Your message dated Mon, 25 Jun 2012 10:48:51 +0000
with message-id <e1sj6qh-0002x1...@franck.debian.org>
and subject line Bug#659392: fixed in imp4 4.3.10+debian0-1.1
has caused the Debian Bug report #659392,
regarding CVE-2011-0791 / CVE-2012-0909
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
659392: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659392
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: imp4
Severity: grave
Tags: security
Please see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0791
I don't really understand the Horde/Kolab Webmail structure, so
imp4 might not be the actual affected package, please assign
as needed and keep us posted.
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: imp4
Source-Version: 4.3.10+debian0-1.1
We believe that the bug you reported is fixed in the latest version of
imp4, which is due to be installed in the Debian FTP archive:
imp4_4.3.10+debian0-1.1.diff.gz
to main/i/imp4/imp4_4.3.10+debian0-1.1.diff.gz
imp4_4.3.10+debian0-1.1.dsc
to main/i/imp4/imp4_4.3.10+debian0-1.1.dsc
imp4_4.3.10+debian0-1.1_all.deb
to main/i/imp4/imp4_4.3.10+debian0-1.1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 659...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luk Claes <l...@debian.org> (supplier of updated imp4 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 23 Jun 2012 12:32:31 +0200
Source: imp4
Binary: imp4
Architecture: source all
Version: 4.3.10+debian0-1.1
Distribution: unstable
Urgency: high
Maintainer: Horde Maintainers <pkg-horde-hack...@lists.alioth.debian.org>
Changed-By: Luk Claes <l...@debian.org>
Description:
imp4 - webmail component for horde framework
Closes: 659392
Changes:
imp4 (4.3.10+debian0-1.1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix XSS (CVE-2012-0791, Closes: #659392)
Checksums-Sha1:
6ddb48131ffa70f9ea274a96ff7cf04eca9062ab 1358 imp4_4.3.10+debian0-1.1.dsc
75ea3610e108cf2c49ff1a21b88d5d7244b2b6d0 16300 imp4_4.3.10+debian0-1.1.diff.gz
2cd7a6a006650521644c4eb9e27b9e68dca1c44f 5447454
imp4_4.3.10+debian0-1.1_all.deb
Checksums-Sha256:
82f847432c355fc192b0fdd1c106efddd9a830778f169f90ff94cdb2a3d4a8ab 1358
imp4_4.3.10+debian0-1.1.dsc
86e424a459a43aae8e53a33ea7143f57c02ac96d08e008199c92f2057aa3315f 16300
imp4_4.3.10+debian0-1.1.diff.gz
b890bcc02dcf6fcc1f53721b23f8f4010aa225b1331f2868eb23c3a23636a784 5447454
imp4_4.3.10+debian0-1.1_all.deb
Files:
cea60876de0877798b9a650f363620b4 1358 web optional imp4_4.3.10+debian0-1.1.dsc
5efa5628e8e0c02b4d4bdee8faac5dc7 16300 web optional
imp4_4.3.10+debian0-1.1.diff.gz
1cba30da1bff9014e4dfd6d79dd39e50 5447454 web optional
imp4_4.3.10+debian0-1.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAk/lm9kACgkQ5UTeB5t8Mo1OrQCgnkmNvKVCm1CRNTwXct4XIxuw
03QAn2AyZUZmoJWUc2mDy/GIORDOnG2h
=QKRS
-----END PGP SIGNATURE-----
--- End Message ---
