Your message dated Sun, 10 May 2015 17:17:06 +0000
with message-id <[email protected]>
and subject line Bug#784722: fixed in mew-beta 7.0.50~6.6+0.20140902-1+deb8u1
has caused the Debian Bug report #784722,
regarding mew-beta: incorrect keys in encryption
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
784722: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784722
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: mew-beta
Version: 7.0.50~6.6+0.20140902-1
Severity: important
Tags: jessie security
It was discovered that Mew, a mail reader supporting PGP/MIME for
Emacs, did not properly implement recipients matching to encrypt
mails. This may allow unrelated person may decrypt the mails.
cf.
- https://github.com/kazu-yamamoto/Mew/issues/77
From: Tatsuya Kinoshita
> When the following keys are imported,
>
> - 1024D/97AA33D6 Dima Barsky <[email protected]>
> - 1024D/1A944AD7 Martin Albert <[email protected]>
>
> I write a mail with To: [email protected], and encrypt it,
> then it is encrypted with Dima's key instead of Martin's key.
Fixed in
https://github.com/kazu-yamamoto/Mew/commit/5fa1fbd130f90b8afbeef66e256eead031f17e27
The security team suggested that is rather a candidate for a fix in
a point update instead of a Debian Security Advisory.
Thanks,
--
Tatsuya Kinoshita
pgp84HaMIeiii.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: mew-beta
Source-Version: 7.0.50~6.6+0.20140902-1+deb8u1
We believe that the bug you reported is fixed in the latest version of
mew-beta, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tatsuya Kinoshita <[email protected]> (supplier of updated mew-beta package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 08 May 2015 11:27:12 +0900
Source: mew-beta
Binary: mew-beta mew-beta-bin
Architecture: source all amd64
Version: 7.0.50~6.6+0.20140902-1+deb8u1
Distribution: jessie
Urgency: medium
Maintainer: Tatsuya Kinoshita <[email protected]>
Changed-By: Tatsuya Kinoshita <[email protected]>
Description:
mew-beta - mail reader supporting PGP/MIME for Emacs (development version)
mew-beta-bin - external commands for Mew (development version)
Closes: 784722
Changes:
mew-beta (7.0.50~6.6+0.20140902-1+deb8u1) jessie; urgency=medium
.
* New patch 060_encrypt.patch to fix incorrect keys in encryption
(closes: #784722)
Checksums-Sha1:
3e0637b2acddd4be15bcc93a0486d460680376f6 2035
mew-beta_7.0.50~6.6+0.20140902-1+deb8u1.dsc
c004b24e78b7648192313b4ca526251dfcb75047 52608
mew-beta_7.0.50~6.6+0.20140902-1+deb8u1.debian.tar.xz
618e68946f09111b6f9b84e8b6afd90d437cc9f8 681634
mew-beta_7.0.50~6.6+0.20140902-1+deb8u1_all.deb
d981a942427c9000a3b5e5c6c6a15a2afe34dcd6 59188
mew-beta-bin_7.0.50~6.6+0.20140902-1+deb8u1_amd64.deb
Checksums-Sha256:
130c7e697a9d927749ce99f984ea6e57b0eea9605c4516c73958560fcd284c11 2035
mew-beta_7.0.50~6.6+0.20140902-1+deb8u1.dsc
b68e0abae834b3c318a8dbf8e673acf300ece924b48a7179b2090f94da75b175 52608
mew-beta_7.0.50~6.6+0.20140902-1+deb8u1.debian.tar.xz
cbd34f6a974bb4405754eb000ff07cb904a5577befe0c34f0832d5e8b8dad89a 681634
mew-beta_7.0.50~6.6+0.20140902-1+deb8u1_all.deb
9afb3f95a7fea644cb223774436f46d897218010d1029627e1e8292bd436b167 59188
mew-beta-bin_7.0.50~6.6+0.20140902-1+deb8u1_amd64.deb
Files:
560dc2b7cf29db6f7e3b4612959f63f3 2035 mail extra
mew-beta_7.0.50~6.6+0.20140902-1+deb8u1.dsc
93e8dfc6f4a0dfcf072887d4cd222df2 52608 mail extra
mew-beta_7.0.50~6.6+0.20140902-1+deb8u1.debian.tar.xz
81d8404166dc7b158e78f965f3d9af4d 681634 lisp extra
mew-beta_7.0.50~6.6+0.20140902-1+deb8u1_all.deb
f472622435ef2797b4c6f803425ad4fa 59188 mail extra
mew-beta-bin_7.0.50~6.6+0.20140902-1+deb8u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJVTCAXAAoJEOXvq5AIDqY8uH4P/R6BCYO+rW2SfRui0xcCCstM
rqX7myDl3hpJDawxBGRYzHwKZ4b1bmYGC7q3QY7WIpk3hG7nN2OnkuMNH5INKgOS
H62qKrz6J0q19fz3OerBEuVlWL548WbnDza7pzq7OeSb0tNlJJVrFi0hnp+KNWTS
EwU56T3VPXHNTFqddJC35mNfFIR4ugxRcSp/Y/qGusZsXhqMOUUwCUdeEVJNo688
jAKUzc6Dpov9HvXgZrFRuVxaiw9WDqy8DTU5I4pmuB3OKBC1GjvKLM6owR3G9zAw
80mlnPvp5RPMUAoi+d6SHHnHs6NEXARgcqOc+IwFb2lorGD5VcUa6TN4pgk9e5pk
7CBb3nvK8jMXUvg1m6AgcDlVn/CNG4nGhfq06WbClpqVIKkUM31SlXRn94H42Za0
sjJwtKrbJdb2SGfBqmBsMTaeCoGlnDKOSe33Njd6+jcDoGP3VGn9PGzKbvIzGIL7
cnovb1Zr9DMcLqFcE7HgHi9hNfY4fqJaLkpEkuCZM7opZas7abQ3qDQNL/mxyZWw
I7Rq+3E6xWNf5MgbpIGikpXPo+SFKH6EBAJ3FIgtyynUttb9gDgbNrjyXYGckVYV
p2/3obZd849ofsC/ouF2omAjSgYR656BGQtBe0krTecqigAO/jhDe8O5qfwW6Z+4
SX0H4X4jkyPETQhxw4JS
=6hie
-----END PGP SIGNATURE-----
--- End Message ---
