Your message dated Tue, 11 Oct 2005 13:17:39 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#332215: fixed in uw-imap 7:2002edebian1-12
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 5 Oct 2005 06:09:03 +0000
>From [EMAIL PROTECTED] Tue Oct 04 23:09:03 2005
Return-path: <[EMAIL PROTECTED]>
Received: from box79162.elkhouse.de [213.9.79.162]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1EN2Sb-0002UJ-00; Tue, 04 Oct 2005 23:09:01 -0700
Received: from localhost.localdomain (dialin-145-254-079-254.pools.arcor-ip.net
[145.254.79.254])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "Martin Pitt (workstation)", Issuer "piware CA" (verified
OK))
by box79162.elkhouse.de (Postfix) with ESMTP id AA478BCA60
for <[EMAIL PROTECTED]>; Wed, 5 Oct 2005 08:08:26 +0200 (CEST)
Received: by localhost.localdomain (Postfix, from userid 1000)
id 8BBB1171D5; Wed, 5 Oct 2005 08:08:26 +0200 (CEST)
Date: Wed, 5 Oct 2005 08:08:26 +0200
From: Martin Pitt <[EMAIL PROTECTED]>
To: Debian BTS Submit <[EMAIL PROTECTED]>
Subject: uw-imapd: [CAN-2005-2933] Buffer overflow in Netmailbox Name Parsing
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="G4iJoqBmSsgzjUCe"
Content-Disposition: inline
User-Agent: Mutt/1.5.9i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
--G4iJoqBmSsgzjUCe
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: uw-imapd
Version: 7:2002edebian1-11
Severity: critical
Tags: security patch
Hi!
There is an exploitable buffer overflow in the UW-IMAP server. Details
and the patch is at
http://www.idefense.com/application/poi/display?id=3D313&type=3Dvulnerabi=
lities
This got assigned CAN-2005-2933, please mention this number in the
changelog when you fix this.
Thanks!
Martin
--=20
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
In a world without walls and fences, who needs Windows and Gates?
--G4iJoqBmSsgzjUCe
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDQ23aDecnbV4Fd/IRAlt/AKCCTbT3NyvcpjFQ6iIZRGvs81VmSgCgmwmG
IXt6+PKYFkzuRjITm6kZ/oY=
=PDl3
-----END PGP SIGNATURE-----
--G4iJoqBmSsgzjUCe--
---------------------------------------
Received: (at 332215-close) by bugs.debian.org; 11 Oct 2005 20:23:02 +0000
>From [EMAIL PROTECTED] Tue Oct 11 13:23:02 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1EPQZ9-0006RI-00; Tue, 11 Oct 2005 13:17:39 -0700
From: Jonas Smedegaard <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#332215: fixed in uw-imap 7:2002edebian1-12
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Tue, 11 Oct 2005 13:17:39 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 8
Source: uw-imap
Source-Version: 7:2002edebian1-12
We believe that the bug you reported is fixed in the latest version of
uw-imap, which is due to be installed in the Debian FTP archive:
ipopd-ssl_2002edebian1-12_all.deb
to pool/main/u/uw-imap/ipopd-ssl_2002edebian1-12_all.deb
ipopd_2002edebian1-12_powerpc.deb
to pool/main/u/uw-imap/ipopd_2002edebian1-12_powerpc.deb
libc-client-dev_2002edebian1-12_powerpc.deb
to pool/main/u/uw-imap/libc-client-dev_2002edebian1-12_powerpc.deb
libc-client2002edebian_2002edebian1-12_powerpc.deb
to pool/main/u/uw-imap/libc-client2002edebian_2002edebian1-12_powerpc.deb
mlock_2002edebian1-12_powerpc.deb
to pool/main/u/uw-imap/mlock_2002edebian1-12_powerpc.deb
uw-imap_2002edebian1-12.diff.gz
to pool/main/u/uw-imap/uw-imap_2002edebian1-12.diff.gz
uw-imap_2002edebian1-12.dsc
to pool/main/u/uw-imap/uw-imap_2002edebian1-12.dsc
uw-imapd-ssl_2002edebian1-12_all.deb
to pool/main/u/uw-imap/uw-imapd-ssl_2002edebian1-12_all.deb
uw-imapd_2002edebian1-12_powerpc.deb
to pool/main/u/uw-imap/uw-imapd_2002edebian1-12_powerpc.deb
uw-mailutils_2002edebian1-12_powerpc.deb
to pool/main/u/uw-imap/uw-mailutils_2002edebian1-12_powerpc.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonas Smedegaard <[EMAIL PROTECTED]> (supplier of updated uw-imap package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 11 Oct 2005 19:33:40 +0200
Source: uw-imap
Binary: libc-client2002edebian uw-imapd libc-client-dev mlock ipopd ipopd-ssl
uw-imapd-ssl uw-mailutils
Architecture: source all powerpc
Version: 7:2002edebian1-12
Distribution: unstable
Urgency: high
Maintainer: Jonas Smedegaard <[EMAIL PROTECTED]>
Changed-By: Jonas Smedegaard <[EMAIL PROTECTED]>
Description:
ipopd - POP2 and POP3 servers from UW
ipopd-ssl - Dummy upgrade package for ipopd
libc-client-dev - UW c-client library for mail protocols
libc-client2002edebian - UW c-client library for mail protocols
mlock - Mailbox locking program from UW
uw-imapd - remote mail folder access server
uw-imapd-ssl - Dummy upgrade package for uw-imapd
uw-mailutils - C-client support programs from UW
Closes: 241804 241986 248762 249129 313261 323375 324073 332215 333346
Changes:
uw-imap (7:2002edebian1-12) unstable; urgency=high
.
* Patch src/c-client/mail.c against remote exploitable buffer overflow
allowing attacker to execute arbitrary code - CAN-2005-2933. This
closes: bug#332215 (thanks to iDEFENCE and Martin Pitt
<[EMAIL PROTECTED]>).
* Add/update debconf l10n:
+ Catalan (ca). Closes: Bug#248762 (thanks to Debian L10n Catalan
Team).
+ Czech (cs). Closes: bug#313261 (thanks to Miroslav Kure
<[EMAIL PROTECTED]>).
+ French (fr). Closes: Bug#241986 (thanks to debian-l10n-french
mailing list contributors).
+ Japanese (ja) Closes: Bug#241804 (thanks to Kenshi Muto
<[EMAIL PROTECTED]>).
+ Spanish (es). Closes: bug#323375 (thanks to Carlos Galisteo de
Cabo <[EMAIL PROTECTED]>),
+ Swedish (sv). Closes: bug#333346 (thanks to Daniel Nylander
<[EMAIL PROTECTED]>).
+ Turkish (tr). Closes: Bug#249129 (thanks to Mehmet Turker).
+ Vietnamese (vi). Closes: bug#324073 (thanks to Vietnamese free-
software translation team / nhóm Viá»t hóa phần má»m tá»±
do).
* Modernize maintainer scripts (thanks to lintian):
+ Use `chown uid:gid` (not `chown uid.gid`).
+ Use [ test1 ] && [ test2 ] (not [ test1 -a test2 ]).
* Source debconf in libc-clientXXX postinst even if unused (thanks to
lintian).
* Claim compliance with Policy 3.6.2 (no changes needed).
* Set urgency=high due to security fix.
Files:
7299712545f83729a60e881caa41c654 773 mail optional uw-imap_2002edebian1-12.dsc
3ef729a3630a9faeba049196d2608e6f 90217 mail optional
uw-imap_2002edebian1-12.diff.gz
b74a9606df9d2c80fa4140ad86424cdc 20296 mail optional
uw-imapd-ssl_2002edebian1-12_all.deb
7bdab75c207899049568dae78a26c196 20296 mail optional
ipopd-ssl_2002edebian1-12_all.deb
b692333c11b9aa374479082a29f14243 71914 mail optional
uw-imapd_2002edebian1-12_powerpc.deb
387e159b8c25092022c204b15d8f60f7 46420 mail optional
ipopd_2002edebian1-12_powerpc.deb
c6c717ce3674874d784e4bb982a96d1e 1073022 libdevel extra
libc-client-dev_2002edebian1-12_powerpc.deb
00031b5cb7fdbb7fb3a478ff511ac3e0 597376 libs optional
libc-client2002edebian_2002edebian1-12_powerpc.deb
fc31b133c7c4cd4db4a0238e3f391ac0 25980 mail optional
mlock_2002edebian1-12_powerpc.deb
147ad046b67422161b5609836dfcfdfb 49746 mail optional
uw-mailutils_2002edebian1-12_powerpc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDTAptn7DbMsAkQLgRAqMBAJ4l1fK+cASGirCgN3YoPJCHpvrzawCghkjt
20CNOXTPhqsr3xrpCNcFgdU=
=Lm2r
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
