Your message dated Sun, 10 May 2015 17:17:06 +0000
with message-id <[email protected]>
and subject line Bug#784721: fixed in mew 1:6.6-2+deb8u1
has caused the Debian Bug report #784721,
regarding mew: incorrect keys in encryption
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
784721: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784721
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: mew
Version: 1:6.6-2
Severity: important
Tags: jessie security
It was discovered that Mew, a mail reader supporting PGP/MIME for
Emacs, did not properly implement recipients matching to encrypt
mails. This may allow unrelated person may decrypt the mails.
cf.
- https://github.com/kazu-yamamoto/Mew/issues/77
From: Tatsuya Kinoshita
> When the following keys are imported,
>
> - 1024D/97AA33D6 Dima Barsky <[email protected]>
> - 1024D/1A944AD7 Martin Albert <[email protected]>
>
> I write a mail with To: [email protected], and encrypt it,
> then it is encrypted with Dima's key instead of Martin's key.
Fixed in
https://github.com/kazu-yamamoto/Mew/commit/5fa1fbd130f90b8afbeef66e256eead031f17e27
The security team suggested that is rather a candidate for a fix in
a point update instead of a Debian Security Advisory.
Thanks,
--
Tatsuya Kinoshita
pgpiK1aFTJFKZ.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: mew
Source-Version: 1:6.6-2+deb8u1
We believe that the bug you reported is fixed in the latest version of
mew, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tatsuya Kinoshita <[email protected]> (supplier of updated mew package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 08 May 2015 11:16:31 +0900
Source: mew
Binary: mew mew-bin
Architecture: source all amd64
Version: 1:6.6-2+deb8u1
Distribution: jessie
Urgency: medium
Maintainer: Tatsuya Kinoshita <[email protected]>
Changed-By: Tatsuya Kinoshita <[email protected]>
Description:
mew - mail reader supporting PGP/MIME for Emacs
mew-bin - external commands for Mew
Closes: 784721
Changes:
mew (1:6.6-2+deb8u1) jessie; urgency=medium
.
* New patch 060_encrypt.patch to fix incorrect keys in encryption
(closes: #784721)
Checksums-Sha1:
129cfd223e9755ded26b2d659d4ceb3d14738d47 1852 mew_6.6-2+deb8u1.dsc
ab29ba9f24802befe96fe676a19ed999787664bd 49868 mew_6.6-2+deb8u1.debian.tar.xz
f3c338082c3f2e6b5b5262ced2f06ae9c7be9e1e 677786 mew_6.6-2+deb8u1_all.deb
c39cb94aa5182bba26e69d3e74242e7a4521cc96 58436 mew-bin_6.6-2+deb8u1_amd64.deb
Checksums-Sha256:
35e3e3cc7ea8481064f8243d6712c035662313c5363b092a7433d6d1ff16a7b7 1852
mew_6.6-2+deb8u1.dsc
4857b3aca2e8b28ecb5ca0fa84459ff210a9339fbe6a4e96016023b65b8a5489 49868
mew_6.6-2+deb8u1.debian.tar.xz
9aa27088a673a58f6ad42a702d68912012c66b5b84db3b28e37d27be0bd1315d 677786
mew_6.6-2+deb8u1_all.deb
ea90ac227a6abbe89da4c0d706f9ac2978b145f673c84ccd8e3d819f8284e93e 58436
mew-bin_6.6-2+deb8u1_amd64.deb
Files:
dc6ff52f7dc0cf27f26bfbbf46132699 1852 mail optional mew_6.6-2+deb8u1.dsc
fd61fbf05a5f26f00caa2f74e27f7540 49868 mail optional
mew_6.6-2+deb8u1.debian.tar.xz
d0ac79c19b2d3e881dc1c08d42ec8efa 677786 lisp optional mew_6.6-2+deb8u1_all.deb
bc4a5db323989aa3a5cefdfb6100494f 58436 mail optional
mew-bin_6.6-2+deb8u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJVTCAcAAoJEOXvq5AIDqY8dd0P/14p4c0pn1HYbPON2CGI/CdV
o26e89qcdrzMWuKAFKEs68DjM6fMcnwwFATbK6bYAg1NskUd/Dt9IotshvL0yXzg
t0iWhY2UxgqioCDmPkxe++t0DDqi6djKSOJqwGJhu1W9omimsaqyyeiaDJXLVC9L
RVmq44El2PGjWrgxaC/jVjr1mQtN9f1TVCuvsEC22dbhqNQDo5PQsgzc+S+OW5Jd
7dzETrX06xYHDyDdfDIk4DhN8lc671cl6262gLvP+zTZ7uETBwF5KC0RoZTM4q/k
QXFNE7nyA7cxjHE5JA2tTtxa6cOgnScAz6D2TPM0wLZoA/gM8U1HNEWZEV0kW8wg
TmDXV364syAKipzeFzqjLzAD95c8gMqCC136drLEG9POhkOIaSvtNp15gkn9UJh2
BsjZ9GpjbwiD9DN0ihIh5iNsZRj3sSiAB1AFQVsLeFeFTPiJ62N/VDsmXdrbE2kd
UQARb2u1BvKYm2IfV0zrjrPIhIzr9N+fNHrgYZSuatiO6bU3sOur9cRaENi4CO6u
0Cw5vF+IpCwn73QyhtGG6wD/fDWP42ZcLy2ISbDt0QTAlWu7iQ/TDr0VRjTaESrU
zsPjE1HHLq8zPT7la3kJiS+zsmrhy5FZF+MS3qWXCnWD53DB+xSCUz3SO/3jX9Gb
iRb1YWvfYE6FuKcoQa9K
=vxZv
-----END PGP SIGNATURE-----
--- End Message ---
