Your message dated Sat, 12 Jan 2008 18:10:10 +0100 with message-id <20080112171008.GA17754@volta.aurel32.net> and subject line FreeBSD: CVE-2007-6150 programming error in random number generator has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: FreeBSD: CVE-2007-6150 programming error in random number generator
- From: Nico Golde <nion@debian.org>
- Date: Sun, 2 Dec 2007 15:18:59 +0100
- Message-id: <20071202141859.GA15403@ngolde.de>
Package: kfreebsd-5 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for kfreebsd-5. CVE-2007-6150[0]: | The "internal state tracking" code for the random and urandom devices | in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to | obtain portions of previously-accessed random values, which could be | leveraged to bypass protection mechanisms that rely on secrecy of | those values. If you fix this vulnerability please also include the CVE id in your changelog entry. A patch for this can be found on: http://security.freebsd.org/patches/SA-07:09/random.patch For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6150 Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.Attachment: pgpX50mUyQeIg.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: Nico Golde <nion@debian.org>
- Cc: 453944-done@bugs.debian.org
- Subject: Re: FreeBSD: CVE-2007-6150 programming error in random number generator
- From: Aurelien Jarno <aurelien@aurel32.net>
- Date: Sat, 12 Jan 2008 18:10:10 +0100
- Message-id: <20080112171008.GA17754@volta.aurel32.net>
- In-reply-to: <20071202141859.GA15403@ngolde.de>
- References: <20071202141859.GA15403@ngolde.de>
On Sun, Dec 02, 2007 at 03:18:59PM +0100, Nico Golde wrote: > Package: kfreebsd-5 > Severity: grave > Tags: security patch > > Hi, > the following CVE (Common Vulnerabilities & Exposures) id was > published for kfreebsd-5. > > CVE-2007-6150[0]: > | The "internal state tracking" code for the random and urandom devices > | in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to > | obtain portions of previously-accessed random values, which could be > | leveraged to bypass protection mechanisms that rely on secrecy of > | those values. > > If you fix this vulnerability please also include the CVE id > in your changelog entry. > > A patch for this can be found on: > http://security.freebsd.org/patches/SA-07:09/random.patch > > For further information: > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6150 > kfreebsd-5 has been removed from the archive, and replaced by kfreebsd-6 and kfreebsd-7. Both of them have this vulnerability fixed. Closing the bug -- .''`. Aurelien Jarno | GPG: 1024D/F1BCDB73 : :' : Debian developer | Electrical Engineer `. `' aurel32@debian.org | aurelien@aurel32.net `- people.debian.org/~aurel32 | www.aurel32.net
--- End Message ---