Your message dated Sat, 20 Dec 2014 06:51:58 +0000 with message-id <e1y2dto-0002zn...@franck.debian.org> and subject line Bug#773417: fixed in heirloom-mailx 12.5-3.1 has caused the Debian Bug report #773417, regarding heirloom-mailx: CVE-2004-2771 CVE-2014-7844 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 773417: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773417 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: heirloom-mailx Version: 12.4-2 Severity: grave Tags: security upstream Justification: user security hole Control: fixed -1 12.5-2+deb7u1 Hi, the following vulnerabilities were published for heirloom-mailx. * CVE-2004-2771[0] * CVE-2014-7844[1] If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2004-2771 [1] https://security-tracker.debian.org/tracker/CVE-2014-7844 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: heirloom-mailx Source-Version: 12.5-3.1 We believe that the bug you reported is fixed in the latest version of heirloom-mailx, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 773...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated heirloom-mailx package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 20 Dec 2014 06:55:53 +0100 Source: heirloom-mailx Binary: heirloom-mailx Architecture: source amd64 Version: 12.5-3.1 Distribution: unstable Urgency: high Maintainer: Hilko Bengen <ben...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: heirloom-mailx - feature-rich BSD mail(1) Closes: 773417 Changes: heirloom-mailx (12.5-3.1) unstable; urgency=high . * Non-maintainer upload. * Apply patches from Red Hat (Florian Weimer) to address command execution issues (Closes: #773417): + 0011-outof-Introduce-expandaddr-flag.patch Disable command execution in email addresses (CVE-2014-7844) + 0012-unpack-Disable-option-processing-for-email-addresses.patch + 0013-fio.c-Unconditionally-require-wordexp-support.patch + 0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch (CVE-2004-2771) Checksums-Sha1: c9574b4848753333856f81d67802f295d58c91fd 1791 heirloom-mailx_12.5-3.1.dsc 1cffeed1f2ad9b0253a9f619e2a6f9fb8e3e0aba 9068 heirloom-mailx_12.5-3.1.debian.tar.xz Checksums-Sha256: cfd2dda2d7f1d4a9c855393e4a7e4ece73bad6768108a6cb33126d6161292c1f 1791 heirloom-mailx_12.5-3.1.dsc 62b73665c1d2815e483df76be116b00e20e2e60c6dc5178542ef13d1ddfc3c68 9068 heirloom-mailx_12.5-3.1.debian.tar.xz Files: 61886120ea0d22384dc0536794ffaf54 1791 mail optional heirloom-mailx_12.5-3.1.dsc bc9591c97242d4a95c26a3bea61df969 9068 mail optional heirloom-mailx_12.5-3.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJUlRUgAAoJEAVMuPMTQ89EEwwP/01Kq3GGX8RXSxAlySlbx9Yh AtNoE61qNDs5594VXhdgZ2f6Hv8G++c4GUEqf4k9JQ8uG2qqWnYQyBTNPupeguYq 0846Dozw0SrAX8vXfQQyG9pewu012IScTsJJUZ0TbT42pL+krRPkd9x32cz49GH7 MWOYYpA6Kqsfmjw+/pTrdkWZ9/T4Ee3r6dVnikJmL8u2Sh/uTbIEKKCSF2OXomhQ 41nM7HDO1uM1CnsyfEf5zy0/vZvnF4n2cltnNTCIhVqrNQATQwAz1IyfaKokDJYO JLVsZbWZWeQZtPBVTJRVuMJrAZWcRTsJrWJcsuQESD4qGPqsSdOOHrl/DoBztN8Q SUHDUpwE5iPdrVNi4gxL3UhAeMhibPprgL8OEOhYeEiNNylwHGv9xSopVeAfXmZP QZccTejjZwZrYWUILs4HYHCc5VtWvvuj1v9TcHjzcBZ46erVxpwYHHdEdg/P6Vd9 M4bPx+MXx8kyirOrTeHpjfQFhMkw7W7E7MwFVOfV6I8qeWvKT2wuwHLJBlaLdgO5 YI4YwJ5L68hgRB4j3Lb/w9ZXZL9+OiUDDnawseabQyFmiZLydFQopJtJTRmQFh6n USI6BVXsVtnqa45y6NodWNJTQphfFUzpopecPpm1xZ7i5LMLlWmkPLznX6i+j3Xa FUuW+iXUVwlA4HKT7GZZ =jAZi -----END PGP SIGNATURE-----
--- End Message ---
