not yet promoted. I didn't see any reasons for promotion. please reopen
if we should demote this package. now promoted to get the cluster stuff
building in main.
2010-12-13 23:42:05 INFOOverride Component to: 'main'
2010-12-13 23:42:14 INFO'libesmtp - 1.0.6-1/universe/libs' source overridd
o libesmtp: libesmtp-dev libesmtp5
[Reverse-Depends: pacemaker]
[Reverse-Build-Depends: pacemaker]
Promoted.
** Changed in: libesmtp (Ubuntu)
Status: In Progress => Fix Released
--
[MIR] libesmtp
https://bugs.launchpad.net/bugs/515996
You received this bug notification because you
Now that this is fixed, I'm fine with the original MIR approval.
Thanks! +1
** Changed in: libesmtp (Ubuntu)
Status: New => In Progress
--
[MIR] libesmtp
https://bugs.launchpad.net/bugs/515996
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
** Summary changed:
- MIR fallout: libesmtp does not check NULL bytes in commonNames of
certificates (variant of CVE-2009-2408)
+ [MIR] libesmtp
** Description changed:
1. Availability: amd64, armel, i386, ia64, powerpc, sparc
2. Rationale: The package helps meet
- https://blueprints.edg
** Bug watch added: Debian Bug tracker #572960
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572960
** Also affects: libesmtp (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572960
Importance: Unknown
Status: Unknown
--
libesmtp does not check NULL bytes in commo
I wouldn't want to see this in main until a full test suite can be built
to check for the CN failures (see lp:qa-regression-testing) as has been
done for fetchmail, e.g.
--
[MIR] libesmtp
https://bugs.launchpad.net/bugs/515996
You received this bug notification because you are a member of Ubuntu
Related to this are failures with CN-specificity:
https://bugzilla.redhat.com/show_bug.cgi?id=510202
Though it may be a non-issue if TLS doesn't function at all:
http://bugs.gentoo.org/213066
** Bug watch added: Red Hat Bugzilla #510202
https://bugzilla.redhat.com/show_bug.cgi?id=510202
--
I need to revoke this approval -- libesmtp is vulnerable to a variation
of CVE-2009-2408, in that it does not correctly handle NULL-bytes in the
commonName of certificates when comparing domain names. (See smtp-
tls.c)
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-2408
**
approved
** Changed in: libesmtp (Ubuntu)
Status: New => Fix Committed
--
[MIR] libesmtp
https://bugs.launchpad.net/bugs/515996
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu
