Your message dated Fri, 28 Sep 2018 17:05:22 +0000 with message-id <e1g5wcg-000j1o...@fasolo.debian.org> and subject line Bug#864800: fixed in libmail-deliverystatus-bounceparser-perl 1.542+repacked-1 has caused the Debian Bug report #864800, regarding Mail::DeliveryStatus::BounceParser contains a live virus and some real spam/phishing mails to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 864800: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864800 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libmail-deliverystatus-bounceparser-perl Version: 1.531-1 Severity: serious X-Debbugs-CC: Ricardo Signes <r...@cpan.org> Control: forwarded -1 Ricardo Signes <r...@cpan.org> Control: found -1 1.536-1 Control: found -1 1.542-1 User: debian-ad...@lists.debian.org Usertags: needed-by-DSA-Team The Mail::DeliveryStatus::BounceParser source contains a live virus and some real spam/phishing mails. This is leading to Netcraft and other virus detection systems on the Internet reporting Debian mirrors as malicious, which potentially reduces the reputation of debian.org on various anti-spam and anti-malware services. Please fix this in upstream git, with a new release on CPAN and in all Debian suites. https://incident.netcraft.com/w/b0d11ab53944/ https://incident.netcraft.com/w/ffb6f95e5301/ To fix this you will need to strip the account-password.zip attachment from t/corpus/virus-caused-multiple-weird-reports.msg and if possible strip the phishing/spam content from the other files, while ensuring that the tests still pass despite changes to the corpus but that the new files in the corpus do not trip any anti-virus checkers: https://www.virustotal.com/ $ clamdscan --fdpass --infected | sed "s|`pwd`/||" t/corpus/virus-caused-multiple-weird-reports.msg: Win.Worm.Mytob-331 FOUND t/corpus/spam-with-badly-parsed-email.msg: Sanesecurity.Phishing.Ivt.6456.UNOFFICIAL FOUND t/corpus/spam-lots-of-bogus-addresses.msg: Sanesecurity.Spam.8684.UNOFFICIAL FOUND ----------- SCAN SUMMARY ----------- Infected files: 3 Time: 0.087 sec (0 m 0 s) -- bye, pabs https://wiki.debian.org/PaulWisesignature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---Source: libmail-deliverystatus-bounceparser-perl Source-Version: 1.542+repacked-1 We believe that the bug you reported is fixed in the latest version of libmail-deliverystatus-bounceparser-perl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 864...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Xavier Guimard <y...@debian.org> (supplier of updated libmail-deliverystatus-bounceparser-perl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 28 Sep 2018 13:48:12 +0200 Source: libmail-deliverystatus-bounceparser-perl Binary: libmail-deliverystatus-bounceparser-perl Architecture: source Version: 1.542+repacked-1 Distribution: unstable Urgency: medium Maintainer: Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org> Changed-By: Xavier Guimard <y...@debian.org> Closes: 864800 Description: libmail-deliverystatus-bounceparser-perl - module for analyzing bounce messages Changes: libmail-deliverystatus-bounceparser-perl (1.542+repacked-1) unstable; urgency=medium . * Team upload . [ gregor herrmann ] * debian/copyright: change Copyright-Format 1.0 URL to HTTPS. * Remove Nathan Handler from Uploaders. Thanks for your work! . [ Salvatore Bonaccorso ] * Update Vcs-* headers for switch to salsa.debian.org . [ Xavier Guimard ] * Repack excluding viruses found by uscan (Closes: #864800) * Declare compliance with policy 4.2.1 * Remove dependency to libtest-simple-perl (>= 0.94) * Bump debhelper compatibility to 10 Checksums-Sha1: f81396c650f0f8a3dcb9a81c1b3b1c96df652880 2497 libmail-deliverystatus-bounceparser-perl_1.542+repacked-1.dsc 51a846124bd138510f11c05b493625c100db7f57 134689 libmail-deliverystatus-bounceparser-perl_1.542+repacked.orig.tar.gz e8a6bc7ceb6fb3c30854d5e9ae25b072b55060c0 2996 libmail-deliverystatus-bounceparser-perl_1.542+repacked-1.debian.tar.xz Checksums-Sha256: ac14d1ca76264543bbd06bc6660e7782042e15aff3470693314d396169d5ea88 2497 libmail-deliverystatus-bounceparser-perl_1.542+repacked-1.dsc d24c5032ca6caf9fdd42b93747280e02f8bb2b212b9be32e54e2e6d2d2fb2b90 134689 libmail-deliverystatus-bounceparser-perl_1.542+repacked.orig.tar.gz fe97bd91c079fac1c59e31fc1887ea4f61dd1d6d60a6dc123c0a544791681b27 2996 libmail-deliverystatus-bounceparser-perl_1.542+repacked-1.debian.tar.xz Files: 781d10e615223c7ed29e2775974ed2b6 2497 perl optional libmail-deliverystatus-bounceparser-perl_1.542+repacked-1.dsc cda9de7ffe9c3fde0b558c3bf1c2354a 134689 perl optional libmail-deliverystatus-bounceparser-perl_1.542+repacked.orig.tar.gz 78c0c463bb802bd4304e1be9f6dd54eb 2996 perl optional libmail-deliverystatus-bounceparser-perl_1.542+repacked-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQJEBAEBCgAuFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAluuWmEQHHlhZGRAZGVi aWFuLm9yZwAKCRD210ynyZnu6Q4HEACTyFkFUian/MJBLhwtUAPsHQ3wJhFxNAjB TybnzeeaXLg9C8PkdmPdhtlmzub5AfO09J2SCZUuJ6JaRv04uHyQtHyDTTmzKune 6pnnxFIjOYEEkBG0bJYwdABptwEFE/cuy1+sAAPgotKQU4ptS7DCVq970goxY52b a2SuuFr1QqxAqptBQZblKl4llwlKyU7kg2/e4zYp3PF4Z208Y0Nh6n8M74QuKzsI 321DA52E6PoBdaIaREe7Jum2cwR5t06ipzt4vsLm81pbWPoNJbz9PcANYWTPwV/X gJ0O+7nV1Db5bvPpd4E3AuRNJAmXlxnPp9EAMMH7UhRTcVaN0RXRN1itejjJbUon k0twpoz9OlnL+s4bApmMbOObH2Z0ghbsyVFWD0OHJdzBVkbs7ROR2iie/I4EFsBp PeyGsw6vJIL0PnwqJJTF6QYiyrmOfrRS7tarVHh4GNSwdqoHPxGDsohPOU+Kzp4e RJ+7l2ydYQRhy1TpOqXriis4jLj+tqndaT+Ety0eKAypayS97Q16RMU1zOZloBY8 U7RvoLs6I+ZmGfFg86Ig4kWxFGuKMpA1I9y5zDN8k6kYcEM7H8juEzczcKsU+PCs BHnAi4jVtwKiGepm1UCDHoOVGPXEv9zvvtAAlOUGb+QFxWiWx5h1kjQjfYlftKKj T8/PxeAagg== =GUCp -----END PGP SIGNATURE-----
--- End Message ---