[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#856398: marked as done (xorg-server: CVE-2017-2624: Timing attack against MIT Cookie)

Your message dated Fri, 03 Mar 2017 15:03:56 +0000
with message-id <E1cjokO-000IYm-Ge@fasolo.debian.org>
and subject line Bug#856398: fixed in xorg-server 2:1.19.2-1
has caused the Debian Bug report #856398,
regarding xorg-server: CVE-2017-2624: Timing attack against MIT Cookie
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
856398: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856398
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: xorg-server
Version: 2:1.16.4-1
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for xorg-server.

CVE-2017-2624[0]:
Timing attack against MIT Cookie

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-2624
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2624

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: xorg-server
Source-Version: 2:1.19.2-1

We believe that the bug you reported is fixed in the latest version of
xorg-server, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 856398@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emilio Pozuelo Monfort <pochu@debian.org> (supplier of updated xorg-server package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 03 Mar 2017 15:41:15 +0100
Source: xorg-server
Binary: xserver-xorg-core xserver-xorg-core-udeb xserver-xorg-dev xdmx xdmx-tools xnest xvfb xserver-xephyr xserver-common xorg-server-source xwayland xserver-xorg-legacy
Architecture: source
Version: 2:1.19.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Emilio Pozuelo Monfort <pochu@debian.org>
Description:
 xdmx       - distributed multihead X server
 xdmx-tools - Distributed Multihead X tools
 xnest      - Nested X server
 xorg-server-source - Xorg X server - source files
 xserver-common - common files used by various X servers
 xserver-xephyr - nested X server
 xserver-xorg-core - Xorg X server - core server
 xserver-xorg-core-udeb - Xorg X server - core server (udeb)
 xserver-xorg-dev - Xorg X server - development files
 xserver-xorg-legacy - setuid root Xorg server wrapper
 xvfb       - Virtual Framebuffer 'fake' X server
 xwayland   - Xwayland X server
Closes: 852584 856398
Changes:
 xorg-server (2:1.19.2-1) unstable; urgency=medium
 .
   [ Andreas Boll ]
   * xserver-xorg-core.bug.script: Change udevadm path from /sbin to /bin
     (Closes: #852584).
 .
   [ Emilio Pozuelo Monfort ]
   * New upstream stable release.
     - CVE-2017-2624: Timing attack against MIT cookie. Closes: #856398.
   * control: Build-depend on libbsd-dev everywhere, needed for
     arc4random_buf for the above fix.
Checksums-Sha1:
 8e4b51728a92982a54b6329d0992e1f338a50d7b 4815 xorg-server_1.19.2-1.dsc
 3648335593b9d267e44737b89694d38b99e3aee4 8321615 xorg-server_1.19.2.orig.tar.gz
 b8fe553e65497b9a9ca8e6926d7508e9495d57ef 138162 xorg-server_1.19.2-1.diff.gz
 ff8eec207b2b8d92fb268822bd80acdf271b4575 9642 xorg-server_1.19.2-1_source.buildinfo
Checksums-Sha256:
 e71c0d6989af82956394849d6ce5fd5d0cea4c82356f745dcc5199de47da13e9 4815 xorg-server_1.19.2-1.dsc
 191d91d02c059c66747635e145c30bc1004e703fe3b74439e26c0d05d5c4d28b 8321615 xorg-server_1.19.2.orig.tar.gz
 f8ee3935bcc4122184a3e0d178cf10d6bd9ceb3610f5584ad38ad3d2dfc1961f 138162 xorg-server_1.19.2-1.diff.gz
 ecb9a782a99fe3103467a1f01ec13b4cce5adff8b0a281875013d16f72ff6a60 9642 xorg-server_1.19.2-1_source.buildinfo
Files:
 a32532a026ee82b6064234bcd0132731 4815 x11 optional xorg-server_1.19.2-1.dsc
 dfa411de6ce6fe35128d3b2e06941135 8321615 x11 optional xorg-server_1.19.2.orig.tar.gz
 7cfb576542d7a0485d439e7fa318f451 138162 x11 optional xorg-server_1.19.2-1.diff.gz
 e98688b8891fbc6238acd6c42dd3e44a 9642 x11 optional xorg-server_1.19.2-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAli5gKAACgkQnUbEiOQ2
gwKejw/+PCYZOGWgDXvC7HrOQr4qplgZQDO3L5l+nNgirsN/blimoxm+ZQlREGpv
FM7eTSkkDQRP/S1S0kaqyBtrgn+CwKiIOTakcX3nUC+M1Hcqqn4dHkffogYHm5dV
Tpd1OWyn7qJqdr7wWDhHcym9+cwVdHewxsXhy3ZBJPjh2NV1zPDmdvZF3qZs43mh
IeKYj06zQDgEcD0+SqqrSfoTi0H9Du7I38uQuRpOXZJZiAlw9ZTuKQ/NI8kUZgWv
4IKpZ4DJeVrG4BRlzoGtif9zWmT9j85QNJIKLkc+SDcIagb+kfgilgEzRINXV7Vy
UnM9XSCsynwW6+4t97cyNwFG6LurXzBRS4jp94+Mg6ottg+lGsS6GjPLceXfoTMA
9wWbtoVZxJDdxpVeyn8LS2D4cDdsK632IvCcKQjM08byDOwjFsiW+lMl7kt0W72E
tZ6rzS9YVidA3BD2N2Bb9mF8dPuZ70lXyMQs99xE/u1RTSM1mVe8xEhdzfwmsPZU
/MNB8R7cm7mtTwtZPtg+Xc8UXAzMfOIoFr4xUybBJAHm8WiNwo7TmoiQUilYTHde
VSh6yTuHpzbGrQZl/Yuql8+F5R56H8zqXAmRWz6ZezWb9xk41QdQA8BcH58hLbc5
yYTwMK867tBWQBoEqmAnsAvZlGFC8CiBoDP559euRfrinKpY2aU=
=rh+r
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: