Your message dated Tue, 20 Feb 2018 23:23:37 +0000 with message-id <e1eohg5-000h0g...@fasolo.debian.org> and subject line Bug#857546: fixed in profanity 0.5.1-1 has caused the Debian Bug report #857546, regarding profanity: Server certificates are not verified to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 857546: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857546 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: profanity Severity: grave Tags: security Justification: user security hole Dear Maintainer, Profanity is not built against libmesode[1]. Libmesode is a fork of libstrophe that allows to validate the certificate chain. Upstream bug #280 provides more information[2]. Libmesode doesn't seem to be packaged yet in Debian. If Profanity does not verify the xmpp server's certificate using Debian's store of known CA certificates, users' passwords, text messages and other sensitive information can be intercepted. Best regards, Wolfgang [1] https://github.com/boothj5/libmesode [2] https://github.com/boothj5/profanity/issues/280 -- System Information: Debian Release: 8.7 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.8.0-2-grsec-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---Source: profanity Source-Version: 0.5.1-1 We believe that the bug you reported is fixed in the latest version of profanity, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 857...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. W. Martin Borgert <deba...@debian.org> (supplier of updated profanity package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 20 Feb 2018 22:56:23 +0000 Source: profanity Binary: profanity Architecture: source amd64 Version: 0.5.1-1 Distribution: unstable Urgency: medium Maintainer: Debian XMPP Maintainers <pkg-xmpp-de...@lists.alioth.debian.org> Changed-By: W. Martin Borgert <deba...@debian.org> Description: profanity - console based XMPP client Closes: 852261 854735 857546 Changes: profanity (0.5.1-1) unstable; urgency=medium . * New upstream version (Closes: #854735) finally * move to Debian XMPP Maintainers and salsa.debian.org * Bump standars version * Temporarily disabled problematic unittest (Closes: #852261), hopefully solved in next upstream release * Depend on current libstrophe (Closes: #857546) Checksums-Sha1: eaecc60c23e34866cd1f4e1b6bf9a3a35b846ec7 2235 profanity_0.5.1-1.dsc cf35b0871011d87269464ba05078d6d24c6aade5 392454 profanity_0.5.1.orig.tar.gz 0d79c568cbbe3370e83c3881e7ee003b3ae82b14 3968 profanity_0.5.1-1.debian.tar.xz bf728a82a86d11f6983828320df81fe73478e1b7 766980 profanity-dbgsym_0.5.1-1_amd64.deb f2a7443285bdfe33621370da0f08004ff5192990 12105 profanity_0.5.1-1_amd64.buildinfo 63ffbdd445f7c412c02eea9a94433d18702bc9d4 263464 profanity_0.5.1-1_amd64.deb Checksums-Sha256: e7c27ee5b198536519854b87b954cd9b530b4c561c182765bffd76b3f8985107 2235 profanity_0.5.1-1.dsc 3dad6024eb8b759ea576203de11f72dc74efaf90f2c7acb0f61e951b44899188 392454 profanity_0.5.1.orig.tar.gz 79bc403d408539d4eaec1797f8e915f8d832f4d876828e0b40c0f6e46826828d 3968 profanity_0.5.1-1.debian.tar.xz c3f583c0acf479557b41a9b2582ae22ff35b6a0b7b1a51940ef37518c0e836e7 766980 profanity-dbgsym_0.5.1-1_amd64.deb 36c48e81b8778fede7514573a1651e529dad2405fd4c33dcfd404a131555d47a 12105 profanity_0.5.1-1_amd64.buildinfo 2704e80f2f4999059aedcaded3bb85f0cfa4a2c8ad4f92a7f8aa29c6d01eb26f 263464 profanity_0.5.1-1_amd64.deb Files: 1850e2a42ea6010a7bb00057b1dfb5e6 2235 net optional profanity_0.5.1-1.dsc 10a25df6b5f3c0c78666dd95db0e1c60 392454 net optional profanity_0.5.1.orig.tar.gz f44d77e9fbdacb4810100bbac376e468 3968 net optional profanity_0.5.1-1.debian.tar.xz 9f2c2a1046957f427a73cd929700ad35 766980 debug optional profanity-dbgsym_0.5.1-1_amd64.deb afa25a6b0e565099974a83129037fcf3 12105 net optional profanity_0.5.1-1_amd64.buildinfo 27c0360a1b07e84a91254d89fa692559 263464 net optional profanity_0.5.1-1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEftHeo0XZoKEY1KdA4+Chwoa5Y+oFAlqMqckACgkQ4+Chwoa5 Y+od0A//ag/EeX+9rJWdb4b4Jdvm2icz0RanrkAF/bIGpagXcKCcEXYS8B1ks8On 1Vf/AwzZdU2RV+7676N/LqRaVMI4OBfO7V1K9QdIYS/EExaVf7tfS1RUBldLKlzT KoDCT7z7KSwpLhbXcgC7vIkBY1fGsN5p8KM63zTtR4ZKkcVrZ1gy/SlWjwBXREew IiNUgWBnqqg1W/xQwwGd09zgNxlPns/QijXrnh9+a0+H2dgklLqp3XeX87TQOrjT cVBKDwuButoXDywusLqXssz0PQYZMmjBolELnfLPffK2Y9oceySCU3eP1s3JGvie 77pDaYE01mYdpvwTQ7PGWrajAO9cdpoPkRtZdKCTGBJlhITtZ1WdzFjeZu+jIZlQ VbIDdDTo7bXNOuBXUkYmRMlOE7AV651k9Q7ebI7VDscdu4BGE5QOcxpzQrUl1z6D 0zGQzQ8Yu5FLse7MsJqJgOHSkat0RtRrnLQgtth4pNzS905TirPsjNxDJ06FOzgH /Zoi0uLNDT9zmxH9GHT4WASGHOJHW3/71VxQzv56gJ8eeV2n5unGE9W2eE6b1o33 Wi3QGwUGayjAjh6FWihFwjqwDDmQSjLBQtPlPLbPhmlXhoj8+j12gORVLv9TC7dx b3Km5huqlJW6rWilb1XNql9kylskmcH72qZA/HZNTg78/54yGnI= =Ynd4 -----END PGP SIGNATURE-----
--- End Message ---
