Your message dated Thu, 04 Sep 2014 10:34:22 +0000 with message-id <e1xpumw-0004tn...@franck.debian.org> and subject line Bug#760443: fixed in procmail 3.22-22 has caused the Debian Bug report #760443, regarding procmail: CVE-2014-3618: Heap-overflow in formail when processing specially-crafted email headers to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 760443: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760443 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: procmail Version: 3.22-19 Severity: grave Tags: security patch upstream Hi, the following vulnerability was published for procmail. CVE-2014-3618[0]: Heap-overflow in procmail's formail utility when processing specially-crafted email headers If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2014-3618 [1] http://www.openwall.com/lists/oss-security/2014/09/03/8 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: procmail Source-Version: 3.22-22 We believe that the bug you reported is fixed in the latest version of procmail, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 760...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Santiago Vila <sanv...@debian.org> (supplier of updated procmail package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 04 Sep 2014 12:08:36 +0200 Source: procmail Binary: procmail Architecture: source amd64 Version: 3.22-22 Distribution: unstable Urgency: high Maintainer: Santiago Vila <sanv...@debian.org> Changed-By: Santiago Vila <sanv...@debian.org> Description: procmail - Versatile e-mail processor Closes: 704675 760443 Changes: procmail (3.22-22) unstable; urgency=high . * Fixed heap overflow in formail that made it to crash on messages having specially-crafted headers. Closes: #704675, #760443. For reference, this is CVE-2014-3618. Checksums-Sha1: 43e8f9ff06b0572fcb8afd17083d124001c0f32f 1305 procmail_3.22-22.dsc 0a38ce2fe38b29804064fcb02fa580adc474cb13 18988 procmail_3.22-22.debian.tar.xz 5509fb7cb673011e787086972824c39789e1a95e 139360 procmail_3.22-22_amd64.deb Checksums-Sha256: 4aaba7cd7fcc41122776e40dd12f8e7b9349f2f859c58cc8c9b37b939d764def 1305 procmail_3.22-22.dsc 6db7a8d52790d67aa15d2dd300bd98de59f3b45c3bb3cab22aebaa7353c25aba 18988 procmail_3.22-22.debian.tar.xz cc36693da55d36efc728ce3ee4842148c3aca375cc00d1204509efedec365fe5 139360 procmail_3.22-22_amd64.deb Files: a4d93182abf78b6361f10269a83dcf2f 139360 mail standard procmail_3.22-22_amd64.deb e53bf80a6f27523350a1240bf8002c4c 1305 mail standard procmail_3.22-22.dsc 754c7bbf4dd3ca09abe6d160d5d18f2d 18988 mail standard procmail_3.22-22.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJUCDwUAAoJEEHOfwufG4syuigH/2+b8Ee7KYHe5kJXsXThKqjN wG113ERnOZ/AhzzExGBWxo/GTTBAwpdUgwi7wL0uuxuCZz1LTvqwEXvQ9/BXo446 0CVGe4M5rXmutjUnW9hIgLS2M0UGp1u+EmyF/xxo2JhW8JjfZoEVJ8rPBWfVtnub o1NWkenAzPuv1x1B/8mcKWjwFLJdNygB0NyKY5XqE/A/0dqx6r/5hqaacd64OSNO 5ZD2vVrboYfzHAk2WfFXfwT0bx/uI7tZH5OYTOjRUn8ImGBiM6YvbiofA0tvz6eT vOgIUsQPGpDCn+8vzYLC0QPVfU5XLWkUaHZkf5FOrW6Zy6yd2Cnwl3IwaxGVg8A= =lNxB -----END PGP SIGNATURE-----
--- End Message ---
