Your message dated Sat, 15 Sep 2007 00:17:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#441854: fixed in sylpheed-claws 1.0.5-5.2
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: sylpheed-claws
Version: 1.0.5-5.1
Severity: normal
Tags: security

Hi,
a CVE had been issued against this package:
CVE-2007-2958[0]:
Format string vulnerability in the inc_put_error function in src/inc.c in
Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows
remote POP3 servers to execute arbitrary code via format string specifiers in
crafted replies.

If you fix this issue include the CVE id into the changelog.

The sylpheed package is not affected for unstable and testing. (2.4.5 fixes it).
A patch can be found on:
http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153

Since the attacker will need to modify a pop3 server which then is used by
the victim this issue is not really critical.

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2958

Cheers
Nico

-- 
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgp5nHnvjm5vm.pgp
Description: PGP signature


--- End Message ---
--- Begin Message ---
Source: sylpheed-claws
Source-Version: 1.0.5-5.2

We believe that the bug you reported is fixed in the latest version of
sylpheed-claws, which is due to be installed in the Debian FTP archive:

libsylpheed-claws-dev_1.0.5-5.2_i386.deb
  to pool/main/s/sylpheed-claws/libsylpheed-claws-dev_1.0.5-5.2_i386.deb
sylpheed-claws-clamav_1.0.5-5.2_i386.deb
  to pool/main/s/sylpheed-claws/sylpheed-claws-clamav_1.0.5-5.2_i386.deb
sylpheed-claws-dillo-viewer_1.0.5-5.2_i386.deb
  to pool/main/s/sylpheed-claws/sylpheed-claws-dillo-viewer_1.0.5-5.2_i386.deb
sylpheed-claws-i18n_1.0.5-5.2_all.deb
  to pool/main/s/sylpheed-claws/sylpheed-claws-i18n_1.0.5-5.2_all.deb
sylpheed-claws-image-viewer_1.0.5-5.2_i386.deb
  to pool/main/s/sylpheed-claws/sylpheed-claws-image-viewer_1.0.5-5.2_i386.deb
sylpheed-claws-pgpmime_1.0.5-5.2_i386.deb
  to pool/main/s/sylpheed-claws/sylpheed-claws-pgpmime_1.0.5-5.2_i386.deb
sylpheed-claws-plugins_1.0.5-5.2_all.deb
  to pool/main/s/sylpheed-claws/sylpheed-claws-plugins_1.0.5-5.2_all.deb
sylpheed-claws-scripts_1.0.5-5.2_all.deb
  to pool/main/s/sylpheed-claws/sylpheed-claws-scripts_1.0.5-5.2_all.deb
sylpheed-claws-spamassassin_1.0.5-5.2_i386.deb
  to pool/main/s/sylpheed-claws/sylpheed-claws-spamassassin_1.0.5-5.2_i386.deb
sylpheed-claws-trayicon_1.0.5-5.2_i386.deb
  to pool/main/s/sylpheed-claws/sylpheed-claws-trayicon_1.0.5-5.2_i386.deb
sylpheed-claws_1.0.5-5.2.diff.gz
  to pool/main/s/sylpheed-claws/sylpheed-claws_1.0.5-5.2.diff.gz
sylpheed-claws_1.0.5-5.2.dsc
  to pool/main/s/sylpheed-claws/sylpheed-claws_1.0.5-5.2.dsc
sylpheed-claws_1.0.5-5.2_i386.deb
  to pool/main/s/sylpheed-claws/sylpheed-claws_1.0.5-5.2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated sylpheed-claws package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 15 Sep 2007 01:51:29 +0200
Source: sylpheed-claws
Binary: sylpheed-claws sylpheed-claws-trayicon sylpheed-claws-pgpmime 
sylpheed-claws-scripts libsylpheed-claws-dev sylpheed-claws-clamav 
sylpheed-claws-dillo-viewer sylpheed-claws-plugins sylpheed-claws-i18n 
sylpheed-claws-spamassassin sylpheed-claws-image-viewer
Architecture: source i386 all
Version: 1.0.5-5.2
Distribution: unstable
Urgency: high
Maintainer: Ricardo Mones <[EMAIL PROTECTED]>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description: 
 libsylpheed-claws-dev - Development files to build plugins for Sylpheed-Claws
 sylpheed-claws - Extended version of the Sylpheed mail client
 sylpheed-claws-clamav - Clam AntiVirus plugin for Sylpheed Claws
 sylpheed-claws-dillo-viewer - HTML viewer plugin for Sylpheed Claws using Dillo
 sylpheed-claws-i18n - Locale data for Sylpheed Claws (i18n support)
 sylpheed-claws-image-viewer - Image viewer plugin for Sylpheed Claws
 sylpheed-claws-pgpmime - PGP/MIME plugin for Sylpheed Claws
 sylpheed-claws-plugins - Various plugins for the Sylpheed Claws mail client
 sylpheed-claws-scripts - Helper scripts for Sylpheed and Sylpheed Claws
 sylpheed-claws-spamassassin - SpamAssassin plugin for Sylpheed Claws
 sylpheed-claws-trayicon - Notification area plugin for Sylpheed Claws
Closes: 441854
Changes: 
 sylpheed-claws (1.0.5-5.2) unstable; urgency=high
 .
   * Non-maintainer upload by testing security team.
   * Fix format string vulnerability in inc_put_error
     function (CVE-2007-2958) (Closes: #441854).
Files: 
 7e56badd63012314c8fe35ed46c77f88 1256 mail optional 
sylpheed-claws_1.0.5-5.2.dsc
 0c1db972c634a2abaa6c9df11766de1d 94988 mail optional 
sylpheed-claws_1.0.5-5.2.diff.gz
 07b843e9c9816f436d33813b5cfb9a83 108808 mail optional 
sylpheed-claws-plugins_1.0.5-5.2_all.deb
 25d7364f72e0d167943a16ee9941b865 168566 mail optional 
sylpheed-claws-scripts_1.0.5-5.2_all.deb
 ba078f6bc2396a0bc454db21ac69e6dc 1191334 mail optional 
sylpheed-claws-i18n_1.0.5-5.2_all.deb
 9f25390fafc3b2d1429a632044bc0c3b 937058 mail optional 
sylpheed-claws_1.0.5-5.2_i386.deb
 11b891a1c5806142afde46681dc5dde4 198456 devel optional 
libsylpheed-claws-dev_1.0.5-5.2_i386.deb
 9ed1c5f7f5ef92e4591675052d27079c 118146 mail optional 
sylpheed-claws-clamav_1.0.5-5.2_i386.deb
 b74aa04f4f8ba16a374d1cf53c733b35 115118 mail optional 
sylpheed-claws-dillo-viewer_1.0.5-5.2_i386.deb
 b21edb511e15e2d7ec17325fd35ab832 116094 mail optional 
sylpheed-claws-image-viewer_1.0.5-5.2_i386.deb
 10c1538da443e61d380d966883e247d0 127154 mail optional 
sylpheed-claws-spamassassin_1.0.5-5.2_i386.deb
 e921ab7b4c16ce414c551366dfc3b450 122226 mail optional 
sylpheed-claws-trayicon_1.0.5-5.2_i386.deb
 9674f6e8d5dd7b0096051209134a1c11 130196 mail optional 
sylpheed-claws-pgpmime_1.0.5-5.2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFG6yGLHYflSXNkfP8RAnGjAJ4gwM71vsCsLO+0SG1RAfWb4zYjdQCcDWxX
yPxSFLUXOKzQ5z/AmzKFVXY=
=nJAI
-----END PGP SIGNATURE-----



--- End Message ---

Reply via email to