[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#213253: marked as done (cipe-source: no replay protection in the KX)

Your message dated Sat, 04 Aug 2007 18:12:30 +0200
with message-id <87zm17xor5.fsf@slavuj.carpriv.carnet.hr>
and subject line Removed
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: cipe-source
Version: all 
Severity: critical
Justification: remote security hole

CIPE has many, many serious problems that require a complete overhaul
of the protocol to fix.

As it stands right now, anyone building VPNs using CIPE and trusting it
to insure encryption and integrity protection is putting themselves in
serious jeopardy.

Please check http://www.mit.edu:8008/bloom-picayune/crypto/14238 for the
gruesome facts.

This package should be removed from Debian until upstream overhauls the
protocol to something that actually works...

-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux khazad-dum 2.4.22-rc2-ac3 #1 Qui Ago 21 09:41:12 BRT 2003 i686
Locale: LANG=pt_BR, LC_CTYPE=pt_BR

  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

--- End Message ---
--- Begin Message ---
cipe has been removed from Debian.  For details, please see

--- End Message ---

Reply to: