Your message dated Sun, 22 May 2005 18:15:58 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Bug fixed in 0.6.1-3 upload
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 19 May 2005 10:35:30 +0000
>From [EMAIL PROTECTED] Thu May 19 03:35:30 2005
Return-path: <[EMAIL PROTECTED]>
Received: from 81-202-91-238.user.ono.com (nubol.int.oskuro.net)
[81.202.91.238]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DYiNG-0002gu-00; Thu, 19 May 2005 03:35:30 -0700
Received: by nubol.int.oskuro.net (Postfix, from userid 1000)
id 3B5C270A746; Thu, 19 May 2005 12:34:59 +0200 (CEST)
Date: Thu, 19 May 2005 12:34:59 +0200
From: Jordi Mallach <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: [SECURITY] multiple vulnerabilities
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="mYCpIKhGyMATD0i+"
Content-Disposition: inline
X-Reportbug-Version: 3.12
User-Agent: Mutt/1.5.9i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
--mYCpIKhGyMATD0i+
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: mailutils
Version: 1:0.6.1-2
Severity: grave
Tags: security, sarge, sid, pending, patch
The new mailutils upstream version fixes 4 vulnerabilities found by
iDEFENSE (IDEF0954, IDEF0955, IDEF0956, IDEF0957).
I have backported a patch to 0.6.1, but have encountered a FTBFS in the
testsuite run. I'm trying to find out with upstream what causes this,
but expect an upload soon.
Attached is the current patch, including the testsuite additions that
are failing.
I have not checked if stable is affected yet. I will try to work on that
this evening.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (990, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.10-1-k7
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=3DUTF=
-8)
Versions of packages mailutils depends on:
ii guile-1.6-libs 1.6.7-1 Main Guile libraries
ii libc6 2.3.2.ds1-22 GNU C Library: Shared librarie=
s an
ii libcomerr2 1.37+1.38-WIP-0509-1 common error description libra=
ry
ii libgcrypt11 1.2.0-11 LGPL Crypto library - runtime =
libr
ii libgdbm3 1.8.3-2 GNU dbm database routines (run=
time
ii libgnutls11 1.0.16-13 GNU TLS library - runtime libr=
ary
ii libgpg-error0 1.0-1 library for common error value=
s an
ii libgsasl7 0.2.5-1 GNU SASL library
ii libguile-ltdl-1 1.6.7-1 Guile's patched version of lib=
tool
ii libidn11 0.5.13-1.0 GNU libidn library, implementa=
tion
ii libkrb53 1.3.6-3 MIT Kerberos runtime libraries
ii libmailutils0 1:0.6.1-2 GNU Mail abstraction library
ii libmysqlclient12 4.0.24-9 mysql database client library
ii libncurses5 5.4-4 Shared libraries for terminal =
hand
ii libpam0g 0.76-22 Pluggable Authentication Modul=
es l
ii libqthreads-12 1.6.7-1 QuickThreads library for Guile
ii libreadline5 5.0-10 GNU readline and history libra=
ries
ii libtasn1-2 0.2.10-4 Manage ASN.1 structures (runti=
me)
ii zlib1g 1:1.2.2-4 compression library - runtime
-- no debconf information
--=20
Jordi Mallach P=E9rez -- Debian developer http://www.debian.org/
[EMAIL PROTECTED] [EMAIL PROTECTED] http://www.sindominio.net/
GnuPG public key information available at http://oskuro.net/
--mYCpIKhGyMATD0i+
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCjGvSJYSUupF6Il4RAl2yAKDMxUvRCjalEw5svoZ6zHr74IKWDACgmY6Z
YGdYPhoPA28+iOZl7rWRVmY=
=vGCY
-----END PGP SIGNATURE-----
--mYCpIKhGyMATD0i+--
---------------------------------------
Received: (at 309751-done) by bugs.debian.org; 22 May 2005 16:16:45 +0000
>From [EMAIL PROTECTED] Sun May 22 09:16:45 2005
Return-path: <[EMAIL PROTECTED]>
Received: from 81-202-91-238.user.ono.com (nubol.int.oskuro.net)
[81.202.91.238]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DZt89-0005fV-00; Sun, 22 May 2005 09:16:45 -0700
Received: by nubol.int.oskuro.net (Postfix, from userid 1000)
id EAFCB70A746; Sun, 22 May 2005 18:15:58 +0200 (CEST)
Date: Sun, 22 May 2005 18:15:58 +0200
From: Jordi Mallach <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Bug fixed in 0.6.1-3 upload
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
User-Agent: Mutt/1.5.9i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
This bug was fixed in today's upload of mailutils. Changelog is as
follows:
mailutils (1:0.6.1-3) unstable; urgency=3DHIGH
* "Hey, I did finish that triathlon" release.
* [SECURITY] debian/patches/04_IDEF0954_IDEF0955_IDEF0956_IDEF0957.patch:
backport fixes to vulnerabilities discovered by iDEFENSE with
IDs IDEF0954, IDEF0955, IDEF0956 and IDEF0957 (closes: #309751).
Thanks to Sergey Poznyakoff.
* debian/changelog: insert missing changelog entry for 20011103-1.1.
-- Jordi Mallach <[EMAIL PROTECTED]> Sun, 22 May 2005 17:13:58 +0200
--=20
Jordi Mallach P=E9rez -- Debian developer http://www.debian.org/
[EMAIL PROTECTED] [EMAIL PROTECTED] http://www.sindominio.net/
GnuPG public key information available at http://oskuro.net/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
