom_read(const char *filename, char *passphrase) + publen = pos; + pos += put_mp(blob+pos, x.start, x.bytes); + privlen = pos - publen; +- } ++ } else ++ return NULL; + + dropbear_assert(privlen > 0); /* should have bombed by now if not */ + +@@ -1907,3 +1913,27 @@ int sshcom_write(const char *filename, sign_key *key, + return ret; + } + #endif /* ssh.com stuff disabled */ ++ ++/* From PuTTY misc.c */ ++static int toint(unsigned u) ++{ ++ /* ++ * Convert an unsigned to an int, without running into the ++ * undefined behaviour which happens by the strict C standard if ++ * the value overflows. You'd hope that sensible compilers would ++ * do the sensible thing in response to a cast, but actually I ++ * don't trust modern compilers not to do silly things like ++ * assuming that _obviously_ you wouldn't have caused an overflow ++ * and so they can elide an 'if (i < 0)' test immediately after ++ * the cast. ++ * ++ * Sensible compilers ought of course to optimise this entire ++ * function into 'just return the input value'! ++ */ ++ if (u <= (unsigned)INT_MAX) ++ return (int)u; ++ else if (u >= (unsigned)INT_MIN) /* wrap in cast _to_ unsigned is OK */ ++ return INT_MIN + (int)(u - (unsigned)INT_MIN); ++ else ++ return INT_MIN; /* fallback; should never occur on binary machines */ ++} +-- +2.11.0 + only in patch2: unchanged: --- dropbear-2014.65.orig/debian/diff/006-Improve-algorithm-list-parsing.diff +++ dropbear-2014.65/debian/diff/006-Improve-algorithm-list-parsing.diff @@ -0,0 +1,107 @@ +From a628d54c4f4481c02d7767e2e8767c9a71362ce1 Mon Sep 17 00:00:00 2001 +From: Guilhem Moulin <guilhem@guilhem.org> +Date: Sat, 28 Jan 2017 19:37:39 +0100 +Subject: [PATCH] Improve algorithm list parsing + +Cherry-picked from upstream changeset 1303:eed9376a4ad6 +https://secure.ucc.asn.au/hg/dropbear/rev/eed9376a4ad6 + +Fixes CVE-2016-7408. Quoting the the 2016.74 release notes, + + Security: dbclient could run arbitrary code as the local dbclient + user if particular -m or -c arguments are provided. This could be an + issue where dbclient is used in scripts. +--- + common-algo.c | 62 +++++++++++++++++++++++++++++------------------------------ + 1 file changed, 30 insertions(+), 32 deletions(-) + +diff --git a/common-algo.c b/common-algo.c +index e57f37c..e5aaaf1 100644 +--- a/common-algo.c ++++ b/common-algo.c +@@ -491,21 +491,6 @@ check_algo(const char* algo_name, algo_type *algos) + return NULL; + } + +-static void +-try_add_algo(const char *algo_name, algo_type *algos, +- const char *algo_desc, algo_type * new_algos, int *num_ret) +-{ +- algo_type *match_algo = check_algo(algo_name, algos); +- if (!match_algo) +- { +- dropbear_log(LOG_WARNING, "This Dropbear program does not support '%s' %s algorithm", algo_name, algo_desc); +- return; +- } +- +- new_algos[*num_ret] = *match_algo; +- (*num_ret)++; +-} +- + /* Checks a user provided comma-separated algorithm list for available + * options. Any that are not acceptable are removed in-place. Returns the + * number of valid algorithms. */ +@@ -513,30 +498,43 @@ int + check_user_algos(const char* user_algo_list, algo_type * algos, + const char *algo_desc) + { +- algo_type new_algos[MAX_PROPOSED_ALGO]; +- /* this has two passes. first we sweep through the given list of +- * algorithms and mark them as usable=2 in the algo_type[] array... */ +- int num_ret = 0; ++ algo_type new_algos[MAX_PROPOSED_ALGO+1]; + char *work_list = m_strdup(user_algo_list); +- char *last_name = work_list; ++ char *start = work_list; + char *c; +- for (c = work_list; *c; c++) ++ int n; ++ /* So we can iterate and look for null terminator */ ++ memset(new_algos, 0x0, sizeof(new_algos)); ++ for (c = work_list, n = 0; ; c++) + { +- if (*c == ',') +- { ++ char oc = *c; ++ if (n >= MAX_PROPOSED_ALGO) { ++ dropbear_exit("Too many algorithms '%s'", user_algo_list); ++ } ++ if (*c == ',' || *c == '\0') { ++ algo_type *match_algo = NULL; + *c = '\0'; +- try_add_algo(last_name, algos, algo_desc, new_algos, &num_ret); ++ match_algo = check_algo(start, algos); ++ if (match_algo) { ++ if (check_algo(start, new_algos)) { ++ TRACE(("Skip repeated algorithm '%s'", start)) ++ } else { ++ new_algos[n] = *match_algo; ++ n++; ++ } ++ } else { ++ dropbear_log(LOG_WARNING, "This Dropbear program does not support '%s' %s algorithm", start, algo_desc); ++ } + c++; +- last_name = c; ++ start = c; ++ } ++ if (oc == '\0') { ++ break; + } + } +- try_add_algo(last_name, algos, algo_desc, new_algos, &num_ret); + m_free(work_list); +- +- new_algos[num_ret].name = NULL; +- +- /* Copy one more as a blank delimiter */ +- memcpy(algos, new_algos, sizeof(*new_algos) * (num_ret+1)); +- return num_ret; ++ /* n+1 to include a null terminator */ ++ memcpy(algos, new_algos, sizeof(*new_algos) * (n+1)); ++ return n; + } + #endif /* ENABLE_USER_ALGO_LIST */ +-- +2.11.0 +Attachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 841724-done@bugs.debian.org, 842929-done@bugs.debian.org, 850003-done@bugs.debian.org, 850931-done@bugs.debian.org, 851105-done@bugs.debian.org, 851151-done@bugs.debian.org, 851262-done@bugs.debian.org, 851397-done@bugs.debian.org, 851527-done@bugs.debian.org, 851528-done@bugs.debian.org, 851678-done@bugs.debian.org, 852040-done@bugs.debian.org, 852361-done@bugs.debian.org, 852624-done@bugs.debian.org, 852998-done@bugs.debian.org, 853162-done@bugs.debian.org, 853233-done@bugs.debian.org, 853235-done@bugs.debian.org, 853965-done@bugs.debian.org, 854621-done@bugs.debian.org, 854811-done@bugs.debian.org, 854812-done@bugs.debian.org, 855345-done@bugs.debian.org, 856171-done@bugs.debian.org, 856174-done@bugs.debian.org, 856627-done@bugs.debian.org, 856665-done@bugs.debian.org, 856832-done@bugs.debian.org, 856872-done@bugs.debian.org, 857041-done@bugs.debian.org, 857434-done@bugs.debian.org, 857468-done@bugs.debian.org, 857920-done@bugs.debian.org, 858028-done@bugs.debian.org, 858130-done@bugs.debian.org, 858547-done@bugs.debian.org, 858642-done@bugs.debian.org, 858680-done@bugs.debian.org, 858996-done@bugs.debian.org, 859475-done@bugs.debian.org, 859801-done@bugs.debian.org, 859846-done@bugs.debian.org, 859906-done@bugs.debian.org, 860017-done@bugs.debian.org, 860276-done@bugs.debian.org, 860289-done@bugs.debian.org, 860414-done@bugs.debian.org, 860577-done@bugs.debian.org, 860718-done@bugs.debian.org, 860798-done@bugs.debian.org, 861056-done@bugs.debian.org, 861110-done@bugs.debian.org, 861129-done@bugs.debian.org, 861200-done@bugs.debian.org, 861294-done@bugs.debian.org, 861389-done@bugs.debian.org, 861391-done@bugs.debian.org, 861392-done@bugs.debian.org, 861395-done@bugs.debian.org, 861397-done@bugs.debian.org, 861489-done@bugs.debian.org
- Subject: Closing bugs for updates included in 8.8
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Sat, 06 May 2017 14:44:18 +0100
- Message-id: <1494078258.26551.13.camel@adam-barratt.org.uk>
Version: 8.8 Hi, Each of these bugs refers to an update that was included in today's jessie point release. Thanks! Regards, Adam
--- End Message ---