Bug#547785: marked as done (yTNEF/Evolution TNEF Attachment Decoder Plugin Multiple Vulnerabilities)

Mon, 28 Sep 2009 10:59:50 -0700 

Your message dated Mon, 28 Sep 2009 17:32:31 +0000
with message-id <e1msk5p-0001hv...@ries.debian.org>
and subject line Bug#547785: fixed in ytnef 2.6-2
has caused the Debian Bug report #547785,
regarding yTNEF/Evolution TNEF Attachment Decoder Plugin Multiple 
Vulnerabilities
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
547785: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=547785
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: ytnef
Version: 2.6

Multiple buffer overflow and directory traversal vulnerabilities:

http://www.akitasecurity.nl/advisory.php?id=AK20090601
http://www.securiteam.com/unixfocus/5ZP012ASAQ.html
http://www.vupen.com/english/advisories/2009/2562

Looks like there's no upstream fix available and the sf.net project
looks dead last release in 2004 :-(

Regards

Ralf
-- 
Ralf Becker
Director Software Development

Stylite GmbH
[open style of IT]

Morschheimer Strasse 15
67292 Kirchheimbolanden

fon  +49 (0) 6352 70629-0
fax  +49 (0) 6352 70629-30
mailto: r...@stylite.de

www.stylite.de
www.egroupware.org
________________________________________________

Geschäftsführer Andre Keller,
        Gudrun Müller, Ralf Becker
Registergericht Kaiserslautern HRB 30575
Umsatzsteuer-Id / VAT-Id: DE214280951

--- End Message ---
--- Begin Message --- 
Source: ytnef
Source-Version: 2.6-2

We believe that the bug you reported is fixed in the latest version of
ytnef, which is due to be installed in the Debian FTP archive:

ytnef_2.6-2.diff.gz
  to pool/main/y/ytnef/ytnef_2.6-2.diff.gz
ytnef_2.6-2.dsc
  to pool/main/y/ytnef/ytnef_2.6-2.dsc
ytnef_2.6-2_amd64.deb
  to pool/main/y/ytnef/ytnef_2.6-2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 547...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Joshua Kwan <jo...@triplehelix.org> (supplier of updated ytnef package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 28 Sep 2009 10:05:04 -0700
Source: ytnef
Binary: ytnef
Architecture: source amd64
Version: 2.6-2
Distribution: unstable
Urgency: low
Maintainer: Debian QA Group <packa...@qa.debian.org>
Changed-By: Joshua Kwan <jo...@triplehelix.org>
Description: 
 ytnef      - improved decoder for application/ms-tnef attachments
Closes: 547785
Changes: 
 ytnef (2.6-2) unstable; urgency=low
 .
   * Orphaning this package. I have no time to maintain a package with
     no upstream (see below.)
   * Fix multiple security vulnerabilities, I hope. Upstream is dead
     on this package so it's really up to us. closes: #547785
   * Bump Standards-Version to 3.8.0 and debhelper compat level to 7.
   * Fix all kinds of lintian errors (the low hanging fruit):
     - drop Recommends on libmime-perl (replaced by Depends: perl)
     - fix FSF address
     - fix some debian/rules nits
     - add a README.source
     - replace dh_clean -k with dh_prep
Checksums-Sha1: 
 ce13db2415f9ea7ae9cc3433a84829f91c0c5aa3 1645 ytnef_2.6-2.dsc
 248c7eb822d839c98692b0a45d8524b66c9fbf02 4257 ytnef_2.6-2.diff.gz
 ece9d912bd4146aeee2c7ef19590b58b4a2519b2 16200 ytnef_2.6-2_amd64.deb
Checksums-Sha256: 
 9ec9b230c420a0297ca6de54d3937da3e5f91e9b5376e79051f58779be9c1e8f 1645 
ytnef_2.6-2.dsc
 a8519d4732cdc85ae5111878fea135818c683f04c2129bed36ad13086c080e4a 4257 
ytnef_2.6-2.diff.gz
 5702b78ac51a4cb6c9ecaff2d49e8d31152c6f56dce1cdd071886561a9cd9408 16200 
ytnef_2.6-2_amd64.deb
Files: 
 a4dac41e1db0b23d3241c61de148a45a 1645 utils extra ytnef_2.6-2.dsc
 86772219a8e773e3082f4760377d1090 4257 utils extra ytnef_2.6-2.diff.gz
 55790e79a10349b96215461f2c84718d 16200 utils extra ytnef_2.6-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: http://triplehelix.org/~joshk/pubkey_gpg.asc

iQIcBAEBAgAGBQJKwPENAAoJEKOILr94RG8mETwP/A4ZQ2LvxupQ0aRQST/vN3Ik
/TClQmFdgH2xgzS1AV3jFJjwWuksztZWSLiuPT3XB1DpV1/sbA4WJ5RMOVrwGAb6
QE54dukryYdaGMT22fIVEiGqkr76+kMWcCqKCvAuemnVyasJBIYCm8oiJ7EQxZOl
Qh4TgspuZDImQyNNRDkTLQAbiJDs/IK8rhvUw7ZdJkqfayt0e0ztdOW4tRlHPGJ/
DqbQwWpENkz+bvCE1inKVRgWtYP9cYNjC9VOLkuDUuT8Umcawq6wcPSwLtea5sST
YQmhoJS5NvAeNa2xTUglGa9U7onBAd2Afi4mZSnlU7L5ehY9DBn39aYDIjYyxiF9
KnnlkS534cMbtrzRXEPj7+ek6GWl2iJWays02ZMAwY15Ea7bfW18scXjLdTcoukP
kA0LYnVc6/0VIiUxEHXfQxj+BPhH77caeDdvqskDesdpirmXmZG0bLxMduKeQbQm
koQe8P+BYG2Cv034q0Sp5LRDAqLPyz5Di3DYUWcc10QcbvxWTEesTpZvtj9P+NHq
nnrmAck+AawZSWFDn3Pmt7L7mRbVvA2X3unsYY0cCefGV7Oa9AcXUUvGa81V/PR8
IhHPgVZ9XCVeQwNCCbWCOzbBjYxb8WRTywm6EneYGnuDmdg3MGTuosgXRSqA7n8M
iydeAHyZidJov0DfzxG8
=44IV
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to