Your message dated Mon, 2 Jun 2008 20:54:16 +1000 with message-id <[EMAIL PROTECTED]> and subject line Version: 1.6.10-4.2+lenny1 has caused the Debian Bug report #447341, regarding CVE-2007-5208 arbitrary command execution via unfiltered from address to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 447341: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447341 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: hplip Version: 1.6.10-3 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for hplip. CVE-2007-5208[0]: | hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) | 1.x and 2.x before 2.7.10 allows context-dependent attackers to | execute arbitrary commands via shell metacharacters in a from address, | which is not properly handled when invoking sendmail. If you fix this vulnerability please also include the CVE id in your changelog entry. You can find a patch on: http://launchpadlibrarian.net/9737865/90_subprocess_replacement.dpatch For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5208 Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgp4iY8F2HtIC.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---Version: 1.6.10-4.2+lenny1
signature.asc
Description: This is a digitally signed message part.
--- End Message ---