Your message dated Tue, 26 Jun 2007 04:47:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#428157: fixed in mail-notification 4.0.dfsg.1-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: mail-notification
Tags: security
It's been reported that when you disable SSL at build-time, the user
is not told that connections are unencrypted:
| Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses
| unencrypted connections for accounts configured with SSL/TLS, which
| allows remote attackers to obtain sensitive information by sniffing
| the network.
<http://idssi.enyo.de/tracker/redirect/CVE-2007-3209>
--- End Message ---
--- Begin Message ---
Source: mail-notification
Source-Version: 4.0.dfsg.1-2
We believe that the bug you reported is fixed in the latest version of
mail-notification, which is due to be installed in the Debian FTP archive:
mail-notification-evolution_4.0.dfsg.1-2_amd64.deb
to
pool/main/m/mail-notification/mail-notification-evolution_4.0.dfsg.1-2_amd64.deb
mail-notification_4.0.dfsg.1-2.diff.gz
to pool/main/m/mail-notification/mail-notification_4.0.dfsg.1-2.diff.gz
mail-notification_4.0.dfsg.1-2.dsc
to pool/main/m/mail-notification/mail-notification_4.0.dfsg.1-2.dsc
mail-notification_4.0.dfsg.1-2_amd64.deb
to pool/main/m/mail-notification/mail-notification_4.0.dfsg.1-2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Pascal Giard <[EMAIL PROTECTED]> (supplier of updated mail-notification package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 26 Jun 2007 00:18:05 -0400
Source: mail-notification
Binary: mail-notification mail-notification-evolution
Architecture: source amd64
Version: 4.0.dfsg.1-2
Distribution: unstable
Urgency: low
Maintainer: Pascal Giard <[EMAIL PROTECTED]>
Changed-By: Pascal Giard <[EMAIL PROTECTED]>
Description:
mail-notification - mail notification in system tray
mail-notification-evolution - evolution support for mail notification
Closes: 427888 428157 429200
Changes:
mail-notification (4.0.dfsg.1-2) unstable; urgency=low
.
* [debian/control]:
- Added missing dependency on notification-daemon (closes: #427888).
* [debian/patches/06-mail-notif-ssl.diff]:
- Added patch preventing mail-notification from sending passwords in
cleartext when SSL
is unavailable (closes: #428157, #429200). Thanks to Ted Percival
<[EMAIL PROTECTED]>.
Files:
cdc6ad22644d28244f2a6dcb42e547a9 961 gnome optional
mail-notification_4.0.dfsg.1-2.dsc
6f1ede6fca743c0668f2f245f468ef9d 13538 gnome optional
mail-notification_4.0.dfsg.1-2.diff.gz
282beb8101c5936b029cb6467c357319 372586 gnome optional
mail-notification_4.0.dfsg.1-2_amd64.deb
8ecfc11063899aabe19f96fe94c0300d 30088 gnome optional
mail-notification-evolution_4.0.dfsg.1-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGgJZv1Lfd97FsypURAshEAKC6DGwsGuE4D45m07AkvIjnFCqS5ACfXxqm
+vLTvY++RQGHuvHu2Xhn+to=
=KoXw
-----END PGP SIGNATURE-----
--- End Message ---
