Your message dated Thu, 29 Sep 2005 06:32:14 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#329667: fixed in mozilla-thunderbird 1.0.6-4
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 22 Sep 2005 14:52:55 +0000
>From [EMAIL PROTECTED] Thu Sep 22 07:52:55 2005
Return-path: <[EMAIL PROTECTED]>
Received: from ms-2.rz.rwth-aachen.de (ms-dienst.rz.rwth-aachen.de)
[134.130.3.131]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1EISRT-0007Ts-00; Thu, 22 Sep 2005 07:52:55 -0700
Received: from r220-1 (r220-1.rz.RWTH-Aachen.DE [134.130.3.31])
by ms-dienst.rz.rwth-aachen.de
(iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004))
with ESMTP id <[EMAIL PROTECTED]> for
[EMAIL PROTECTED]; Thu, 22 Sep 2005 16:52:52 +0200 (MEST)
Received: from relay.rwth-aachen.de ([134.130.3.1])
by r220-1 (MailMonitor for SMTP v1.2.2 ) ; Thu,
22 Sep 2005 16:52:51 +0200 (MEST)
Received: from [134.130.118.117]
(coyote.mmweg.RWTH-Aachen.DE [134.130.118.117]) by relay.rwth-aachen.de
(8.13.3/8.13.3/1) with ESMTP id j8MEqp8L001249; Thu,
22 Sep 2005 16:52:51 +0200 (MEST)
Date: Thu, 22 Sep 2005 16:53:02 +0200
From: Sebastian Ley <[EMAIL PROTECTED]>
Subject: shell command execution
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Message-id: <[EMAIL PROTECTED]>
MIME-version: 1.0
X-Mailer: reportbug 3.17
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
X-Debbugs-Cc: Debian Security Team <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
Package: mozilla-thunderbird
Severity: grave
Tags: security
Secunia reports in http://secunia.com/advisories/16901/ that thunderbird
can be exploited to execute arbitrary shell commands in the context of
the user running thuderbird.
This bug has been assigned CAN-2005-2968.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-686
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)
---------------------------------------
Received: (at 329667-close) by bugs.debian.org; 29 Sep 2005 13:38:03 +0000
>From [EMAIL PROTECTED] Thu Sep 29 06:38:03 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1EKyWE-0001Qr-00; Thu, 29 Sep 2005 06:32:14 -0700
From: Alexander Sack <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#329667: fixed in mozilla-thunderbird 1.0.6-4
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Thu, 29 Sep 2005 06:32:14 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 4
Source: mozilla-thunderbird
Source-Version: 1.0.6-4
We believe that the bug you reported is fixed in the latest version of
mozilla-thunderbird, which is due to be installed in the Debian FTP archive:
mozilla-thunderbird-dev_1.0.6-4_i386.deb
to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.6-4_i386.deb
mozilla-thunderbird-inspector_1.0.6-4_i386.deb
to
pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.6-4_i386.deb
mozilla-thunderbird-offline_1.0.6-4_i386.deb
to
pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.6-4_i386.deb
mozilla-thunderbird-typeaheadfind_1.0.6-4_i386.deb
to
pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.6-4_i386.deb
mozilla-thunderbird_1.0.6-4.diff.gz
to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6-4.diff.gz
mozilla-thunderbird_1.0.6-4.dsc
to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6-4.dsc
mozilla-thunderbird_1.0.6-4_i386.deb
to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6-4_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alexander Sack <[EMAIL PROTECTED]> (supplier of updated mozilla-thunderbird
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 23 Sep 2005 17:00:00 +0100
Source: mozilla-thunderbird
Binary: mozilla-thunderbird-dev mozilla-thunderbird-inspector
mozilla-thunderbird mozilla-thunderbird-typeaheadfind
mozilla-thunderbird-offline
Architecture: source i386
Version: 1.0.6-4
Distribution: unstable
Urgency: high
Maintainer: Alexander Sack <[EMAIL PROTECTED]>
Changed-By: Alexander Sack <[EMAIL PROTECTED]>
Description:
mozilla-thunderbird - Mozilla Thunderbird standalone mail client
mozilla-thunderbird-dev - mozilla thunderbird development files
mozilla-thunderbird-inspector - mozilla thunderbird dom inspector extension
mozilla-thunderbird-offline - mozilla thunderbird offline extension
mozilla-thunderbird-typeaheadfind - mozilla thunderbird typeaheadfind extension
Closes: 292475 325536 329664 329667 330168
Changes:
mozilla-thunderbird (1.0.6-4) unstable; urgency=high
.
* now using bash to overcome possible security flaws of
our thunderbird start script (mozilla-thunderbird). Patch
by Florian Weimer <[EMAIL PROTECTED]>
debian/mfsa_2005-59.debian.patch (Closes: 329664, 329667)
* added patch 50_ftbfs_alpha+arm+ia64_325536_fix.dpatch
to build on alpha, arm, and ia64 that now uses
__attribute__((used)) instead of ((unused)) by
Steve Langasek <[EMAIL PROTECTED]>
(Closes: 325536)
* fix debsums error reported by Y Giridhar Appaji Nag
<[EMAIL PROTECTED]>. Now removing files in postrm.
Further moved /usr/lib/mozilla-thunderbird/chrome/chrome.rdf
to the /var/... adding a link to the new location.
(Closes: 292475)
* added depends for system libs: mng, png, jpeg to not build with
unmaintained image included libs.
* modified 21_mozilla_in-patch.dpatch to recognize -mail as a -compose
alias. This makes thunderbird work well with current gnome default
mailto: command for thunderbird. Thanks to Sam Morris <[EMAIL PROTECTED]>
for the workaround patch (Closes: 330168)
* still work left: fix window.open(); overlay problem.
added rejar-chrome.sh <jarbasename> util script below debian. It
rejars .jar files by extracting paths given in
<jarbasename>_jar_includes.csv from the <jarbasename>.jar zip file
and zipping only those files to a new jar file again. Anyway, still
broken, thus disabled for this build.
(See: 306522)
Files:
d8cac0bb89779e7a7785b7c68ce12bb7 941 mail optional
mozilla-thunderbird_1.0.6-4.dsc
ad549747c0e7af96a337e8a05f67d3a1 102661 mail optional
mozilla-thunderbird_1.0.6-4.diff.gz
392eef2e55222811f30393f21407ef4a 10619190 mail optional
mozilla-thunderbird_1.0.6-4_i386.deb
fdd68da4c517956f8a68c98d8ab95a14 27756 mail optional
mozilla-thunderbird-offline_1.0.6-4_i386.deb
3a69f96c3b7ab94c8fc7eb2ae1da3e18 140132 mail optional
mozilla-thunderbird-inspector_1.0.6-4_i386.deb
03b70dcd9e9839eb2ff085ec4ce130eb 79112 mail optional
mozilla-thunderbird-typeaheadfind_1.0.6-4_i386.deb
5270348baa4debe46653796883d31b73 3489466 mail optional
mozilla-thunderbird-dev_1.0.6-4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDO+njv8pLOKgkuT8RAsYuAKCvLzhCHfNFjEtXMBEkio5TGAYwlACgnsJL
d3Ldn9GIDeLCt45S16hP7fs=
=Xxg0
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
