Your message dated Sat, 15 Sep 2007 00:17:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#441854: fixed in sylpheed-claws 1.0.5-5.2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: sylpheed-claws
Version: 1.0.5-5.1
Severity: normal
Tags: security
Hi,
a CVE had been issued against this package:
CVE-2007-2958[0]:
Format string vulnerability in the inc_put_error function in src/inc.c in
Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows
remote POP3 servers to execute arbitrary code via format string specifiers in
crafted replies.
If you fix this issue include the CVE id into the changelog.
The sylpheed package is not affected for unstable and testing. (2.4.5 fixes it).
A patch can be found on:
http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153
Since the attacker will need to modify a pop3 server which then is used by
the victim this issue is not really critical.
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2958
Cheers
Nico
--
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp5nHnvjm5vm.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: sylpheed-claws
Source-Version: 1.0.5-5.2
We believe that the bug you reported is fixed in the latest version of
sylpheed-claws, which is due to be installed in the Debian FTP archive:
libsylpheed-claws-dev_1.0.5-5.2_i386.deb
to pool/main/s/sylpheed-claws/libsylpheed-claws-dev_1.0.5-5.2_i386.deb
sylpheed-claws-clamav_1.0.5-5.2_i386.deb
to pool/main/s/sylpheed-claws/sylpheed-claws-clamav_1.0.5-5.2_i386.deb
sylpheed-claws-dillo-viewer_1.0.5-5.2_i386.deb
to pool/main/s/sylpheed-claws/sylpheed-claws-dillo-viewer_1.0.5-5.2_i386.deb
sylpheed-claws-i18n_1.0.5-5.2_all.deb
to pool/main/s/sylpheed-claws/sylpheed-claws-i18n_1.0.5-5.2_all.deb
sylpheed-claws-image-viewer_1.0.5-5.2_i386.deb
to pool/main/s/sylpheed-claws/sylpheed-claws-image-viewer_1.0.5-5.2_i386.deb
sylpheed-claws-pgpmime_1.0.5-5.2_i386.deb
to pool/main/s/sylpheed-claws/sylpheed-claws-pgpmime_1.0.5-5.2_i386.deb
sylpheed-claws-plugins_1.0.5-5.2_all.deb
to pool/main/s/sylpheed-claws/sylpheed-claws-plugins_1.0.5-5.2_all.deb
sylpheed-claws-scripts_1.0.5-5.2_all.deb
to pool/main/s/sylpheed-claws/sylpheed-claws-scripts_1.0.5-5.2_all.deb
sylpheed-claws-spamassassin_1.0.5-5.2_i386.deb
to pool/main/s/sylpheed-claws/sylpheed-claws-spamassassin_1.0.5-5.2_i386.deb
sylpheed-claws-trayicon_1.0.5-5.2_i386.deb
to pool/main/s/sylpheed-claws/sylpheed-claws-trayicon_1.0.5-5.2_i386.deb
sylpheed-claws_1.0.5-5.2.diff.gz
to pool/main/s/sylpheed-claws/sylpheed-claws_1.0.5-5.2.diff.gz
sylpheed-claws_1.0.5-5.2.dsc
to pool/main/s/sylpheed-claws/sylpheed-claws_1.0.5-5.2.dsc
sylpheed-claws_1.0.5-5.2_i386.deb
to pool/main/s/sylpheed-claws/sylpheed-claws_1.0.5-5.2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated sylpheed-claws package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 15 Sep 2007 01:51:29 +0200
Source: sylpheed-claws
Binary: sylpheed-claws sylpheed-claws-trayicon sylpheed-claws-pgpmime
sylpheed-claws-scripts libsylpheed-claws-dev sylpheed-claws-clamav
sylpheed-claws-dillo-viewer sylpheed-claws-plugins sylpheed-claws-i18n
sylpheed-claws-spamassassin sylpheed-claws-image-viewer
Architecture: source i386 all
Version: 1.0.5-5.2
Distribution: unstable
Urgency: high
Maintainer: Ricardo Mones <[EMAIL PROTECTED]>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description:
libsylpheed-claws-dev - Development files to build plugins for Sylpheed-Claws
sylpheed-claws - Extended version of the Sylpheed mail client
sylpheed-claws-clamav - Clam AntiVirus plugin for Sylpheed Claws
sylpheed-claws-dillo-viewer - HTML viewer plugin for Sylpheed Claws using Dillo
sylpheed-claws-i18n - Locale data for Sylpheed Claws (i18n support)
sylpheed-claws-image-viewer - Image viewer plugin for Sylpheed Claws
sylpheed-claws-pgpmime - PGP/MIME plugin for Sylpheed Claws
sylpheed-claws-plugins - Various plugins for the Sylpheed Claws mail client
sylpheed-claws-scripts - Helper scripts for Sylpheed and Sylpheed Claws
sylpheed-claws-spamassassin - SpamAssassin plugin for Sylpheed Claws
sylpheed-claws-trayicon - Notification area plugin for Sylpheed Claws
Closes: 441854
Changes:
sylpheed-claws (1.0.5-5.2) unstable; urgency=high
.
* Non-maintainer upload by testing security team.
* Fix format string vulnerability in inc_put_error
function (CVE-2007-2958) (Closes: #441854).
Files:
7e56badd63012314c8fe35ed46c77f88 1256 mail optional
sylpheed-claws_1.0.5-5.2.dsc
0c1db972c634a2abaa6c9df11766de1d 94988 mail optional
sylpheed-claws_1.0.5-5.2.diff.gz
07b843e9c9816f436d33813b5cfb9a83 108808 mail optional
sylpheed-claws-plugins_1.0.5-5.2_all.deb
25d7364f72e0d167943a16ee9941b865 168566 mail optional
sylpheed-claws-scripts_1.0.5-5.2_all.deb
ba078f6bc2396a0bc454db21ac69e6dc 1191334 mail optional
sylpheed-claws-i18n_1.0.5-5.2_all.deb
9f25390fafc3b2d1429a632044bc0c3b 937058 mail optional
sylpheed-claws_1.0.5-5.2_i386.deb
11b891a1c5806142afde46681dc5dde4 198456 devel optional
libsylpheed-claws-dev_1.0.5-5.2_i386.deb
9ed1c5f7f5ef92e4591675052d27079c 118146 mail optional
sylpheed-claws-clamav_1.0.5-5.2_i386.deb
b74aa04f4f8ba16a374d1cf53c733b35 115118 mail optional
sylpheed-claws-dillo-viewer_1.0.5-5.2_i386.deb
b21edb511e15e2d7ec17325fd35ab832 116094 mail optional
sylpheed-claws-image-viewer_1.0.5-5.2_i386.deb
10c1538da443e61d380d966883e247d0 127154 mail optional
sylpheed-claws-spamassassin_1.0.5-5.2_i386.deb
e921ab7b4c16ce414c551366dfc3b450 122226 mail optional
sylpheed-claws-trayicon_1.0.5-5.2_i386.deb
9674f6e8d5dd7b0096051209134a1c11 130196 mail optional
sylpheed-claws-pgpmime_1.0.5-5.2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFG6yGLHYflSXNkfP8RAnGjAJ4gwM71vsCsLO+0SG1RAfWb4zYjdQCcDWxX
yPxSFLUXOKzQ5z/AmzKFVXY=
=nJAI
-----END PGP SIGNATURE-----
--- End Message ---