Bug#659392: marked as done (CVE-2011-0791 / CVE-2012-0909)

Mon, 04 Jun 2012 13:51:22 -0700 

Your message dated Mon, 04 Jun 2012 20:49:00 +0000
with message-id <[email protected]>
and subject line Bug#659392: fixed in imp4 4.3.7+debian0-2.2
has caused the Debian Bug report #659392,
regarding CVE-2011-0791 / CVE-2012-0909
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
659392: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659392
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: imp4
Severity: grave
Tags: security

Please see 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0791

I don't really understand the Horde/Kolab Webmail structure, so 
imp4 might not be the actual affected package, please assign
as needed and keep us posted.

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
Source: imp4
Source-Version: 4.3.7+debian0-2.2

We believe that the bug you reported is fixed in the latest version of
imp4, which is due to be installed in the Debian FTP archive:

imp4_4.3.7+debian0-2.2.diff.gz
  to main/i/imp4/imp4_4.3.7+debian0-2.2.diff.gz
imp4_4.3.7+debian0-2.2.dsc
  to main/i/imp4/imp4_4.3.7+debian0-2.2.dsc
imp4_4.3.7+debian0-2.2_all.deb
  to main/i/imp4/imp4_4.3.7+debian0-2.2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Micah Anderson <[email protected]> (supplier of updated imp4 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 15 Feb 2012 10:39:48 -0800
Source: imp4
Binary: imp4
Architecture: source all
Version: 4.3.7+debian0-2.2
Distribution: stable-security
Urgency: high
Maintainer: Horde Maintainers <[email protected]>
Changed-By: Micah Anderson <[email protected]>
Description: 
 imp4       - webmail component for horde framework
Closes: 659392
Changes: 
 imp4 (4.3.7+debian0-2.2) stable-security; urgency=high
 .
   * Non-maintainer upload.
   * Fix XSS (CVE-2012-0791, Closes: #659392)
Checksums-Sha1: 
 86b032b7f6e5a300f287fa17b00c2836ec798982 1605 imp4_4.3.7+debian0-2.2.dsc
 f034e5e0a35d84df663f1656507a6f57aa25f0b6 5388310 imp4_4.3.7+debian0.orig.tar.gz
 f8b4b31b06b8eaba707643470f602b6f9c76ee1f 17064 imp4_4.3.7+debian0-2.2.diff.gz
 1351ba5ba263ffd2b389d44b66bc4fbc8c4fcb76 5371552 imp4_4.3.7+debian0-2.2_all.deb
Checksums-Sha256: 
 d35b0bb5e268bd70f4a2ac3201880c54b5fb66559d9167ca74211c92cedc2f65 1605 
imp4_4.3.7+debian0-2.2.dsc
 a57b5556e5f45e4469bb5af47ed49ea134a9be42b0bfef76ea9aa6ea0dc763b2 5388310 
imp4_4.3.7+debian0.orig.tar.gz
 c10f346cd98c93d04f7a1d34c432108c9fe9e23961fcefd540110cd05f15e280 17064 
imp4_4.3.7+debian0-2.2.diff.gz
 e95f987342146ce8b80391875f5db930350c5c36eae02533c8451245a74240c0 5371552 
imp4_4.3.7+debian0-2.2_all.deb
Files: 
 05a8d720ab10e206c1d56c5e0ba0744f 1605 web optional imp4_4.3.7+debian0-2.2.dsc
 2b70ec4ea4be65bbf016de053f84337b 5388310 web optional 
imp4_4.3.7+debian0.orig.tar.gz
 c3bff32d365723f0408b805944418ac7 17064 web optional 
imp4_4.3.7+debian0-2.2.diff.gz
 d0a5371e124f28f0038537789cb00e93 5371552 web optional 
imp4_4.3.7+debian0-2.2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJPykuJAAoJEOxfUAG2iX57XvUH/RCMy4yuUoa5bnatumi4+7q8
c6c7SyUxmMLdxKOM+VVbUFpShUfzEYaddAvxi74eaRIofICNZGFV/HrweN3QN7fV
AODYW7/ZCscy3P05JAi23TTBweXEeusNtQLSpH4I3ih8pd5hRDLaNUS/jcIHzGq6
I+kmGmLwHhFAhFV0XDaXZdpV0VLUewwcZ2xN4L9WcNnmipEsAsyy6OeitiiN879F
fT9cFC88pf5l56e/LD1XeZHF8xF9N4UdH4denVvMBPbGfpq7BoB+8RoY8g9Q96mP
JGXfVuDGmkObljJldc2Ljdtvru2q8z0qdHtRI+TijhQOA5VVuFtSjoFCNqZfJgo=
=OQSj
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to