Your message dated Sun, 06 Sep 2020 13:18:53 +0000
with message-id <[email protected]>
and subject line Bug#968875: fixed in rss2email 1:3.12.2-1
has caused the Debian Bug report #968875,
regarding rss2email forges envelope sender
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
968875: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968875
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: rss2email
Version: 1:3.12.1-1
Severity: serious
Tags: upstream
Today I learned that rss2email copies the email addresses from feed
entries into both the From field and the envelope sender of messages.
This is not acceptable behaviour in an email generator. The envelope
sender *must* be sent to an address that the user configures, where
*they* can receive bounce messages.
The current behaviour results in bounces being sent to the authors of
feed entries, which is what just happened to me. It can also result
in messages being dropped if the forgery is detected by MTAs that
check SPF.
Ben.
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500,
'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.7.0-1-amd64 (SMP w/2 CPU threads)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages rss2email depends on:
ii python3 3.8.2-3
ii python3-feedparser 5.2.1-2
pn python3-html2text <none>
Versions of packages rss2email recommends:
ii python3-bs4 4.9.1-1
Versions of packages rss2email suggests:
pn esmtp <none>
--
Ben Hutchings
When in doubt, use brute force. - Ken Thompson
signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
Source: rss2email
Source-Version: 1:3.12.2-1
Done: gustavo panizzo <[email protected]>
We believe that the bug you reported is fixed in the latest version of
rss2email, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
gustavo panizzo <[email protected]> (supplier of updated rss2email package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 06 Sep 2020 12:53:07 +0000
Source: rss2email
Architecture: source
Version: 1:3.12.2-1
Distribution: unstable
Urgency: medium
Maintainer: Python Applications Packaging Team
<[email protected]>
Changed-By: gustavo panizzo <[email protected]>
Closes: 967975 968875
Changes:
rss2email (1:3.12.2-1) unstable; urgency=medium
.
* [b9a616] New upstream version 3.12.2 (Closes: #967975)
* [b8290f] Add upstream patch
Always use the 'from' setting for smtp and sendmail envelope.
(Closes: #968875)
Checksums-Sha1:
f8c431f9f7133608cd84de008052726bf928fd2d 1480 rss2email_3.12.2-1.dsc
6ae220a6b309a52184e81b5bc37cb4c79ec0c172 74096 rss2email_3.12.2.orig.tar.gz
d85d70114337fa729dd476f77f8da36ef836c7bb 10196 rss2email_3.12.2-1.debian.tar.xz
9695b9a02340be7ac8c6e13ddf06ab81f7409deb 5440
rss2email_3.12.2-1_amd64.buildinfo
Checksums-Sha256:
bf6f01140f7d4f08716ccefdc7b85a789f868ccf0cdcaa8225bc6bc4a2b5b210 1480
rss2email_3.12.2-1.dsc
b9a1523e6709eaa701c348090d36c9c010b62d8448f0f4c5e16dfaaa8f19783a 74096
rss2email_3.12.2.orig.tar.gz
06b5b66aa3f30aecec8c934af3f6538d01236a000a050ee45806a3bb546372b0 10196
rss2email_3.12.2-1.debian.tar.xz
8c76db5ab8a37065ccf4e57e912b34b093ee97ed00488d871e9a98ab5f8f33c0 5440
rss2email_3.12.2-1_amd64.buildinfo
Files:
537a31fa6055df7ddbf4f913e896d9d4 1480 mail optional rss2email_3.12.2-1.dsc
9975f0c0f637daaa025d09ae54c33a8c 74096 mail optional
rss2email_3.12.2.orig.tar.gz
4b06eefb5d260eb124bc0591e5d782c8 10196 mail optional
rss2email_3.12.2-1.debian.tar.xz
d3f450b68e318f517bdf71dca3e4b371 5440 mail optional
rss2email_3.12.2-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iIcEARYIAC8WIQTkGI+jpc9SWQ7CddoQSYArGj12RgUCX1TeEBEcZ2ZhQHp1bWJp
LmNvbS5hcgAKCRAQSYArGj12Rp1TAP4hURRlp+p8pfLqsZpAtaNeJZoV0dBSKrIu
hAYQijk8hgD9HjAfUxuQSSDN5QxI1xufM2xUgDDfjVr4tVhM0QDsMAs=
=pAV7
-----END PGP SIGNATURE-----
--- End Message ---
