Your message dated Thu, 05 Dec 2013 13:08:24 +0100
with message-id <1386245304.16687.55848373.1429b...@webmail.messagingengine.com>
and subject line Re: Bug#726576: ruby-actionmailer-3.2: Possible DoS
Vulnerability in Action Mailer (CVE-2013-4389)
has caused the Debian Bug report #726576,
regarding ruby-actionmailer-3.2: Possible DoS Vulnerability in Action Mailer
(CVE-2013-4389)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
726576: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726576
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ruby-actionmailer-3.2
Severity: grave
Tags: security
Justification: user security hole
Hi,
a vulnerability was reported against actionmailer, see
http://marc.info/?l=oss-security&m=138194461411192&w=2 for more info.
It's unclear from that mail if it's really only a DoS, since “format
string” might be worse than that, so it's not clear if it'll need a DSA
or not.
Regards,
--
Yves-Alexis Perez
Debian Security
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (450,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.10-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Version: 3.2.16-1
Fixed in recent upload to unstable. stable fixes are in the security
team queue and should be released soon.
Ondrej
--
Ondřej Surý <ond...@sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
--- End Message ---
