Your message dated Tue, 13 Jun 2006 16:02:39 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#372891: fixed in sylpheed-claws 1.0.5-3
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: sylpheed-claws
Severity: important
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
CVE-2006-2920: "Sylpheed-Claws before 2.2.2 allows remote attackers to
bypass the URI check functionality and makes it easier to conduct
phishing attacks via a URI that begins with a space character."
The FrSIRT notice incorrectly lists fixed files; you'll need at least
1.36.2.64 of src/common/utils.c [1] and 1.96.2.115 of src/textview.c
[2].
Please mention the CVE in your changelog. Versions in sarge and woody
appear vulnerable.
Thanks,
Alec
[1]
http://cvs.sunsite.dk/viewcvs.cgi/sylpheedclaws/sylpheed-claws/src/common/utils.c.diff?r1=1.36.2.63&r2=1.36.2.64&only_with_tag=gtk2
[2]
http://cvs.sunsite.dk/viewcvs.cgi/sylpheedclaws/sylpheed-claws/src/textview.c.diff?r1=1.96.2.114&r2=1.96.2.115&only_with_tag=gtk2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEjVfEAud/2YgchcQRAi+6AKCvqhLo48kIe571DW1crMkf2KJR8QCg4qBU
uF53ADM6NC6KE24LbSRwb8E=
=sNHo
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: sylpheed-claws
Source-Version: 1.0.5-3
We believe that the bug you reported is fixed in the latest version of
sylpheed-claws, which is due to be installed in the Debian FTP archive:
libsylpheed-claws-dev_1.0.5-3_i386.deb
to pool/main/s/sylpheed-claws/libsylpheed-claws-dev_1.0.5-3_i386.deb
sylpheed-claws-clamav_1.0.5-3_i386.deb
to pool/main/s/sylpheed-claws/sylpheed-claws-clamav_1.0.5-3_i386.deb
sylpheed-claws-dillo-viewer_1.0.5-3_i386.deb
to pool/main/s/sylpheed-claws/sylpheed-claws-dillo-viewer_1.0.5-3_i386.deb
sylpheed-claws-i18n_1.0.5-3_all.deb
to pool/main/s/sylpheed-claws/sylpheed-claws-i18n_1.0.5-3_all.deb
sylpheed-claws-image-viewer_1.0.5-3_i386.deb
to pool/main/s/sylpheed-claws/sylpheed-claws-image-viewer_1.0.5-3_i386.deb
sylpheed-claws-pgpmime_1.0.5-3_i386.deb
to pool/main/s/sylpheed-claws/sylpheed-claws-pgpmime_1.0.5-3_i386.deb
sylpheed-claws-plugins_1.0.5-3_all.deb
to pool/main/s/sylpheed-claws/sylpheed-claws-plugins_1.0.5-3_all.deb
sylpheed-claws-scripts_1.0.5-3_all.deb
to pool/main/s/sylpheed-claws/sylpheed-claws-scripts_1.0.5-3_all.deb
sylpheed-claws-spamassassin_1.0.5-3_i386.deb
to pool/main/s/sylpheed-claws/sylpheed-claws-spamassassin_1.0.5-3_i386.deb
sylpheed-claws-trayicon_1.0.5-3_i386.deb
to pool/main/s/sylpheed-claws/sylpheed-claws-trayicon_1.0.5-3_i386.deb
sylpheed-claws_1.0.5-3.diff.gz
to pool/main/s/sylpheed-claws/sylpheed-claws_1.0.5-3.diff.gz
sylpheed-claws_1.0.5-3.dsc
to pool/main/s/sylpheed-claws/sylpheed-claws_1.0.5-3.dsc
sylpheed-claws_1.0.5-3_i386.deb
to pool/main/s/sylpheed-claws/sylpheed-claws_1.0.5-3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ricardo Mones <[EMAIL PROTECTED]> (supplier of updated sylpheed-claws package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 13 Jun 2006 08:02:01 +0200
Source: sylpheed-claws
Binary: sylpheed-claws sylpheed-claws-trayicon sylpheed-claws-pgpmime
sylpheed-claws-scripts libsylpheed-claws-dev sylpheed-claws-clamav
sylpheed-claws-dillo-viewer sylpheed-claws-plugins sylpheed-claws-i18n
sylpheed-claws-spamassassin sylpheed-claws-image-viewer
Architecture: source i386 all
Version: 1.0.5-3
Distribution: unstable
Urgency: high
Maintainer: Ricardo Mones <[EMAIL PROTECTED]>
Changed-By: Ricardo Mones <[EMAIL PROTECTED]>
Description:
libsylpheed-claws-dev - Development files to build plugins for Sylpheed-Claws
sylpheed-claws - Extended version of the Sylpheed mail client
sylpheed-claws-clamav - Clam AntiVirus plugin for Sylpheed Claws
sylpheed-claws-dillo-viewer - HTML viewer plugin for Sylpheed Claws using Dillo
sylpheed-claws-i18n - Locale data for Sylpheed Claws (i18n support)
sylpheed-claws-image-viewer - Image viewer plugin for Sylpheed Claws
sylpheed-claws-pgpmime - PGP/MIME plugin for Sylpheed Claws
sylpheed-claws-plugins - Various plugins for the Sylpheed Claws mail client
sylpheed-claws-scripts - Helper scripts for Sylpheed and Sylpheed Claws
sylpheed-claws-spamassassin - SpamAssassin plugin for Sylpheed Claws
sylpheed-claws-trayicon - Notification area plugin for Sylpheed Claws
Closes: 372891
Changes:
sylpheed-claws (1.0.5-3) unstable; urgency=high
.
* debian/control
- Updated Standards-Version, updated maintainer mail address
- Make -i18n package depend on binary, and binary recomend -i18n
* debian/patches/12security_CVE-2006-2920.patch
- fix for security bug CVE-2006-2920: URI bypass (Closes: #372891)
Files:
c314afb66aebb0fd06bcced48ceb2ada 1252 mail optional sylpheed-claws_1.0.5-3.dsc
f2eea733208b573328e32857d4fa4638 30042 mail optional
sylpheed-claws_1.0.5-3.diff.gz
c9fe6e86da467da3d403fa17f5b9917d 108702 mail optional
sylpheed-claws-plugins_1.0.5-3_all.deb
83edcf12e99451eba182c0880b5739ec 167470 mail optional
sylpheed-claws-scripts_1.0.5-3_all.deb
a7e247f5a59b2e12e6b7c1b164127527 1188926 mail optional
sylpheed-claws-i18n_1.0.5-3_all.deb
448cd442622a1af4995f6605451a4b01 962714 mail optional
sylpheed-claws_1.0.5-3_i386.deb
41851ea709598dfcd22f06c257db1f7e 197714 devel optional
libsylpheed-claws-dev_1.0.5-3_i386.deb
ce828e3da29214f794b6fe6e636f7d0d 118564 mail optional
sylpheed-claws-clamav_1.0.5-3_i386.deb
515205a9a4b3ee04c3c4e21e39d73a32 115336 mail optional
sylpheed-claws-dillo-viewer_1.0.5-3_i386.deb
74c9f0d3823e60a36c8818c5c30436fa 116286 mail optional
sylpheed-claws-image-viewer_1.0.5-3_i386.deb
43485997e1000581c504540b685bb258 127522 mail optional
sylpheed-claws-spamassassin_1.0.5-3_i386.deb
371fbaeb3ebb0c5ea58a4a904ae11ff3 122312 mail optional
sylpheed-claws-trayicon_1.0.5-3_i386.deb
74c297d4bf33847f36e4976f845cc0b5 131162 mail optional
sylpheed-claws-pgpmime_1.0.5-3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEjz8nLARVQsm1XawRAkUWAJ980jBHUqWTZpAw09YvoFZM8aagcQCgu9sX
JtDgP86BidZvMYAebNsBYJo=
=MVkJ
-----END PGP SIGNATURE-----
--- End Message ---
