Your message dated Tue, 22 Mar 2005 09:35:47 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#298173: sylpheed: [security] buffer overflow (=< 1.0.2),
now 1.0.3 is released
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 5 Mar 2005 11:18:32 +0000
>From [EMAIL PROTECTED] Sat Mar 05 03:18:31 2005
Return-path: <[EMAIL PROTECTED]>
Received: from c201166.ppp.asahi-net.or.jp (grapefruit) [210.155.201.166]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1D7XIl-0007xD-00; Sat, 05 Mar 2005 03:18:31 -0800
Received: by grapefruit (Postfix, from userid 1000)
id 5733A445A; Sat, 5 Mar 2005 20:24:05 +0900 (JST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Hideki Yamane <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: sylpheed: [security] buffer overflow (=< 1.0.2), now 1.0.3 is released
Tag: security, woody, sarge, sid
X-Mailer: reportbug 3.8
Date: Sat, 05 Mar 2005 20:24:04 +0900
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: sylpheed
Severity: critical
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear sylpeed maintainer,
A buffer overflow bug was found and fixed at 1.0.3.
This problem exists in almost all of the older version, so it affects
woody, sarge and sid. Please update sylpheed package.
See http://sylpheed.good-day.net/index.cgi.en and check its detail.
- --
Regards,
Hideki Yamane henrich @ samba.gr.jp/iijmio-mail.jp
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCKZbUIu0hy8THJksRAlqQAJ40zoYIwFu454/mVdiw25RKTHDG5wCcDXK5
VGs/7WPl3JXpB1Quzx8e4YI=
=yHMo
-----END PGP SIGNATURE-----
---------------------------------------
Received: (at 298173-done) by bugs.debian.org; 22 Mar 2005 14:35:58 +0000
>From [EMAIL PROTECTED] Tue Mar 22 06:35:58 2005
Return-path: <[EMAIL PROTECTED]>
Received: from ms-smtp-02.nyroc.rr.com [24.24.2.56]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DDkUA-00064n-00; Tue, 22 Mar 2005 06:35:58 -0800
Received: from localhost (cpe-24-59-54-124.twcny.res.rr.com [24.59.54.124])
by ms-smtp-02.nyroc.rr.com (8.12.10/8.12.10) with ESMTP id
j2MEZnJj004911;
Tue, 22 Mar 2005 09:35:50 -0500 (EST)
Received: from pryzbyj by localhost with local (Exim 3.36 #1 (Debian))
id 1DDkU0-0001J1-00; Tue, 22 Mar 2005 09:35:48 -0500
Date: Tue, 22 Mar 2005 09:35:47 -0500
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Cc: Ricardo Mones <[EMAIL PROTECTED]>, Hiroyuki Yamamoto <[EMAIL PROTECTED]>,
Hideki Yamane <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: Bug#298173: sylpheed: [security] buffer overflow (=< 1.0.2), now
1.0.3 is released
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL
PROTECTED]> <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[EMAIL PROTECTED]>
User-Agent: Mutt/1.5.6+20040907i
From: Justin Pryzby <[EMAIL PROTECTED]>
X-Virus-Scanned: Symantec AntiVirus Scan Engine
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
On Tue, Mar 22, 2005 at 11:13:32PM +0900, Hideki Yamane wrote:
> Hi Ricardo,
>
> "Sun, 6 Mar 2005 13:35:15 +0100", "Ricardo Mones"
> "Re: Bug#298173: sylpheed: [security] buffer overflow (=< 1.0.2), now 1.0.3
> is released"
> > There was no security bug at the time I made the packages (see their
> >dates), that's the reason there are no references to this bug there.
>
> Ah, OK. But if you would note about security fix in changelog
> when you notice it, we can track it more easier, I think.
>
> >> * Is fixed version in woody available?
> >
> > No, still not, sorry. That will take some time I currently lack, so
> >patches are fully welcome :)
>
> I've contacted to upstream author Hiroyuki Yamamoto, he checked it
> carefully and it found that vulnerability exists after 0.8.0, so
> there is no security bug in woody's version.
Great! This message is closing the bug, since the package should also
move to testing today.
To the security team: I guess this is a candidate for woody's nonvulns
list, correct?
Justin
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
