Your message dated Mon, 29 Jul 2024 15:19:14 +0000
with message-id <[email protected]>
and subject line Bug#1075853: fixed in cyrus-imapd 3.10.0~rc2-1
has caused the Debian Bug report #1075853,
regarding Regression in fix for CVE-2024-34055 breaks murder clusters
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1075853: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1075853
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: cyrus-murder
Version: 3.6.1-4+deb12u2
Severity: grave
Tags: patch, fixed-upstream
The patch for CVE-2024-34055 breaks the implementation of the mupdate
protocol. This causes "ctl_mboxlist -m" to fail, which is by default
executed on the start of cyrus-imapd in a clustered setup. Therefore,
the current version of the cyrus-murder package is in an unusable state.
Non-clustered setups shouldn't be affected.
The cause and the fix (applied to recent versions only) are discussed
here https://github.com/cyrusimap/cyrus-imapd/issues/4932
The fixes have not (yet?) been backported to the 3.6 branch.
A more simple patch is given here:
https://github.com/cyrusimap/cyrus-imapd/pull/4937#issuecomment-2178372505
I've come to a similar approach as I was unaware of the Github issue
when encountering the problems and can confirm that the two-line-fix
also resolves the issue.
It is very likely that the regression also applies to the Bullseye package.
Regards
Matthias
--- End Message ---
--- Begin Message ---
Source: cyrus-imapd
Source-Version: 3.10.0~rc2-1
Done: Yadd <[email protected]>
We believe that the bug you reported is fixed in the latest version of
cyrus-imapd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <[email protected]> (supplier of updated cyrus-imapd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 29 Jul 2024 12:48:47 +0400
Source: cyrus-imapd
Architecture: source
Version: 3.10.0~rc2-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Cyrus Team <[email protected]>
Changed-By: Yadd <[email protected]>
Closes: 1075853
Changes:
cyrus-imapd (3.10.0~rc2-1) experimental; urgency=medium
.
* Import unstable changes
* Unfuzz patches
* New upstream release (Closes: #1075853, CVE-2024-34055)
Checksums-Sha1:
1d96abfcb1e27d981ca5d27c88ca0fad7951370b 5212 cyrus-imapd_3.10.0~rc2-1.dsc
09526ff3e8f4c32a20e5e235907adeb4240e6cfd 6405476
cyrus-imapd_3.10.0~rc2.orig.tar.xz
1712d245675dd4777105e24555e3108fb4324916 86852
cyrus-imapd_3.10.0~rc2-1.debian.tar.xz
Checksums-Sha256:
2e88352bd60d702189ae867027897d9c9401fe2e132b9240c5e56f8c1a55f580 5212
cyrus-imapd_3.10.0~rc2-1.dsc
51942b97fe04020dbefbf56fbe0d51a424ff96203dd1c3778c5a62036192a457 6405476
cyrus-imapd_3.10.0~rc2.orig.tar.xz
aa00909e1c466df8f6c63936705b05d0c8dbcfcfd52181830003ec5a68c1742f 86852
cyrus-imapd_3.10.0~rc2-1.debian.tar.xz
Files:
e1c5f2ffa3be221ad2116c50ef199d9d 5212 mail optional
cyrus-imapd_3.10.0~rc2-1.dsc
684f1acccc2bbcee6078d784066d808b 6405476 mail optional
cyrus-imapd_3.10.0~rc2.orig.tar.xz
df37ad8ec2ede4de9ef771506af5d8ee 86852 mail optional
cyrus-imapd_3.10.0~rc2-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmannQIACgkQ9tdMp8mZ
7ukTZA//RJMq7j3qjsdNMOAazcTqWhFqQAyoElHcbL/R8HaCiFbtyJP1cBgryHaS
rfHZ0dQrsicCdqI+8XL44l2cChQAEdAukbR0Tt3eisT/+q3kMn97IXk6loGGkvtN
Ut1stpe89iUMX2mMruD9Bey5WuR5ZTS6EpflgY8xCsAC5oWIjAUPgqhtyKgdQ1nl
6hOEy8xDmjdiO2b7KRr543lF0Dlu9DNy2GPLTd2vrFfAZQOdCorbiCuzjk6IH5FX
2896uZIAHz37YUurXVRPg5QdMmdSngrX5/jpVbTf4QL0Y7gxX+S1V5JkwdtOAXn0
QUXpCgWo5VlLHkssrG7hcVNLeBc9b8U8j9vG1nbify/x9h+PPradU+QkAC0+ZUhF
Qn++OLKVYhzIerCte3/jZYtTbJsbMbKHF/SjssOkfZaSLVSAWdmunlsPmrw7yx6u
QSYtrS+9fWSScRS4xXVi9n4IdapOCtPfvN+HqxcKY+Z3HseqCUPaZfkWRa2xc//b
+94CeCVOkSW4jvQ2P2+2pUhZWYBMx1h0GWmXxQrMJ/gQhVGhW/+0KypHTeVZOhvX
g0LYychUwUBxbhef7UlM0CyZXOvQMT/jyF/wmF5yB6Ulbh4sp7Mkiokt/ZiTPFnH
fU5VXXsIrq4SxgtqNgHbsCRRB98ulCEITnVINyid6ROYtTeuX8U=
=Zn28
-----END PGP SIGNATURE-----
pgplZYgjHWlf5.pgp
Description: PGP signature
--- End Message ---
