Your message dated Wed, 25 Sep 2019 15:43:30 +0000
with message-id <[email protected]>
and subject line Bug#939702: fixed in imapfilter 1:2.6.13-1
has caused the Debian Bug report #939702,
regarding imapfilter: CVE-2016-10937: does not validate hostname
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
939702: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939702
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: imapfilter
Version: 1:2.6.12-1
Severity: grave
Tags: security upstream
Justification: user security hole
Dear maintainer,
imapfilter does not validate the hostname while validating the
certificate, as explained in the upstream issue:
https://github.com/lefcha/imapfilter/issues/142
-- System Information:
Debian Release: 10.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable'), (90, 'testing'), (80,
'stable'), (70, 'testing'), (60, 'unstable'), (50, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages imapfilter depends on:
ii libc6 2.28-10
ii liblua5.2-0 5.2.4-1.1+b2
ii libpcre3 2:8.39-12
ii libssl1.1 1.1.1c-1
imapfilter recommends no packages.
imapfilter suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: imapfilter
Source-Version: 1:2.6.13-1
We believe that the bug you reported is fixed in the latest version of
imapfilter, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sylvestre Ledru <[email protected]> (supplier of updated imapfilter package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 25 Sep 2019 16:10:51 +0200
Source: imapfilter
Architecture: source
Version: 1:2.6.13-1
Distribution: unstable
Urgency: medium
Maintainer: Francesco Paolo Lovergine <[email protected]>
Changed-By: Sylvestre Ledru <[email protected]>
Closes: 939702
Changes:
imapfilter (1:2.6.13-1) unstable; urgency=medium
.
* New upstream release
- Validates the hostname (Closes: #939702)
Checksums-Sha1:
286821cde8cf2d080be8296bdf5b6a8f2f2f593f 1948 imapfilter_2.6.13-1.dsc
94fed16e7902d3eb8d58194e964a7b5742f9e11d 59467 imapfilter_2.6.13.orig.tar.gz
d24defbbbd71ea5943f675d38f8148a6f68f6e63 5384 imapfilter_2.6.13-1.debian.tar.xz
34ee504c315e4b418387058ea77394463c631f56 6017
imapfilter_2.6.13-1_amd64.buildinfo
Checksums-Sha256:
1b0885268245947ca5bc85a32c293cd02f634bfd073259d0393f6808dc08bb8c 1948
imapfilter_2.6.13-1.dsc
8ad94b94ddd47bd051ec875a3ba347bf3427f98ca4b63d60f38ea3a704c8afb2 59467
imapfilter_2.6.13.orig.tar.gz
1287875fb904d964b452e8a3a9e7a06e09f750b043a2738a3325975e0bcc65d6 5384
imapfilter_2.6.13-1.debian.tar.xz
ac6c4184cf643778c89d0b77c7db01aaebc6f3801bc02abda832bc3a83fb8b75 6017
imapfilter_2.6.13-1_amd64.buildinfo
Files:
a29bff9ac31efef4bc1b3271723d3d12 1948 mail optional imapfilter_2.6.13-1.dsc
6398609530556a4e52a0bae0d438a833 59467 mail optional
imapfilter_2.6.13.orig.tar.gz
2ab3fcc00aa5b27891f3f0a8f5e6a8ac 5384 mail optional
imapfilter_2.6.13-1.debian.tar.xz
197c142788bb2ade2aca9c5f499ffe72 6017 mail optional
imapfilter_2.6.13-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEtg21mU05vsTRqVzPfmUo2nUvG+EFAl2LfdkACgkQfmUo2nUv
G+Gf0w/7BkKkPx0EfnsBaORm2qGCabznOCWZNQJZkpdhXnLGy1pHjt3OoDw9aEBM
AfYAm9jRL8KQ/BqnkbsV1kPohO84GIXMVdHw/DxxnO6/KMMiutF3hGRk8guarkr1
r3LSxVuzWc+ycfFxfWehNxu/EV4umTtL2Qq+ve4Q4tj4LG+ipXgxxyn6SokmiPoa
WFLB2bwywVaQI3lv5Xv5NqV17YMZC2waVogeUOY2AjwTl0GeDKPUUEN+PajDFNvB
Ew1tQik59AwcG1KwDioR9+0sIxpO7p7Rsr1NHCXCp1UzTC9ikFHVWyLcwD4mMqtf
uUdN41GUBMvVrN7HDszbWCzYmozWX0uOq29JFF2qLzpcl7EfORvyYI9AuPZkhSaO
8fXqka0aR10CqihR92N9Fl9TK69Wqbdrtac8JdmLPgIA8BhCSpx464BV8MuhuEOr
Da+hS8yYkkhtCCKGnGhDLlhkndMHN7SUgNZSPDOUkQJAI5Al/j7q5v/R51K8+SSZ
WLW+5mSQdTlOyKHdoM22IS8bB4qwXd9qAUcGxpOBMhm/pZxGfI22n4BWNmQ3DxUD
SDLjYfVxMAvB/JBHWBo2cQq2qU/xHP7hoYVS/C4kzhNetkTnECQX9vcBbbI0ZGjZ
d/Yfz5qi4r9ACVJZ5jpEANhGTJwAinWY2oDzyWG8ZPjPNFDbM9Y=
=28UH
-----END PGP SIGNATURE-----
--- End Message ---
