More Web Proxy on the site http://driver.im/

Debian Bug report logs - #1064551
bookworm-pu: libjwt/1.10.2-1+deb12u1

Package: release.debian.org; Maintainer for release.debian.org is Debian Release Team <debian-release@lists.debian.org>;

Reported by: Thorsten Alteholz <debian@alteholz.de>

Date: Sat, 24 Feb 2024 01:33:04 UTC

Severity: normal

Tags: bookworm

Fixed in version 12.6

Done: Jonathan Wiltshire <jmw@coccia.debian.org>

Bug is archived. No further changes may be made.

Display info messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#1064551; Package release.debian.org. (Sat, 24 Feb 2024 01:33:06 GMT) (full text, mbox, link).

Acknowledgement sent to Thorsten Alteholz <debian@alteholz.de>:
New Bug report received and forwarded. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sat, 24 Feb 2024 01:33:06 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org@packages.debian.org
Usertags: pu


The attached debdiff for libjwt fixes CVE-2024-25189 in Bookworm. It is 
marked as no-dsa by the security team.
The fix is straightfoward and should not make any problems.

  Thorsten

[libjwt_1.10.2-1+deb12u1.debdiff (text/plain, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#1064551; Package release.debian.org. (Sun, 25 Feb 2024 13:57:03 GMT) (full text, mbox, link).

Acknowledgement sent to Jonathan Wiltshire <jmw@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sun, 25 Feb 2024 13:57:03 GMT) (full text, mbox, link).

Message #10 received at 1064551@bugs.debian.org (full text, mbox, reply):

Control: tag -1 confirmed

On Sat, Feb 24, 2024 at 12:50:51AM +0000, Thorsten Alteholz wrote:
> The attached debdiff for libjwt fixes
> CVE-2024-25189 in Bookworm. It is marked as
> no-dsa by the security team.
> The fix is straightfoward and should not make any problems.

It seems quite a lot of effort for something even the author thinks is
infeasible in the real world, but OK. Please go ahead.

Thanks,

-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Added tag(s) confirmed. Request was from Jonathan Wiltshire <jmw@debian.org> to 1064551-submit@bugs.debian.org. (Sun, 25 Feb 2024 13:57:03 GMT) (full text, mbox, link).

Acknowledgement sent to Thorsten Alteholz <debian@alteholz.de>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sun, 03 Mar 2024 00:33:02 GMT) (full text, mbox, link).

Message #17 received at 1064551@bugs.debian.org (full text, mbox, reply):


On Sun, 25 Feb 2024, Jonathan Wiltshire wrote:
> Please go ahead.

great, thanks ...

... and uploaded.


 Thorsten

Changed Bug title to 'bookworm-pu: libjwt/1.10.2-1+deb12u1' from 'bookworm-pu: libjwt/1.10.2-1+deb11u1'. Request was from Jonathan Wiltshire <jmw@debian.org> to control@bugs.debian.org. (Sun, 03 Mar 2024 11:57:03 GMT) (full text, mbox, link).

Message #24 received at 1064551@bugs.debian.org (full text, mbox, reply):

package release.debian.org
tags 1064551 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==============

Package: libjwt
Version: 1.10.2-1+deb12u1

Explanation: fix timing side channel attack [CVE-2024-25189]

Added tag(s) pending; removed tag(s) confirmed. Request was from Jonathan Wiltshire <jmw@debian.org> to control@bugs.debian.org. (Sun, 03 Mar 2024 12:12:36 GMT) (full text, mbox, link).

Message sent on to Thorsten Alteholz <debian@alteholz.de>:
Bug#1064551. (Sun, 03 Mar 2024 12:12:39 GMT) (full text, mbox, link).

Reply sent to Jonathan Wiltshire <jmw@coccia.debian.org>:
You have taken responsibility. (Sat, 29 Jun 2024 10:52:35 GMT) (full text, mbox, link).

Notification sent to Thorsten Alteholz <debian@alteholz.de>:
Bug acknowledged by developer. (Sat, 29 Jun 2024 10:52:35 GMT) (full text, mbox, link).

Message #34 received at 1064551-done@bugs.debian.org (full text, mbox, reply):

Version: 12.6

The upload requested in this bug has been released as part of 12.6.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 28 Jul 2024 07:38:22 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Dec 12 03:28:19 2024; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Debian Bug report logs - #1064551 bookworm-pu: libjwt/1.10.2-1+deb12u1

Debian Bug report logs - #1064551
bookworm-pu: libjwt/1.10.2-1+deb12u1