Your message dated Fri, 17 Aug 2018 21:02:08 +0000 with message-id <e1fqlsm-000frf...@fasolo.debian.org> and subject line Bug#904051: fixed in mutt 1.7.2-1+deb9u1 has caused the Debian Bug report #904051, regarding mutt: Tracking bug for security updates to mutt in stretch to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 904051: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: mutt Version: 1.7.2-1 Severity: grave Tags: security upstream Justification: security update Tracking bug for security updates for mutt in stretch. Details on https://security-tracker.debian.org/tracker/source-package/mutt Patches are already provided by robe...@debian.org for jessie and currently stored in jessie-updates. -- Package-specific info: Mutt 1.10.1 (2018-07-13) Copyright (C) 1996-2016 Michael R. Elkins and others. Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'. Mutt is free software, and you are welcome to redistribute it under certain conditions; type `mutt -vv' for details. System: Linux 4.17.0-1-amd64 (x86_64) ncurses: ncurses 6.1.20180714 (compiled with 6.1) libidn: 1.33 (compiled with 1.33) hcache backend: tokyocabinet 1.4.48 Compiler: Using built-in specs. COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/7/lto-wrapper OFFLOAD_TARGET_NAMES=nvptx-none OFFLOAD_TARGET_DEFAULT=1 Target: x86_64-linux-gnu Configured with: ../src/configure -v --with-pkgversion='Debian 7.3.0-25' --with-bugurl=file:///usr/share/doc/gcc-7/README.Bugs --enable-languages=c,ada,c++,go,brig,d,fortran,objc,obj-c++ --prefix=/usr --with-gcc-major-version-only --program-suffix=-7 --program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-vtable-verify --enable-libmpx --enable-plugin --enable-default-pie --with-system-zlib --with-target-system-zlib --enable-objc-gc=auto --enable-multiarch --disable-werror --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-offload-targets=nvptx-none --without-cuda-driver --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu Thread model: posix gcc version 7.3.0 (Debian 7.3.0-25) Configure options: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=\${prefix}/include' '--mandir=\${prefix}/share/man' '--infodir=\${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libdir=\${prefix}/lib/x86_64-linux-gnu' '--libexecdir=\${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--disable-dependency-tracking' '--with-mailpath=/var/mail' '--enable-compressed' '--enable-debug' '--enable-fcntl' '--enable-hcache' '--enable-gpgme' '--enable-imap' '--enable-smtp' '--enable-pop' '--enable-sidebar' '--enable-nntp' '--enable-dotlock' '--disable-fmemopen' '--with-curses' '--with-gnutls' '--with-gss' '--with-idn' '--with-mixmaster' '--with-sasl' '--without-gdbm' '--without-bdb' '--without-qdbm' '--with-tokyocabinet' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/mutt-92M5sF/mutt-1.10.1=. -fstack-protector-strong -Wformat -Werror=format-security' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' Compilation CFLAGS: -Wall -pedantic -Wno-long-long -g -O2 -fdebug-prefix-map=/build/mutt-92M5sF/mutt-1.10.1=. -fstack-protector-strong -Wformat -Werror=format-security Compile options: -DOMAIN +DEBUG -HOMESPOOL +USE_SETGID +USE_DOTLOCK +DL_STANDALONE +USE_FCNTL -USE_FLOCK +USE_POP +USE_IMAP +USE_SMTP -USE_SSL_OPENSSL +USE_SSL_GNUTLS +USE_SASL +USE_GSS +HAVE_GETADDRINFO +HAVE_REGCOMP -USE_GNU_REGEX +HAVE_COLOR +HAVE_START_COLOR +HAVE_TYPEAHEAD +HAVE_BKGDSET +HAVE_CURS_SET +HAVE_META +HAVE_RESIZETERM +HAVE_FUTIMENS +CRYPT_BACKEND_CLASSIC_PGP +CRYPT_BACKEND_CLASSIC_SMIME +CRYPT_BACKEND_GPGME -EXACT_ADDRESS -SUN_ATTACHMENT +ENABLE_NLS -LOCALES_HACK +HAVE_WC_FUNCS +HAVE_LANGINFO_CODESET +HAVE_LANGINFO_YESEXPR +HAVE_ICONV -ICONV_NONTRANS +HAVE_LIBIDN -HAVE_LIBIDN2 +HAVE_GETSID +USE_HCACHE +USE_SIDEBAR +USE_COMPRESSED -ISPELL SENDMAIL="/usr/sbin/sendmail" MAILPATH="/var/mail" PKGDATADIR="/usr/share/mutt" SYSCONFDIR="/etc" EXECSHELL="/bin/sh" MIXMASTER="mixmaster" To contact the developers, please mail to <mutt-...@mutt.org>. To report a bug, please contact the Mutt maintainers via gitlab: https://gitlab.com/muttmua/mutt/issues -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.17.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_IE.utf8, LC_CTYPE=en_IE.utf8 (charmap=UTF-8), LANGUAGE=en_IE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages mutt depends on: ii libassuan0 2.5.1-2 ii libc6 2.27-5 ii libcom-err2 1.44.3-1 ii libgnutls30 3.5.19-1 ii libgpg-error0 1.32-1 ii libgpgme11 1.11.1-1 ii libgssapi-krb5-2 1.16-2 ii libidn11 1.33-2.2 ii libk5crypto3 1.16-2 ii libkrb5-3 1.16-2 ii libncursesw6 6.1+20180714-1 ii libsasl2-2 2.1.27~101-g0780600+dfsg-3.1 ii libtinfo6 6.1+20180714-1 ii libtokyocabinet9 1.4.48-12 Versions of packages mutt recommends: ii libsasl2-modules 2.1.27~101-g0780600+dfsg-3.1 ii locales 2.27-5 ii mime-support 3.61 Versions of packages mutt suggests: ii aspell 0.60.7~20110707-5 ii ca-certificates 20170717 ii exim4-daemon-light [mail-transport-agent] 4.91-6 ii gnupg 2.2.9-1 ii ispell 3.4.00-6+b1 pn mixmaster <none> ii openssl 1.1.0h-4 pn urlview <none> Versions of packages mutt is related to: ii mutt 1.10.1-1 -- no debconf information
--- End Message ---
--- Begin Message ---Source: mutt Source-Version: 1.7.2-1+deb9u1 We believe that the bug you reported is fixed in the latest version of mutt, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 904...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Antonio Radici <anto...@debian.org> (supplier of updated mutt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 07 Aug 2018 09:48:44 +0100 Source: mutt Binary: mutt Architecture: source Version: 1.7.2-1+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Mutt maintainers <pkg-mutt-maintain...@lists.alioth.debian.org> Changed-By: Antonio Radici <anto...@debian.org> Description: mutt - text-based mailreader supporting MIME, GPG, PGP and threading Closes: 904051 Changes: mutt (1.7.2-1+deb9u1) stretch-security; urgency=high . * Initial changelog entries for security update (Closes: 904051) * Patches provided by Roberto C. Sánchez <robe...@debian.org> + Fix arbitrary command execution by remote IMAP servers via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription (CVE-2018-14354) + Fix arbitrary command execution by remote IMAP servers via backquote characters, related to the mailboxes command associated with an automatic subscription (CVE-2018-14357) + Fix a stack-based buffer overflow caused by imap_quote_string() not leaving room for quote characters (CVE-2018-14352) + Fix an integer underflow in imap_quote_string() (CVE-2018-14353) + Fix mishandling of zero-length UID in pop.c (CVE-2018-14356) + Fix unsafe interaction between message-cache pathnames and certain characters in pop.c (CVE-2018-14362) + Fix mishandling of ".." directory traversal in IMAP mailbox name (CVE-2018-14355) + Fix a stack-based buffer overflow for an IMAP FETCH response with a long INTERNALDATE field (CVE-2018-14350) + Fix a stack-based buffer overflow for an IMAP FETCH response with a long RFC822.SIZE field (CVE-2018-14358) + Fix mishandling of an IMAP NO response without a message (CVE-2018-14349) + Fix mishandling of long IMAP status mailbox literal count size (CVE-2018-14351) + Fix a buffer overflow via base64 data (CVE-2018-14359) + Fix a stack-based buffer overflow because of incorrect sscanf usage (CVE-2018-14360) + Fix a defect where processing continues if memory allocation fails for NNTP messages (CVE-2018-14361) * Fix unsafe interaction between message-cache pathnames and certain characters in newsrc.c (CVE-2018-14363) Checksums-Sha1: ee6cbca7086be8f154a12c8dd1c7691af3fb8d3a 2261 mutt_1.7.2-1+deb9u1.dsc 39be2b552b99ed16f263487017c68cdbc1c7b384 4025880 mutt_1.7.2.orig.tar.gz f9016623034e6c882c989fa155e9ad1f6180053a 942128 mutt_1.7.2-1+deb9u1.debian.tar.xz 46d6d2d1705ffcddd4dcf707b39f355f760949a9 8197 mutt_1.7.2-1+deb9u1_amd64.buildinfo Checksums-Sha256: 444b1ae5aa891a062cf384eba463b5b3890f165001bf48a660323d6994fad6c6 2261 mutt_1.7.2-1+deb9u1.dsc 1553501687cd22d5b8aaee4dc5a7d9dcf6cc61d7956f6aabaadd252d10cd5ff9 4025880 mutt_1.7.2.orig.tar.gz 2cdb980933fc6c17869af79ae2f574193b1bf3883e8dd514ddc552430590ded6 942128 mutt_1.7.2-1+deb9u1.debian.tar.xz 840f8e44945e240b1bfc4b2dd24084fa84c1d41a0833007715a821ef700742aa 8197 mutt_1.7.2-1+deb9u1_amd64.buildinfo Files: 6d8db98e29b0fa03b1771fbbc513036a 2261 mail optional mutt_1.7.2-1+deb9u1.dsc 15425c4c9946d58c22ccb44901544e6d 4025880 mail optional mutt_1.7.2.orig.tar.gz 01f386aeba296788821facd530dfa6de 942128 mail optional mutt_1.7.2-1+deb9u1.debian.tar.xz 4ed1cded4d079c153ae39af449715077 8197 mail optional mutt_1.7.2-1+deb9u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJHBAEBCAAxFiEEQObYrBkA1SRrfOa1NcjIiHLLHu0FAltv620THGFudG9uaW9A ZGViaWFuLm9yZwAKCRA1yMiIcsse7dPhD/91EfWhueQ046CcvhGx5G4O1VvlbxkQ PW1hctvsEcctbDgTWmrHWuuPUzt6KbNBNTHuBJOApSJu5ZUFSTwtomRkw9YYuu/T /jGLeciqBFVFZEzgK65nbhaCXQtTEde2rS2CGFpBxOSyDlNLBb7Tc2aVbzX1T9OJ EBsF9N9/5kTJPlqS27zXM33KQ8iYAlbdMAE3qWpITYk2zdzzPT3evlRxjxQ/u8Tj DLjsElWpAFo5H3dlx5gyjqstJgSURKgJ2wZztHey9ZWVc3zkucnA21Tr5DFy53PS n4B1gq4l8HRDvv+6QGLs9PaJNV+2+AeL+zA2bQlUFhlxjMbJN5hTLEWc3hKoKrsv 4zy4GlNs6ns3HcGCr4q6ouqlQukrVhifo44mgIOIy2+kdmVI0H1vgmOL3I8RBV0T P7AzX2DXDsfgvEU8mICCRblleHrXcgCDUJN4lKq/9j1+//GcGCG4emWG9UucyF28 S5YdG2+O3R6StGISC7i1GiAIB6UWk9oIulesAKk8rST4RvEgPVoiw09UxFzvnAQu +BEEVXpn0NtcLjetH5PmOwsTIBV7jWfA64c/1JTUdT2a7v/QBbQIYlleCOgujrD/ lfTpG8XZ7CxnKjbV1smV9gfRl4Re63i8IVE8Lv1eZuO/aQJmkaQGMMJmGPP9F7QZ VP2nqZzi06KmBA== =YAgc -----END PGP SIGNATURE-----
--- End Message ---
