[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#962517: marked as done (CVE-2020-10759)



Your message dated Thu, 09 Jul 2020 18:47:31 +0000
with message-id <E1jtbZz-000DYP-U3@fasolo.debian.org>
and subject line Bug#962517: fixed in fwupd 0.8.3-1
has caused the Debian Bug report #962517,
regarding CVE-2020-10759
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
962517: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962517
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Source: fwupd
Severity: grave
Tags: security

https://github.com/justinsteven/advisories/blob/master/2020_fwupd_dangling_s3_bucket_and_CVE-2020-10759_signature_verification_bypass.md

Cheers,
        Moritz

--- End Message ---
--- Begin Message ---
Source: fwupd
Source-Version: 0.8.3-1
Done: Mario Limonciello <mario.limonciello@dell.com>

We believe that the bug you reported is fixed in the latest version of
fwupd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 962517@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mario Limonciello <mario.limonciello@dell.com> (supplier of updated fwupd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 07 Jul 2020 23:15:59 -0500
Source: fwupd
Binary: libfwupd1 libdfu1 fwupd fwupd-doc libfwupd-dev gir1.2-fwupd-1.0 libdfu-dev
Architecture: source
Version: 0.8.3-1
Distribution: oldstable
Urgency: medium
Maintainer: Debian EFI <debian-efi@lists.debian.org>
Changed-By: Mario Limonciello <mario.limonciello@dell.com>
Description:
 fwupd      - Firmware update daemon
 fwupd-doc  - Firmware update daemon documentation (HTML format)
 gir1.2-fwupd-1.0 - GObject introspection data for libfwupd
 libdfu-dev - development files for libdfu
 libdfu1    - Firmware update daemon library for DFU support
 libfwupd-dev - development files for libfwupd
 libfwupd1  - Firmware update daemon library
Closes: 961490 962517
Changes:
 fwupd (0.8.3-1) oldstable; urgency=medium
 .
   * Update to 0.8.3 point release
     - Upstream no longer supports the 0.7.x series
   * Drop existing patches all merged into 0.8.3 release.
   * Drop no longer used libebitdo1 and libebitdo-dev packages
   * Refresh symbols
   * Backport series of commits to allow better longevity on 0.8.x
     - Use a CNAME to redirect to the correct CDN for metadata (Closes: #961490)
     - Do not abort startup if the XML metadata file is invalid
     - Add the Linux Foundation public GPG keys for firmware and metadata
     - Raise the metadata limit to 10Mb
     - Validate that gpgme_op_verify_result() returned at least one signature
       (Closes: #962517)
Checksums-Sha1:
 ed25811d2ed70573d32e3edfcfd5f530c5b54c49 3082 fwupd_0.8.3-1.dsc
 4188a585fc2baae3b8df280a18a24b9b94ec5759 1299619 fwupd_0.8.3.orig.tar.gz
 30d654f00f527ddea45b4b0ca418a63cfe3cb078 15640 fwupd_0.8.3-1.debian.tar.xz
 04c12e1d889f2ca142bd9f9191235d6296a89e2c 13819 fwupd_0.8.3-1_source.buildinfo
Checksums-Sha256:
 5f03ea5b04f6428ecdf7d39926af0d0f16c24301b0e7851db48790efb6b53c36 3082 fwupd_0.8.3-1.dsc
 729536f9b5c531738e05c65bff562bd2f4f434191502952067f3817d4b75511a 1299619 fwupd_0.8.3.orig.tar.gz
 3f70188e7de01a285e438d00e6f54d9fc7c1489510ed94dc497076c504909b7e 15640 fwupd_0.8.3-1.debian.tar.xz
 8dce068002c4e9dd1e797605692b7f573902192918e78eb69f52b89f33164066 13819 fwupd_0.8.3-1_source.buildinfo
Files:
 0e898d6d3def340d45ad85770c845abd 3082 admin optional fwupd_0.8.3-1.dsc
 fc9b209fb6ec6807e21f1a197e95dd82 1299619 admin optional fwupd_0.8.3.orig.tar.gz
 a10fc1c430e35a9fe7f66b842ecca76d 15640 admin optional fwupd_0.8.3-1.debian.tar.xz
 137f6fed7aa9812cb2ceaa04e0e67cfd 13819 admin optional fwupd_0.8.3-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCAAvFiEEzrtSMB1hfpEDkP4WWHl5VzRCaE4FAl8HA04RHDkzc2FtQGRl
Ymlhbi5vcmcACgkQWHl5VzRCaE7x+A//WUwHWBDMZ2BPLXegYrsQzfrMJY/IaqEC
LRFHVInwIiKoNePR/9ctGwOVbEBCQQpWBrEcwk8LcE5/yEUtPKAfeB4q3KaedsCL
3x03i63bimdc2pUC/izm5sdRUYI7e2Pu+BRtWPvvQuthQik6395TiLf7fo+LYzTv
XLvq9VIIujNe0uMVoXjKHE73u0EgH6tJY7lbE0pfYcRwnmQVtCuzDZeUUln+Z08s
qwkgIO0TdlJz048Z98ZMj3fgdMO8q6aTfzHa51kcYLV7bJyRu36NgQ3wOzsaevNe
bBC74yb5PXnapSz0d8dZbKGS7g1/GKY0ah+TlJMOi68Hn/XGk1drbZhWMC9bxNrL
3T+QRHCH5c9b16CNv2+iXW9qnDv5dIO9EVhMd1SdZqKS0pMo5qN/rJkaDVDrfioF
WoTdIc1Jbvdt/jVvDJl/67r0S5VxThOCd9ZFg9V/EIXgkkmFeHX0kLhWHhLloF3z
iU9ZEh3sbwYwe4YQL/jrWp/xIG8APtYq/qB2mDH/JnGVwXlEFQLVGlbrpm3TCqxJ
cvOwXyT/q+owiCoLy3F05h2HMQAtZX0wvc2d779KcOOhq4VO7ulB5W7zEk1RfS8p
7jMZglmOn7NhNyBYMpNQRvQEIajySmV1m3vtOBM2XaxPWESanbUX1x9sAkblXtnj
sX9oGroYrqA=
=ypjc
-----END PGP SIGNATURE-----

--- End Message ---

Reply to: