Your message dated Sat, 10 Feb 2024 13:02:54 +0000 with message-id <E1rYn0Q-002xoP-Qm@coccia.debian.org> and subject line Released with 11.9 has caused the Debian Bug report #1025789, regarding bullseye-pu: wolfssl/4.6.0+p1-0+deb11u2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1025789: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025789 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: bullseye-pu: wolfssl/4.6.0+p1-0+deb11u1_4.6.0+p1-0+deb11u2.debdiff
- From: Felix Lechner <felix.lechner@lease-up.com>
- Date: Thu, 8 Dec 2022 20:07:09 -0800
- Message-id: <CAFHYt5700sEXvdtnSV93_V-+UcqH16MH5PHsOAorTWF6PaGp6A@mail.gmail.com>
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian.org@packages.debian.org Usertags: pu X-Debbugs-CC: sirkilamole@msn.com Hi, The wolfssl upstream released three patches for the version in Debian stable specifically in order to address the following three vulnerabilities present in bullseye: - CVE-2022-42961, scored by NVD as "5.3 medium" [1] - CVE-2022-39173, scored by NVD as "7.5 high" [2] - CVE-2022-42905, scored by NVD as "9.1 critical" [3] All three vulnerabilities are being tracked by DSA. [4] They were already fixed in unstable. There is no separate bug for the stable package. Given the increased popularity of the package [5] and the severity of the vulnerabilities, it seemed prudent to offer users of Debian stable an update. This bug was filed with a view toward the upcoming point release 11.6 for bullseye, which is scheduled for December 17. The freeze starts this weekend. The proposed upload has not seen a lot of testing. Following devref 5.5.1 [7] a source debdiff was attached. Please let me know if the version number is right and if you need any more information, or whether I may upload the package. Thanks! Kind regards, Felix Lechner [1] https://nvd.nist.gov/vuln/detail/CVE-2022-42961 [2] https://nvd.nist.gov/vuln/detail/CVE-2022-39173 [3] https://nvd.nist.gov/vuln/detail/CVE-2022-42905 [4] https://security-tracker.debian.org/tracker/source-package/wolfssl [5] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023697#28 [6] https://lists.debian.org/debian-release/2022/11/msg00251.html [7] https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#special-case-uploads-to-the-stable-and-oldstable-distributionsAttachment: wolfssl_4.6.0+p1-0+deb11u1.dsc_wolfssl_4.6.0+p1-0+deb11u2.dsc.debdiff.xz
Description: Binary data
--- End Message ---
--- Begin Message ---
- To: 1025789-done@bugs.debian.org
- Subject: Released with 11.9
- From: Jonathan Wiltshire <jmw@coccia.debian.org>
- Date: Sat, 10 Feb 2024 13:02:54 +0000
- Message-id: <E1rYn0Q-002xoP-Qm@coccia.debian.org>
Version: 11.9 The upload requested in this bug has been released as part of 11.9.
--- End Message ---