Your message dated Thu, 22 Aug 2024 15:47:09 +0000
with message-id <e1sha1l-0014q1...@fasolo.debian.org>
and subject line Bug#1075853: fixed in cyrus-imapd 3.6.1-4+deb12u3
has caused the Debian Bug report #1075853,
regarding Regression in fix for CVE-2024-34055 breaks murder clusters
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1075853: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1075853
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: cyrus-murder
Version: 3.6.1-4+deb12u2
Severity: grave
Tags: patch, fixed-upstream
The patch for CVE-2024-34055 breaks the implementation of the mupdate
protocol. This causes "ctl_mboxlist -m" to fail, which is by default
executed on the start of cyrus-imapd in a clustered setup. Therefore,
the current version of the cyrus-murder package is in an unusable state.
Non-clustered setups shouldn't be affected.
The cause and the fix (applied to recent versions only) are discussed
here https://github.com/cyrusimap/cyrus-imapd/issues/4932
The fixes have not (yet?) been backported to the 3.6 branch.
A more simple patch is given here:
https://github.com/cyrusimap/cyrus-imapd/pull/4937#issuecomment-2178372505
I've come to a similar approach as I was unaware of the Github issue
when encountering the problems and can confirm that the two-line-fix
also resolves the issue.
It is very likely that the regression also applies to the Bullseye package.
Regards
Matthias
--- End Message ---
--- Begin Message ---
Source: cyrus-imapd
Source-Version: 3.6.1-4+deb12u3
Done: Yadd <y...@debian.org>
We believe that the bug you reported is fixed in the latest version of
cyrus-imapd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1075...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <y...@debian.org> (supplier of updated cyrus-imapd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 29 Jul 2024 12:43:50 +0400
Source: cyrus-imapd
Architecture: source
Version: 3.6.1-4+deb12u3
Distribution: bookworm
Urgency: medium
Maintainer: Debian Cyrus Team <team+cy...@tracker.debian.org>
Changed-By: Yadd <y...@debian.org>
Closes: 1075853
Changes:
cyrus-imapd (3.6.1-4+deb12u3) bookworm; urgency=medium
.
* Fix regression introduced in CVE-2024-34055 fix (Closes: #1075853)
Checksums-Sha1:
845118cf0946fdb8e5d3d12c50653a150f7a9485 5464 cyrus-imapd_3.6.1-4+deb12u3.dsc
21b6ae930f58fec892986319d202ece656bc3921 111268
cyrus-imapd_3.6.1-4+deb12u3.debian.tar.xz
Checksums-Sha256:
8b8737b22e179c4f74724698b3862f7b15fec9d1d6e48db0c0c13a848d930a13 5464
cyrus-imapd_3.6.1-4+deb12u3.dsc
2faf55f46839d1164972fb6339423e0ce86e69603ed751bc57580eb2de381d79 111268
cyrus-imapd_3.6.1-4+deb12u3.debian.tar.xz
Files:
aa01460931a73aa9ab3e24266e164448 5464 mail optional
cyrus-imapd_3.6.1-4+deb12u3.dsc
40b376d93d213571707efbf042ccf102 111268 mail optional
cyrus-imapd_3.6.1-4+deb12u3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmbBsNkACgkQ9tdMp8mZ
7unGoRAAllfet4PMBAe1h07nWShZPROSe/HcGL56aC+oATBR6NPTa7ggZfhOXNg9
AfXUG5tPAK3uL6DGMQQzhxezck+PijVMwuNpIgflewfmu3VsKj3UTKzCuuAHVwnw
zb3YV5ge72rD+Nju+C9B25GPZYjhxb8kdaM6ABxB48PYbao8XmrqbkbLeFXlh3cx
BQhirBuH1vnH4A3Hxxu+M38CS1fL+QVFU9Pp3MMQrr9iqe8d8z2WSkUSzk/y/AdX
zfggPn95Llryo9A9wpSjCp4MxFQ1av68PeNXrq/pu2v8cIYpT0wZ6HcEZiV6CI27
PPdN/DwKCjsVYtVS60dPMa1l8CC9M/af4r3hIblnJ39kt9TpGaCruijXA9GhYDqS
xrVGO0d9ewu6NhrWMniwhp3LNmGVNqIepHLrK+bF4NPp82kwLEVEUSespihcBB2q
/YqB+gem8tDDlnBs/1IFPqEolYv+RPHghkij3UarvYi9kpcBV2qlLkCOulBuW6Fq
QoQ6oNtZbSpOIEITrQM/dXK2DRdiCaw6dJgLCzFc+OIm9B/+sYFJtpVn87MOmJWv
OE+jHQ1zH3FuevkaOvvfuQslwORbuiCOaEwg+2BgcqXGJ7Aby+rNXJgqBrMjUR2/
AvNKNQcvtAXxUY4Hk0Xpzg3xs0OzHFVCT6fmmGo+VogRlNksYWo=
=Pqta
-----END PGP SIGNATURE-----
pgpTVqqt3PWSv.pgp
Description: PGP signature
--- End Message ---
