Bug#728232: marked as done (sup-mail: CVE-2013-4478 and CVE-2013-4479)

Debian Bug Tracking System Thu, 28 Nov 2013 14:33:47 -0800

Your message dated Thu, 28 Nov 2013 22:32:49 +0000
with message-id <[email protected]>
and subject line Bug#728232: fixed in sup-mail 0.11-2+nmu1+deb6u1
has caused the Debian Bug report #728232,
regarding sup-mail: CVE-2013-4478 and CVE-2013-4479
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
728232: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728232
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: sup-mail
Severity: grave
Tags: security upstream patch fixed-upstream

Hi

A remote command injection in sup-mail was reported, see [0] and [1]
for more details. Upstream also released new versions fixing this
issue, see [3] for the diff between 0.13.2 and 0.13.2.1.

 [0] http://rubyforge.org/pipermail/sup-talk/2013-October/004996.html
 [1] http://seclists.org/fulldisclosure/2013/Oct/272
 [2] http://article.gmane.org/gmane.comp.security.oss.general/11389
 [3]  
https://github.com/sup-heliotrope/sup/compare/release-0.13.2...release-0.13.2.1

(A CVE was requested, in case it get assigned before of releasing a
fix, please include the CVE in your changelog).

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: sup-mail
Source-Version: 0.11-2+nmu1+deb6u1

We believe that the bug you reported is fixed in the latest version of
sup-mail, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Per Andersson <[email protected]> (supplier of updated sup-mail package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 24 Nov 2013 23:51:54 +0100
Source: sup-mail
Binary: sup-mail
Architecture: source all
Version: 0.11-2+nmu1+deb6u1
Distribution: squeeze-security
Urgency: high
Maintainer: Decklin Foster <[email protected]>
Changed-By: Per Andersson <[email protected]>
Description: 
 sup-mail   - thread-centric mailer with tagging and fast search
Closes: 728232
Changes: 
 sup-mail (0.11-2+nmu1+deb6u1) squeeze-security; urgency=high
 .
   * Non-maintainer upload
   * Fix remote code injection when viewing attachments, CVE-2013-4478 and
     CVE-2013-4479 (Closes: #728232)
Checksums-Sha1: 
 9ce09bdc145863831a88698fe04ca5fad67c3b32 1674 sup-mail_0.11-2+nmu1+deb6u1.dsc
 4adfd62d607c95e5a08b0387310e4de6b117a468 136647 sup-mail_0.11.orig.tar.gz
 cb99e90809b9098da873fcc36582629063bc22b0 11257 
sup-mail_0.11-2+nmu1+deb6u1.diff.gz
 8ef506040411b9a2a90338fadb7f6d4439981bd8 146910 
sup-mail_0.11-2+nmu1+deb6u1_all.deb
Checksums-Sha256: 
 111cad46a508dc22b653236a582091075a87adf0f981ede456046bd5f0e4f117 1674 
sup-mail_0.11-2+nmu1+deb6u1.dsc
 e143ce79e64617ed2edcc8e9e8257f5eae93f690e02811ea314643dda7cd54af 136647 
sup-mail_0.11.orig.tar.gz
 b091041f7060ce0f8765b6e48e39cca1ca2a753f57a98e0b1bf2aca5c34df686 11257 
sup-mail_0.11-2+nmu1+deb6u1.diff.gz
 8d3a85871e702835e24eb124f8bcbe516947653721cf2d1ac332c31715032a9a 146910 
sup-mail_0.11-2+nmu1+deb6u1_all.deb
Files: 
 4dc4b1c48276a1606dfa298334e99dc6 1674 mail optional 
sup-mail_0.11-2+nmu1+deb6u1.dsc
 7c6943af23bab518e07533974ddf5bce 136647 mail optional sup-mail_0.11.orig.tar.gz
 b417fc951a4d4356ef3f101e0bdae6c1 11257 mail optional 
sup-mail_0.11-2+nmu1+deb6u1.diff.gz
 8a440a545eccdf688d98d3717b99618d 146910 mail optional 
sup-mail_0.11-2+nmu1+deb6u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBCgAGBQJSkpbYAAoJELGIrlV59JL4Bl4P/jlvgKxUPMbxw/sLgpyey0A/
l1BIwPZKtn1IAjpL8+700+1Bb94DxZl7PavYi+MCeR/2Cy0P7LfBJOztMJxoSghY
96SsRYkQViQKUmpXvIis07Qrl8HALNOQ9WkjKAkKtyNI+wDX8AHMwOlFUF0IzDPk
hM79SxGyQYvVDGlbPD2DzmB4V//+7OwzlGmgCpsMpDVoH11VeZi+8l85zJtMAGZw
mkNkt2RRz+/Hia2QZKwSKFaW8fv3006LeMrNqufx2ZF2sEgC0lserlt6ycmwzOGx
NHiC+KQeXFCR089jJP10jEwuMvV6tbQV8GfWK0RLhb2gP6deUvExbLupT12Jein5
t7LygxarLn2EcvEHUjwX4duw8Xlk0xCOB1b12ZLcVxTEqLiSszW/5va/yqiWGrCN
0hfM1QSk/pWe89bumvzYQWYaE32fkPaKi8SlAO0lYkGlgLTW8oomBQlO9TfXAezn
QB9NSsdJzb37AzpQXUmIFqVlcxqrgCW/xgDioV2NEvVhwLeIINhhULOuo8T3CEV0
ZJCKsqiPmi0TvMbXnRkWiNe3gGfbnCxno6qGs0EFF7frgRGDBOG6RlTFLiOSMZjy
arQwz1vdEZln9iWeMDQCd1JQGqCCFzFjSHy8hTUK0P10OGDD6s0IU/Co3o1R1kHG
IVv7oSadvdf9x6n+EUg2
=nbI4
-----END PGP SIGNATURE-----

--- End Message ---

Bug#728232: marked as done (sup-mail: CVE-2013-4478 and CVE-2013-4479)

Reply via email to