Bug#856399: marked as done (libxdmcp: CVE-2017-2625: Weak entropy usage for session keys in libxdm)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Tue, 28 Feb 2017 22:04:48 +0000
with message-id <E1cipt2-0009Bt-5v@fasolo.debian.org>
and subject line Bug#856399: fixed in libxdmcp 1:1.1.2-2
has caused the Debian Bug report #856399,
regarding libxdmcp: CVE-2017-2625: Weak entropy usage for session keys in libxdm
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
856399: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856399
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: libxdmcp: CVE-2017-2625: Weak entropy usage for session keys in libxdm
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Tue, 28 Feb 2017 16:50:42 +0100
• Message-id: <[🔎] 148829704274.17031.6665950702618120037.reportbug@eldamar.local>

Source: libxdmcp
Version: 1:1.1.1-1
Severity: important
Tags: upstream security

Hi,

the following vulnerability was published for libxdmcp.

CVE-2017-2625[0]:
Weak entropy usage for session keys in libxdm

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-2625
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2625

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

• To: 856399-close@bugs.debian.org
• Subject: Bug#856399: fixed in libxdmcp 1:1.1.2-2
• From: Emilio Pozuelo Monfort <pochu@debian.org>
• Date: Tue, 28 Feb 2017 22:04:48 +0000
• Message-id: <E1cipt2-0009Bt-5v@fasolo.debian.org>

Source: libxdmcp
Source-Version: 1:1.1.2-2

We believe that the bug you reported is fixed in the latest version of
libxdmcp, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 856399@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emilio Pozuelo Monfort <pochu@debian.org> (supplier of updated libxdmcp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 28 Feb 2017 22:47:22 +0100
Source: libxdmcp
Binary: libxdmcp6 libxdmcp6-udeb libxdmcp6-dbg libxdmcp-dev
Architecture: source
Version: 1:1.1.2-2
Distribution: unstable
Urgency: medium
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Emilio Pozuelo Monfort <pochu@debian.org>
Description:
 libxdmcp-dev - X11 authorisation library (development headers)
 libxdmcp6  - X11 Display Manager Control Protocol library
 libxdmcp6-dbg - X11 authorisation library (debug package)
 libxdmcp6-udeb - X11 Display Manager Control Protocol library (udeb)
Closes: 856399
Changes:
 libxdmcp (1:1.1.2-2) unstable; urgency=medium
 .
   * CVE-2017-2625: Build-depend on libbsd-dev for arc4random_buf.
     Closes: #856399.
Checksums-Sha1:
 c0ef7500f74847cd8396cc567eab3aa624623695 2116 libxdmcp_1.1.2-2.dsc
 486a7fea7c7e43df0b9032ae23f592420728ad52 404115 libxdmcp_1.1.2.orig.tar.gz
 1903212db509e778ef7fc1d18322b28aae7d4d70 17613 libxdmcp_1.1.2-2.diff.gz
 bd8f963a955d7e1882ff5c19008c6b364aebba2b 4852 libxdmcp_1.1.2-2_source.buildinfo
Checksums-Sha256:
 e1327f050ad5e096e8f15144fea60983e7c4763dbe0cc4efcedadd2ce7a5a280 2116 libxdmcp_1.1.2-2.dsc
 6f7c7e491a23035a26284d247779174dedc67e34e93cc3548b648ffdb6fc57c0 404115 libxdmcp_1.1.2.orig.tar.gz
 824a2daa892f3195ac9355ffd969c9a56144b35e9e3e6c978f15b0b825146a4d 17613 libxdmcp_1.1.2-2.diff.gz
 267fb9b9e9ac6d646a8389988c011467b1c802aec6a44ab0ef06f6d102a9504d 4852 libxdmcp_1.1.2-2_source.buildinfo
Files:
 8de05b41a8e176b77573260c9916b1ce 2116 x11 optional libxdmcp_1.1.2-2.dsc
 ab0d6a38f0344a05d698ec7d48cfa5a8 404115 x11 optional libxdmcp_1.1.2.orig.tar.gz
 ddbd21c13fde923b762b37cb139554b5 17613 x11 optional libxdmcp_1.1.2-2.diff.gz
 425d39d183161df3d22d46327be3f8c4 4852 x11 optional libxdmcp_1.1.2-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAli18AYACgkQnUbEiOQ2
gwJ4dhAAiqk7+AppBAZCGnpvliVATgWwCvxEeTVlUkoziDvnYBEIswiqLxF5cXwX
xw02uq3y0Y8GaKSkkh8ZOOM4zz+fRLOQSlzauTZ2UjCE74bftw2Bd5KrFUSNqQ/D
sfQCHaBOx1m5P6TDAHMyG+gQ0SvJBP35VqWHldxCEebssnbilKJ49V2gUyuNoFjJ
H9SPKdvt4DK4iXSsVXWX2t64xbhyTe7+6V08vZZZyLrdjIhMyGACfjORFpIGAJNe
fTWNlmm+Nof6uOwLssKtc+lTsXgUosdCsURLe7bCoUSc3EjqvduyLXnrT4Y2fsLW
rj25UGIdJbVxpnZhIgSE+gEDkXgDnt5dPKIQIzhDm2djsritPsH8WNDz58gUishC
jfsrJdBo8B9HH1oarUEUyZ2geeIfcVSnmMYhLBx5M1F1H+bQYWKFBW5INr+xf1fM
i8C2nzZrcI0rBSgqV+vdJ5Q6lpQvW+nYV1MwiVlJzxAiSY+Jsvm655rvtt5Gy+s2
n81GCE9WG+cyg75IlX+Q9401Roi7iO8Ha4XVd+j8LQFdpdt8P5NXiWPm36/IWa7e
u2BrlqhdzzlXCCKIh+N9rMC3mC4Li6WSkfCF8rL1yjucy5hijn7Bag5Id6lKQhQa
rt1qFabx1RVZxnsJzqzpUmo2STlCI2WeK0gdUk5YTtCcIYMKSz4=
=EhGb
-----END PGP SIGNATURE-----

--- End Message ---