Your message dated Wed, 14 Sep 2005 04:02:05 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#327424: fixed in mailutils 1:0.6.90-3
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 10 Sep 2005 00:23:39 +0000
>From [EMAIL PROTECTED] Fri Sep 09 17:23:39 2005
Return-path: <[EMAIL PROTECTED]>
Received: from (vserver151.vserver151.serverflex.de) [193.22.164.111]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1EDt9f-0002nB-00; Fri, 09 Sep 2005 17:23:39 -0700
Received: from dsl-084-059-136-208.arcor-ip.net ([84.59.136.208]
helo=localhost.localdomain)
by vserver151.vserver151.serverflex.de with esmtpsa
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1EDt9a-0002eq-DI
for [EMAIL PROTECTED]; Sat, 10 Sep 2005 02:23:34 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.52)
id 1EDtAR-0001y9-9L; Sat, 10 Sep 2005 02:24:27 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: mailutils-imap4d: Remotely exploitable format string vulnerability in
SEARCH
command
X-Mailer: reportbug 3.17
Date: Sat, 10 Sep 2005 02:24:27 +0200
X-Debbugs-Cc: Debian Security Team <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 84.59.136.208
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
Package: mailutils-imap4d
Severity: grave
Tags: security
Justification: user security hole
A remotely exploitable format string vulnerability has been found in
GNU mailutils' imap4d server. Please see the iDefense advisory at
www.idefense.com/application/poi/display?id=303&type=vulnerabilities
for details, an exploit and a link to a patch.
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.13
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
---------------------------------------
Received: (at 327424-close) by bugs.debian.org; 14 Sep 2005 11:08:01 +0000
>From [EMAIL PROTECTED] Wed Sep 14 04:08:01 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1EFV1h-0004g6-00; Wed, 14 Sep 2005 04:02:05 -0700
From: Jordi Mallach <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#327424: fixed in mailutils 1:0.6.90-3
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Wed, 14 Sep 2005 04:02:05 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: mailutils
Source-Version: 1:0.6.90-3
We believe that the bug you reported is fixed in the latest version of
mailutils, which is due to be installed in the Debian FTP archive:
libmailutils0-dev_0.6.90-3_i386.deb
to pool/main/m/mailutils/libmailutils0-dev_0.6.90-3_i386.deb
libmailutils0_0.6.90-3_i386.deb
to pool/main/m/mailutils/libmailutils0_0.6.90-3_i386.deb
mailutils-comsatd_0.6.90-3_i386.deb
to pool/main/m/mailutils/mailutils-comsatd_0.6.90-3_i386.deb
mailutils-doc_0.6.90-3_all.deb
to pool/main/m/mailutils/mailutils-doc_0.6.90-3_all.deb
mailutils-imap4d_0.6.90-3_i386.deb
to pool/main/m/mailutils/mailutils-imap4d_0.6.90-3_i386.deb
mailutils-mh_0.6.90-3_i386.deb
to pool/main/m/mailutils/mailutils-mh_0.6.90-3_i386.deb
mailutils-pop3d_0.6.90-3_i386.deb
to pool/main/m/mailutils/mailutils-pop3d_0.6.90-3_i386.deb
mailutils_0.6.90-3.diff.gz
to pool/main/m/mailutils/mailutils_0.6.90-3.diff.gz
mailutils_0.6.90-3.dsc
to pool/main/m/mailutils/mailutils_0.6.90-3.dsc
mailutils_0.6.90-3_i386.deb
to pool/main/m/mailutils/mailutils_0.6.90-3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jordi Mallach <[EMAIL PROTECTED]> (supplier of updated mailutils package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 14 Sep 2005 11:33:15 +0200
Source: mailutils
Binary: mailutils-mh mailutils-imap4d mailutils-comsatd mailutils
libmailutils0-dev libmailutils0 mailutils-pop3d mailutils-doc
Architecture: source i386 all
Version: 1:0.6.90-3
Distribution: unstable
Urgency: high
Maintainer: Jordi Mallach <[EMAIL PROTECTED]>
Changed-By: Jordi Mallach <[EMAIL PROTECTED]>
Description:
libmailutils0 - GNU Mail abstraction library
libmailutils0-dev - Development files for GNU mailutils
mailutils - GNU mailutils utilities for handling mail
mailutils-comsatd - GNU mailutils-based comsatd daemon
mailutils-doc - Documentation for GNU mailutils
mailutils-imap4d - GNU mailutils-based IMAP4 Daemon
mailutils-mh - GNU mailutils-based MH utilities
mailutils-pop3d - GNU mailutils-based POP3 Daemon
Closes: 327424
Changes:
mailutils (1:0.6.90-3) unstable; urgency=HIGH
.
* debian/patches/05_imap4d_bad_uid.patch: fix the imap4d testsuite to
match the new non-existing UID behaviour.
* [SECURITY: CAN-2005-2878]
debian/patches/07_CAN-2005-2878_imap4d_search_format_string.patch: patch
from Sergey Poznyakoff to fix a format string vulnerability in
imap4d's SEARCH function (closes: #327424).
Files:
57f7db749d6e368af03e94bfec65c5f8 1112 libs optional mailutils_0.6.90-3.dsc
9c78c98a4e086328063535e8ebe3621e 35394 libs optional mailutils_0.6.90-3.diff.gz
de91f4aec9df15bd0d750c31c184dd74 291648 doc optional
mailutils-doc_0.6.90-3_all.deb
bc2b50f6bf04cbd383a180d84d62b582 550708 libs optional
libmailutils0_0.6.90-3_i386.deb
de94eb4bdaeff46fc7121d15d18d4468 364218 libdevel optional
libmailutils0-dev_0.6.90-3_i386.deb
d320fabb85615c93c4e4c352ce9c7d01 183426 mail optional
mailutils_0.6.90-3_i386.deb
b760296fe73d87db86f69033c2bd7bc3 75008 net optional
mailutils-imap4d_0.6.90-3_i386.deb
9e2b4170df39586eee91f31ef1d96b49 59962 net optional
mailutils-pop3d_0.6.90-3_i386.deb
762fee3dc73064ddfa27ae3e2e6eaf79 46422 net optional
mailutils-comsatd_0.6.90-3_i386.deb
a91477c33032bf8513830fe5dd56fb3e 642938 mail optional
mailutils-mh_0.6.90-3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDKABlJYSUupF6Il4RAuHTAKDYdDP24of5mfxetMrQMAgqKPOFYQCgyqPG
SL1AqOWBDJmV4F93J5Kcvko=
=XWup
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
