Your message dated Fri, 11 Jun 2021 09:47:10 +0000 with message-id <e1lrdks-000bkq...@fasolo.debian.org> and subject line Bug#989564: fixed in isync 1.3.0-2.2~deb10u1 has caused the Debian Bug report #989564, regarding isync: CVE-2021-3578 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 989564: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989564 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: isync Version: 1.3.0-2.1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 1.3.0-2 Hi, The following vulnerability was published for isync. CVE-2021-3578[0]: | possible remote code execution in isync/mbsync If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-3578 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3578 [1] https://www.openwall.com/lists/oss-security/2021/06/07/1 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: isync Source-Version: 1.3.0-2.2~deb10u1 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of isync, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 989...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated isync package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 09 Jun 2021 21:21:48 +0200 Source: isync Architecture: source Version: 1.3.0-2.2~deb10u1 Distribution: buster Urgency: medium Maintainer: Nicolas Boullis <nboul...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 983351 989564 Changes: isync (1.3.0-2.2~deb10u1) buster; urgency=medium . * Non-maintainer upload. * Rebuild for buster . isync (1.3.0-2.2) unstable; urgency=medium . * Non-maintainer upload. * fix handling of unexpected APPENDUID response code (CVE-2021-3578) (Closes: #989564) . isync (1.3.0-2.1) unstable; urgency=medium . * Non-maintainer upload. . [ Ondřej Nový ] * d/watch: Use https protocol . [ Salvatore Bonaccorso ] * reject funny mailbox names from IMAP LIST/LSUB (CVE-2021-20247) (Closes: #983351) Checksums-Sha1: 1bea5cc21869cdf88d0015a98f8bebb5120805e0 2081 isync_1.3.0-2.2~deb10u1.dsc 07f6d7cfc39ed2678791f625de70cdeff3d3bfba 309459 isync_1.3.0.orig.tar.gz ecda4c1d0b16e16eb0a677b6bc5fdf4139eee1fb 9872 isync_1.3.0-2.2~deb10u1.debian.tar.xz Checksums-Sha256: 7ebb1b101d2e9769e923d725f3c1f3ec1034561a3280e5a3c3e8337dda566e79 2081 isync_1.3.0-2.2~deb10u1.dsc 8d5f583976e3119705bdba27fa4fc962e807ff5996f24f354957178ffa697c9c 309459 isync_1.3.0.orig.tar.gz b5f44a04c4b811e760b995d4a3b8f3b96d5ece5b5b6495593ee7b8887a09958c 9872 isync_1.3.0-2.2~deb10u1.debian.tar.xz Files: 53f1da0dac90b61967b56859dc12aa94 2081 mail optional isync_1.3.0-2.2~deb10u1.dsc f64e8723ebbb081bc15510586bfa1f8f 309459 mail optional isync_1.3.0.orig.tar.gz f5c96276531ebab6e278a1da29f5eead 9872 mail optional isync_1.3.0-2.2~deb10u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmDBFnZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EneEP/RwbL846m91RAXSPvjHktbJLhfj4LNPA F4l+e7IyoydvcyErYXK+QC/A6wu/GX4VA+lYWonZKnxOc0DDSTdGdt4FKAVVLn90 uvk1K48a1ibaJRwGNdDFrA4QvGPhvS6ZdDj0gCHrSXL/DsjZ7zaemix/gqPpgRoL xTRAva+bW4YmQlyzt3TTZNKV96v0g83RAc+5XGiPCfiEpw+oAbtib5KVp4awTpbk K4eSZMqgnvC5tB9WmIo/o5Tg2XP2lgO3sc2ZMd2z4YXcBACA70pLDu/M67kaB5ab qu9vvCWMac35tRKnhz2yPweuDqAxjslV9ZLE0gdu/XASdr8cPYdIJuYA2Pdlg5B8 AlIGg3kCsVwsb3W/gA8MzENB6JJ9heXbUBCD0EbDLDkY4Kvnz/e+96OSomt834Mg N3fGMoueOgQfd4UQIiRB6eOd/ywxe9YUqHc+j2luLQJ6MoK5aAXsnM5nCSV/hFjS 4ZdwOpg6GNKTZfBOFf6QrU7KAMoW2czySeVegwG7YVji4091LsF3jQB61mQh/bNY ztJpereDEtH7ApmYfDBEnjM0J0T8cnDTgEwibtUAadZxa2jO4y7RZPHUGzzi9cpG 0Stu1yk+xMBcQPVU7xGRmdrCJuKNDuBO9JHS3ONMlxmFa4PDZ9J6/D7m5DHL0Sli UhqIbUuazEfS =igbz -----END PGP SIGNATURE-----
--- End Message ---
