Bug#514044: marked as done (By default atmailopen act as an open imap/pop3 proxy)

Sun, 08 Feb 2009 03:20:22 -0800 

Your message dated Sun, 08 Feb 2009 11:02:07 +0000
with message-id <[email protected]>
and subject line Bug#514044: fixed in atmailopen 1.03+dfsg+svn93-1
has caused the Debian Bug report #514044,
regarding By default atmailopen act as an open imap/pop3 proxy
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
514044: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514044
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: atmailopen
Version: 1.03+dfsg+svn91-1
Severity: grave
Tags: security
Justification: user security hole

When atmailopen is enabled on a site by editing /etc/atmailopen/apache.conf
or /etc/atmailopen/lighttpd.conf the software allows anyone with access to
the web server to make a connection from that server to any imap or pop3
host.

This can be prevented by setting allowed_mailservers and/or mailserver in
/usr/share/atmailopen/libs/Atmail/Config.php to localhost. This should be
the default.

-- System Information:
Debian Release: 5.0
  APT prefers stable
  APT policy: (990, 'stable'), (400, 'testing'), (300, 'experimental'), (300, 
'unstable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.24-rvdb
Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15)

Versions of packages atmailopen depends on:
ii  apache2            2.2.9-10+lenny2       Apache HTTP Server metapackage
ii  apache2-mpm-prefor 2.2.9-10+lenny2       Apache HTTP Server - traditional n
ii  dbconfig-common    1.8.29+etch1          common framework for packaging dat
ii  debconf [debconf-2 1.5.11etch2           Debian configuration management sy
ii  fckeditor          1:2.6.2-1             rich text format javascript web ed
ii  libjs-prototype    1.6.0.2-4             JavaScript Framework for dynamic w
ii  mysql-client       5.0.32-7etch8         mysql database client (meta packag
ii  mysql-client-5.0 [ 5.0.32-7etch8         mysql database client binaries
ii  php-date           1.4.7-1               PHP PEAR module for date and time 
ii  php-db             1.7.13-2              PHP PEAR Database Abstraction Laye
ii  php-mail           1.1.14-1              PHP PEAR module for sending email
ii  php-mail-mime      1.5.2-0.1             PHP PEAR module for creating MIME 
ii  php-net-ldap       1:1.1.1-1             a OO interface for searching and m
ii  php-net-smtp       1.3.1-1               PHP PEAR module implementing SMTP 
ii  php-net-socket     1.0.8-2               PHP PEAR Network Socket Interface 
ii  php5               5.2.6.dfsg.1-1+lenny2 server-side, HTML-embedded scripti
ii  php5-mysql         5.2.6.dfsg.1-1+lenny2 MySQL module for php5

atmailopen recommends no packages.

-- debconf information excluded

--- End Message ---
--- Begin Message --- 
Source: atmailopen
Source-Version: 1.03+dfsg+svn93-1

We believe that the bug you reported is fixed in the latest version of
atmailopen, which is due to be installed in the Debian FTP archive:

atmailopen_1.03+dfsg+svn93-1.diff.gz
  to pool/main/a/atmailopen/atmailopen_1.03+dfsg+svn93-1.diff.gz
atmailopen_1.03+dfsg+svn93-1.dsc
  to pool/main/a/atmailopen/atmailopen_1.03+dfsg+svn93-1.dsc
atmailopen_1.03+dfsg+svn93-1_all.deb
  to pool/main/a/atmailopen/atmailopen_1.03+dfsg+svn93-1_all.deb
atmailopen_1.03+dfsg+svn93.orig.tar.gz
  to pool/main/a/atmailopen/atmailopen_1.03+dfsg+svn93.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Giuseppe Iuculano <[email protected]> (supplier of updated atmailopen 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 04 Feb 2009 20:37:00 +0100
Source: atmailopen
Binary: atmailopen
Architecture: source all
Version: 1.03+dfsg+svn93-1
Distribution: unstable
Urgency: low
Maintainer: Giuseppe Iuculano <[email protected]>
Changed-By: Giuseppe Iuculano <[email protected]>
Description: 
 atmailopen - elegant and intuitive ajax webmail client
Closes: 513977 513978 514044 514045
Changes: 
 atmailopen (1.03+dfsg+svn93-1) unstable; urgency=low
 .
   * [deae673] Imported Upstream version 1.03+dfsg+svn93
     + Removed "@Mail" references from Config.php
     + Added better support for accented chars in spellchecker
     + Fixed an error with mailbox prefixing
   * [11ade2a] javascript/webtoolkit.url.js: Justas Vinevičius has
     licensed webtoolkit.url.js under the terms of the GNU General Public
     License. Now it can be distributed
   * [33f326a] Install Config.php in /etc/atmailopen
   * [f7fd0fd] Do not act as an open imap/pop3 proxy by default. Thanks
     Richard van den Berg (Closes: #514044)
   * [9412148] Do not use directory.washington.edu as default LDAP
     server. Thanks Richard van den Berg (Closes: #513977)
   * [712ee54] Added $mailserver_auth in debian.php and document it.
     (Closes: #513978)
   * [897103e] Added tnef in Suggests and in debian.php conf
   * [698c31c] Added configuration section in README.Debian and added
     comments in conf/debian.php (Closes: #514045)
Checksums-Sha1: 
 3f328d2818a124073ab5669433f16af442fa5234 1252 atmailopen_1.03+dfsg+svn93-1.dsc
 774c6557d9d40c9e859bae9869db8320ddc27637 2472503 
atmailopen_1.03+dfsg+svn93.orig.tar.gz
 3b115d37286799a175bcd9ac243f0d6572e49771 20738 
atmailopen_1.03+dfsg+svn93-1.diff.gz
 5a20c22b0c1df4405bd14806fb498a1c2f7006d2 1639774 
atmailopen_1.03+dfsg+svn93-1_all.deb
Checksums-Sha256: 
 fc97b8c905cfbe0d6682ca552138c244c05ce94e95ac41f356edb6e5d2e352a6 1252 
atmailopen_1.03+dfsg+svn93-1.dsc
 9da0a257b8e288933941bfcc6712379c0ab58adf70d9c3cfda5972be2a653130 2472503 
atmailopen_1.03+dfsg+svn93.orig.tar.gz
 00b9f1f9a29d9cab38fc4edb46908975c50c62124ec8438f016b020b394e2b61 20738 
atmailopen_1.03+dfsg+svn93-1.diff.gz
 8b0e36d163200b21152755b35f4603c93d9777b5956e4629b6325627ed3fc679 1639774 
atmailopen_1.03+dfsg+svn93-1_all.deb
Files: 
 7929ca96f30fe79d4f494cffef89d134 1252 web optional 
atmailopen_1.03+dfsg+svn93-1.dsc
 01f2c75c026a07fb57724dfb9023ba7e 2472503 web optional 
atmailopen_1.03+dfsg+svn93.orig.tar.gz
 6317cfa5a5f32a55b8b95dd8a7c38c97 20738 web optional 
atmailopen_1.03+dfsg+svn93-1.diff.gz
 c61f1fe61cd2de71b014dea7eef95f27 1639774 web optional 
atmailopen_1.03+dfsg+svn93-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkmOuwIACgkQKFvXofIqeU7ejwCdEWjCGRHd6QVlf+Yh48YyS/Bt
QRUAniugnGMvNKRzARRVxlhTSY9fC5D4
=NdSN
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to