Your message dated Mon, 23 Jan 2006 15:17:12 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#344169: fixed in pgp4pine 1.76-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 20 Dec 2005 15:54:03 +0000
>From [EMAIL PROTECTED] Tue Dec 20 07:54:03 2005
Return-path: <[EMAIL PROTECTED]>
Received: from pne-smtpout1-sn2.hy.skanova.net ([81.228.8.83])
by spohr.debian.org with esmtp (Exim 4.50)
id 1EojoR-0003QG-I9
for [EMAIL PROTECTED]; Tue, 20 Dec 2005 07:54:03 -0800
Received: from portti (80.223.210.13) by pne-smtpout1-sn2.hy.skanova.net
(7.2.069.1)
id 43A80CAE0000B35E for [EMAIL PROTECTED]; Tue, 20 Dec 2005 16:53:32
+0100
Received: from vre by portti with local (Exim 3.35 #1 (Debian))
id 1Eojo2-0001wI-00
for <[EMAIL PROTECTED]>; Tue, 20 Dec 2005 17:53:38 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Ville Reijonen <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: pgp4pine: after 3 wrong passwords sends email plaintext instead of
aborting
X-Mailer: reportbug 3.8
Date: Tue, 20 Dec 2005 17:53:38 +0200
Message-Id: <[EMAIL PROTECTED]>
Sender: Ville Reijonen <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: pgp4pine
Version: 1.76-1
Severity: grave
Justification: user security hole
Pine accesses pgp4pine as a filter when selected for sending:
"Send message (filtered thru "pgp4pine" as "<[EMAIL PROTECTED]>")?" Yes
([EMAIL PROTECTED] substituted in examples)
Next appears pgp4pine appears asking:
- -
You know all recipient keys. You may:
a) Sign and encrypt the message
...etc
- -
selecting "a" appears:
- -
You need a passphrase to unlock the secret key for
user: "First Last <[EMAIL PROTECTED]>"
1024-bit DSA key, ID 6F4E7E16, created 2005-11-01
- -
entering wrong passphrase:
- -
gpg: Invalid passphrase; please try again ...
You need a passphrase to unlock the secret key for
user: "First Last <[EMAIL PROTECTED]>"
1024-bit DSA key, ID 6F4E7E16, created 2005-11-01
- -
this repeats three times, but on third time with wrong password pgp4pine
returns
the message back to pine without an error so pine then sends it as "filtered" -
but in
this case as uncrypted mail to receiver. Error should be reported to pine same
way as
when aborting pgp4pine by pressing ctrl-c.
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.12.3-qnet-dvb
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages pgp4pine depends on:
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
-- no debconf information
---------------------------------------
Received: (at 344169-close) by bugs.debian.org; 23 Jan 2006 23:20:33 +0000
>From [EMAIL PROTECTED] Mon Jan 23 15:20:33 2006
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1F1Avw-0007xG-VK; Mon, 23 Jan 2006 15:17:12 -0800
From: [EMAIL PROTECTED] (Jaldhar H. Vyas)
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.65 $
Subject: Bug#344169: fixed in pgp4pine 1.76-2
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Mon, 23 Jan 2006 15:17:12 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: pgp4pine
Source-Version: 1.76-2
We believe that the bug you reported is fixed in the latest version of
pgp4pine, which is due to be installed in the Debian FTP archive:
pgp4pine_1.76-2.diff.gz
to pool/contrib/p/pgp4pine/pgp4pine_1.76-2.diff.gz
pgp4pine_1.76-2.dsc
to pool/contrib/p/pgp4pine/pgp4pine_1.76-2.dsc
pgp4pine_1.76-2_i386.deb
to pool/contrib/p/pgp4pine/pgp4pine_1.76-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jaldhar H. Vyas <[EMAIL PROTECTED]> (supplier of updated pgp4pine package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 23 Jan 2006 16:42:11 -0500
Source: pgp4pine
Binary: pgp4pine
Architecture: source i386
Version: 1.76-2
Distribution: unstable
Urgency: high
Maintainer: Jaldhar H. Vyas <[EMAIL PROTECTED]>
Changed-By: Jaldhar H. Vyas <[EMAIL PROTECTED]>
Description:
pgp4pine - A PGP/GPG Wrapper for Pine
Closes: 344169
Changes:
pgp4pine (1.76-2) unstable; urgency=high
.
* When the user gets their passpahase wrong, abort so pine doesn't go
ahead and send the message unsigned anyway. (Closes: #344169)
* Fixed some encoding issues in the man page
* moved to debhelper compatability level 4
* moved to standards-version 3.6.2
Files:
1432e557f0bce8a5f04530326cbe5158 600 contrib/mail optional pgp4pine_1.76-2.dsc
aefd4a895d2f5388d0ff6d3e180f381a 7804 contrib/mail optional
pgp4pine_1.76-2.diff.gz
5ffdb5b0f17f8aeaac79964bd9cf1bf1 40566 contrib/mail optional
pgp4pine_1.76-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFD1V2j2kYOR+5txmoRAidjAJ9+4/T4WbzVVIhqE3YYKC4vGjcfQACfch2w
MrhSbLb41pT1Oh01c10TKGE=
=1Y0M
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
