Your message dated Sat, 03 Jan 2009 19:52:30 +0000
with message-id <[email protected]>
and subject line Bug#509487: fixed in muttprint 0.72d-8etch1
has caused the Debian Bug report #509487,
regarding CVE-2008-5368: insecure temp file handling
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
509487: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=509487
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: muttprint
Severity: normal
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for muttprint.
CVE-2008-5368[0]:
| muttprint in muttprint 0.72d allows local users to overwrite arbitrary
| files via a symlink attack on the /tmp/muttprint.log temporary file.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5368
http://security-tracker.debian.net/tracker/CVE-2008-5368
--- End Message ---
--- Begin Message ---
Source: muttprint
Source-Version: 0.72d-8etch1
We believe that the bug you reported is fixed in the latest version of
muttprint, which is due to be installed in the Debian FTP archive:
muttprint-manual_0.72d-8etch1_all.deb
to pool/main/m/muttprint/muttprint-manual_0.72d-8etch1_all.deb
muttprint_0.72d-8etch1.diff.gz
to pool/main/m/muttprint/muttprint_0.72d-8etch1.diff.gz
muttprint_0.72d-8etch1.dsc
to pool/main/m/muttprint/muttprint_0.72d-8etch1.dsc
muttprint_0.72d-8etch1_all.deb
to pool/main/m/muttprint/muttprint_0.72d-8etch1_all.deb
ospics_0.72d-8etch1_all.deb
to pool/main/m/muttprint/ospics_0.72d-8etch1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Rene Engelhard <[email protected]> (supplier of updated muttprint package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 26 Dec 2008 00:18:44 +0100
Source: muttprint
Binary: ospics muttprint muttprint-manual
Architecture: source all
Version: 0.72d-8etch1
Distribution: stable
Urgency: high
Maintainer: Rene Engelhard <[email protected]>
Changed-By: Rene Engelhard <[email protected]>
Description:
muttprint - Pretty printing of mails
muttprint-manual - Manual for muttprint
ospics - Some images of operating system logos/mascots
Closes: 509487
Changes:
muttprint (0.72d-8etch1) stable; urgency=high
.
* backport fix for 15_CVE 15_2008-5368 from upstrem (closes: #509487)
Files:
703f4e7631b067b432c6d2f6b7788211 655 mail optional muttprint_0.72d-8etch1.dsc
638584927acbcf6c1e15504fe366f2f1 218195 mail optional
muttprint_0.72d-8etch1.diff.gz
dd772c274edb657b5bfc1e07b4f9c89f 96924 mail optional
muttprint_0.72d-8etch1_all.deb
38181175f93d0dd702755037c06601a1 923558 doc optional
muttprint-manual_0.72d-8etch1_all.deb
a2bce038ff3e6cc490069aec56815b7a 238188 graphics optional
ospics_0.72d-8etch1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJVBtm+FmQsCSK63MRAqebAJ0VN4RYYN+8xo+TxEwvN2WNM7uBKwCbBCJN
o0K78cqcHiF4AQUOgRWfLkQ=
=6tRT
-----END PGP SIGNATURE-----
--- End Message ---
