Bug#856400: marked as done (libice: CVE-2017-2626: Weak Entropy Usage in Session Keys in libICE)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Tue, 28 Feb 2017 22:04:22 +0000
with message-id <E1cipsc-00099J-LR@fasolo.debian.org>
and subject line Bug#856400: fixed in libice 2:1.0.9-2
has caused the Debian Bug report #856400,
regarding libice: CVE-2017-2626: Weak Entropy Usage in Session Keys in libICE
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
856400: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856400
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: libice: CVE-2017-2626: Weak Entropy Usage in Session Keys in libICE
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Tue, 28 Feb 2017 16:51:56 +0100
• Message-id: <[🔎] 148829711674.17589.16539855076659127127.reportbug@eldamar.local>

Source: libice
Version: 2:1.0.9-1
Severity: important
Tags: upstream security

Hi,

the following vulnerability was published for libice.

CVE-2017-2626[0]:
Weak Entropy Usage in Session Keys in libICE

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-2626
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2626

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

• To: 856400-close@bugs.debian.org
• Subject: Bug#856400: fixed in libice 2:1.0.9-2
• From: Emilio Pozuelo Monfort <pochu@debian.org>
• Date: Tue, 28 Feb 2017 22:04:22 +0000
• Message-id: <E1cipsc-00099J-LR@fasolo.debian.org>

Source: libice
Source-Version: 2:1.0.9-2

We believe that the bug you reported is fixed in the latest version of
libice, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 856400@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emilio Pozuelo Monfort <pochu@debian.org> (supplier of updated libice package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 28 Feb 2017 22:46:39 +0100
Source: libice
Binary: libice6 libice6-dbg libice-dev libice-doc
Architecture: source
Version: 2:1.0.9-2
Distribution: unstable
Urgency: medium
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Emilio Pozuelo Monfort <pochu@debian.org>
Description:
 libice-dev - X11 Inter-Client Exchange library (development headers)
 libice-doc - documentation for the X11 ICE protocol and library
 libice6    - X11 Inter-Client Exchange library
 libice6-dbg - X11 Inter-Client Exchange library (debug package)
Closes: 856400
Changes:
 libice (2:1.0.9-2) unstable; urgency=medium
 .
   [ Julien Cristau ]
   * CVE-2017-2626: Use libbsd for arc4random. Closes: #856400.
   * Bump Standards-Version to 3.9.6, update Vcs-* control fields.
 .
   [ Emilio Pozuelo Monfort ]
   * Remove Drew from Uploaders.
Checksums-Sha1:
 cc3d11c30a038d987e6e1c49981574f8c13af189 2130 libice_1.0.9-2.dsc
 f16102adcfbc11bb78da4aff7a9cb28009828c9f 455871 libice_1.0.9.orig.tar.gz
 a3c67003d9d0d991e3885fa412066913ab1636d3 6384 libice_1.0.9-2.diff.gz
 18a7d7d5e9ee8148dc835f631f0837ffaed33927 4790 libice_1.0.9-2_source.buildinfo
Checksums-Sha256:
 116595cd54be23edad0b55e1cd4bc1929f277fa5c2d00d8f187b0bc5dd39ad6c 2130 libice_1.0.9-2.dsc
 7812a824a66dd654c830d21982749b3b563d9c2dfe0b88b203cefc14a891edc0 455871 libice_1.0.9.orig.tar.gz
 777f13e08aada3103c32a0b93a26782ca959027bcd98c2c1ddaade8f944fa40a 6384 libice_1.0.9-2.diff.gz
 0eb91177b9c49f239758fdbc0e9d41edfe73830453214d68ff7255a9aa28a9b1 4790 libice_1.0.9-2_source.buildinfo
Files:
 326f431028990778f116066bb958f42c 2130 x11 optional libice_1.0.9-2.dsc
 95812d61df8139c7cacc1325a26d5e37 455871 x11 optional libice_1.0.9.orig.tar.gz
 73e6d895842a7cef3126711f1fd21475 6384 x11 optional libice_1.0.9-2.diff.gz
 201a6f8fab6924473835908d852c0f16 4790 x11 optional libice_1.0.9-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAli17+MACgkQnUbEiOQ2
gwJ2mhAAs52GDS/7ICMeZQ8TowW6EmeYKqA79bliNt0ic1tbDKc8pDreBMcrVe1A
By3EBhcjdyNrArihGgbjYP7BWguCr737QtdbQhaOAuWt/OhT0TNjvcrqO9dgq8if
/XtWj+c0AuuEGbTrZDUMMM0wpLazN8cYKzKuPrly2WpCKXBTsY3EipQ1NjneEdln
BY5bzCq6EIlksK9K0/K2ECVDqhExMsWrX7E0TTVKzby7gUzobkLqrpb1IDWu2Otm
cxs8AFVyh/8oVqRx/Swc9dxBBqOdQvxho3IdGBkmw6pxzjeyyQ6m507ZykdP4Ksi
MOm0vQ0OGSKR+jl4HPMtqQDqHVsDR2QB5sjK4L239mIrVvEE6KhISOplOkI/W5Ol
/BChI4zBrsNgDevhQh4JzJvjvr3jvFBLdWCieMcVyN+GyMx6KTv0tgcNzOu+QuRb
iKt74XuzFQaTFQ3kdKfM9Ou7tzNWDuTzHteGJtPsCyTMWtr/dRTT0bCUTH3oxQX7
zISYxAnw/lvOVKkpmzxsCUFNIX9UUl2bu5x07/b2qoWdjaQfJOmCKzZ3aXH5ob35
j7+WOml4lQN370cWJo5Y0fYtKFBCZNbaM3tozF/PTjE0LX+QUQSDfS8oCiZoFWfg
BljdLzjfbptXqgPQQvTjcvN44wlwuE2428td9xkrZopMM+srHBw=
=au/Z
-----END PGP SIGNATURE-----

--- End Message ---