Your message dated Tue, 31 Oct 2006 00:34:21 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#396099: fixed in ingo1 1.1.2-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
package: ingo1
tags: security
severity: grave
A vulnerability has been found in ingo:
procmail in Ingo H3 before 1.1.2 Horde module allows remote
authenticated users to execute arbitrary commands via shell
metacharacters in the mailbox destination of a filter rule.
This is fixed in 1.1.2. See
http://secunia.com/advisories/22482
for details.
Please mention the CVE id in the changelog.
--- End Message ---
--- Begin Message ---
Source: ingo1
Source-Version: 1.1.2-1
We believe that the bug you reported is fixed in the latest version of
ingo1, which is due to be installed in the Debian FTP archive:
ingo1_1.1.2-1.diff.gz
to pool/main/i/ingo1/ingo1_1.1.2-1.diff.gz
ingo1_1.1.2-1.dsc
to pool/main/i/ingo1/ingo1_1.1.2-1.dsc
ingo1_1.1.2-1_all.deb
to pool/main/i/ingo1/ingo1_1.1.2-1_all.deb
ingo1_1.1.2.orig.tar.gz
to pool/main/i/ingo1/ingo1_1.1.2.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Lionel Elie Mamane <[EMAIL PROTECTED]> (supplier of updated ingo1 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Format: 1.7
Date: Tue, 31 Oct 2006 09:24:02 +0100
Source: ingo1
Binary: ingo1
Architecture: source all
Version: 1.1.2-1
Distribution: unstable
Urgency: high
Maintainer: Horde Maintainers <[EMAIL PROTECTED]>
Changed-By: Lionel Elie Mamane <[EMAIL PROTECTED]>
Description:
ingo1 - email filter component for Horde Framework
Closes: 396099
Changes:
ingo1 (1.1.2-1) unstable; urgency=high
.
* New upstream version:
- Fix remote autenticated user arbitrary command execution
via shell metacharacters in mailbox name (closes: #396099)
This is CVE-2006-5449.
* Bump up Standards-Version
Files:
cc2e3b1faf644d6e13b573ba5eea6f6b 679 web optional ingo1_1.1.2-1.dsc
dc9dbfe52df5b922ec852b1267df5130 1342239 web optional ingo1_1.1.2.orig.tar.gz
c02bc0bb40d27eea843aeff94320275b 5149 web optional ingo1_1.1.2-1.diff.gz
187de2d65c81a44029fc91f460f62845 1394062 web optional ingo1_1.1.2-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iEYEAREDAAYFAkVHCF0ACgkQscRzFz57S3O2WQCgwN/eOryNeDV58SXADC7BhJ8r
lJoAnAlurUYtj4jphPWp0bEqc/f6c8Tz
=S0PC
-----END PGP SIGNATURE-----
--- End Message ---
