Your message dated Wed, 21 Jul 2010 04:17:07 +0000
with message-id <[email protected]>
and subject line Bug#572960: fixed in libesmtp 1.0.4-5
has caused the Debian Bug report #572960,
regarding libesmtp does not check NULL bytes in commonNames of certificates
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
572960: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572960
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libesmtp
Severity: grave
Tags: security
Kees Cook reported this on the oss-security mailing list:
http://www.openwall.com/lists/oss-security/2010/03/03/6
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-2-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
--- End Message ---
--- Begin Message ---
Source: libesmtp
Source-Version: 1.0.4-5
We believe that the bug you reported is fixed in the latest version of
libesmtp, which is due to be installed in the Debian FTP archive:
libesmtp-dev_1.0.4-5_i386.deb
to main/libe/libesmtp/libesmtp-dev_1.0.4-5_i386.deb
libesmtp5_1.0.4-5_i386.deb
to main/libe/libesmtp/libesmtp5_1.0.4-5_i386.deb
libesmtp_1.0.4-5.diff.gz
to main/libe/libesmtp/libesmtp_1.0.4-5.diff.gz
libesmtp_1.0.4-5.dsc
to main/libe/libesmtp/libesmtp_1.0.4-5.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jeremy T. Bouse <[email protected]> (supplier of updated libesmtp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 21 Jul 2010 00:00:47 -0400
Source: libesmtp
Binary: libesmtp5 libesmtp-dev
Architecture: source i386
Version: 1.0.4-5
Distribution: unstable
Urgency: low
Maintainer: Jeremy T. Bouse <[email protected]>
Changed-By: Jeremy T. Bouse <[email protected]>
Description:
libesmtp-dev - LibESMTP SMTP client library development files
libesmtp5 - LibESMTP SMTP client library
Closes: 572960
Changes:
libesmtp (1.0.4-5) unstable; urgency=low
.
* debian/control: Updated Standards-Version to 3.9.0
* Fixes for CVE-2010-1192 handling NULL bytes (Closes: #572960) -
thanks to Jan Lieskovsky
Checksums-Sha1:
c05d78867d45011ac55f51a9c6596d8cf8a0b912 1214 libesmtp_1.0.4-5.dsc
c88e3977cabe90e7b954a000bb73d5f7ec817b7b 9039 libesmtp_1.0.4-5.diff.gz
ac8595f398f65bfd259e2288780cf6741314ecff 55730 libesmtp5_1.0.4-5_i386.deb
45402e306c7690c4823356ed0a750203395d17f6 55690 libesmtp-dev_1.0.4-5_i386.deb
Checksums-Sha256:
15765108a5cb355d7f984c5ffa63148cbf4ff53e5bdf0c5c338ab0614910cb2d 1214
libesmtp_1.0.4-5.dsc
48cf4125a396102d8c3c10e9591376a68f3a446b1c15b84403b37265949fba53 9039
libesmtp_1.0.4-5.diff.gz
11c14f4ba64b182232a1db72bb930cc5e9e71417890d917b7d8df132e233b949 55730
libesmtp5_1.0.4-5_i386.deb
18f6e36e6d9bf685d26992cd14d0fb3c82ab542b594b524220a0d2553ab4b982 55690
libesmtp-dev_1.0.4-5_i386.deb
Files:
99ba990448f47493bff28ab47e8d63ff 1214 libs optional libesmtp_1.0.4-5.dsc
c070f91890cc6df0aa18dc2268ecddb3 9039 libs optional libesmtp_1.0.4-5.diff.gz
e1c96530362294757aea613127828230 55730 libs optional libesmtp5_1.0.4-5_i386.deb
ce402e8c48e69e91fd456e2801a9fdcc 55690 libdevel optional
libesmtp-dev_1.0.4-5_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iF4EAREIAAYFAkxGc7oACgkQ8C9U2GaKnteBAQEAp1CR8JfrCY5PoMPVUvNV+b0y
RFvtqDix79uuWQ1ybGsBAMftpHYTLH1RDr/DnwuFEWvaWRKR/Aqno82rN61+3EZy
=XqBv
-----END PGP SIGNATURE-----
--- End Message ---
