Your message dated Mon, 29 Jul 2024 15:18:33 +0000
with message-id <[email protected]>
and subject line Bug#1075853: fixed in cyrus-imapd 3.8.4-1
has caused the Debian Bug report #1075853,
regarding Regression in fix for CVE-2024-34055 breaks murder clusters
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1075853: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1075853
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: cyrus-murder
Version: 3.6.1-4+deb12u2
Severity: grave
Tags: patch, fixed-upstream
The patch for CVE-2024-34055 breaks the implementation of the mupdate
protocol. This causes "ctl_mboxlist -m" to fail, which is by default
executed on the start of cyrus-imapd in a clustered setup. Therefore,
the current version of the cyrus-murder package is in an unusable state.
Non-clustered setups shouldn't be affected.
The cause and the fix (applied to recent versions only) are discussed
here https://github.com/cyrusimap/cyrus-imapd/issues/4932
The fixes have not (yet?) been backported to the 3.6 branch.
A more simple patch is given here:
https://github.com/cyrusimap/cyrus-imapd/pull/4937#issuecomment-2178372505
I've come to a similar approach as I was unaware of the Github issue
when encountering the problems and can confirm that the two-line-fix
also resolves the issue.
It is very likely that the regression also applies to the Bullseye package.
Regards
Matthias
--- End Message ---
--- Begin Message ---
Source: cyrus-imapd
Source-Version: 3.8.4-1
Done: Yadd <[email protected]>
We believe that the bug you reported is fixed in the latest version of
cyrus-imapd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <[email protected]> (supplier of updated cyrus-imapd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 29 Jul 2024 12:38:12 +0400
Source: cyrus-imapd
Architecture: source
Version: 3.8.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Cyrus Team <[email protected]>
Changed-By: Yadd <[email protected]>
Closes: 1075853 1076643
Changes:
cyrus-imapd (3.8.4-1) unstable; urgency=medium
.
* Drop build dependency to libdb-dev (Closes: #1076643)
* New upstream version 3.8.4 (Closes: #1075853)
Checksums-Sha1:
ed8a59e4985acfc073454c5a518edc0b6852983f 5155 cyrus-imapd_3.8.4-1.dsc
86570642685b5cc41a31e7bd57a7f7c312951969 6236736 cyrus-imapd_3.8.4.orig.tar.xz
6c193a47887c2d216408db0301821c3def1a7ea7 87260
cyrus-imapd_3.8.4-1.debian.tar.xz
Checksums-Sha256:
a0f6d6ad29951e9a48017fb33d46ed7f30f469a01fd96847075bde612328b485 5155
cyrus-imapd_3.8.4-1.dsc
58cf93560d914897eb505caeb9e8632e32a2b6f6f3d38d0de0739ea7341f3953 6236736
cyrus-imapd_3.8.4.orig.tar.xz
400d07e13d299af14e104693ff9bb57dfdb48f9c82108b47993f5fc363f570d1 87260
cyrus-imapd_3.8.4-1.debian.tar.xz
Files:
c082c24af5a7a64abe50353d5231a1f2 5155 mail optional cyrus-imapd_3.8.4-1.dsc
93cf99b6ecbd2fa62b17dd2fbee3c4d9 6236736 mail optional
cyrus-imapd_3.8.4.orig.tar.xz
d017de00a3fbee0e6feb29771ef17916 87260 mail optional
cyrus-imapd_3.8.4-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmannK0ACgkQ9tdMp8mZ
7umM4xAAkHLelISDc9QAA8ZAzrxNXIvfxzBSNkyS2WG5G3ou89oJPen/abSJaJeX
JYIz8cAq0RHsUddiG3w2mdcRh15D1jezg/MjvSlQTbTnvkLhlYw1I5X/UZiZP1/K
P+SpCCfETQLl39JDxpL61C8W3oaXjh/l9b/uiy61C523uq0VXn9i7NI6VeAu2fUB
h1p43xIxBMoMfHCrSykiImxd49eT1Z/dlvlIsGhIr7HIkO9O1L1MVXgQnWAahmnH
nDzI3MpmvZ0V0s5Fy7KWwpgkyz5T1BsP/JzdNtgcRaTyZ6oHW9DrsGuasB2klgSo
e9VCkAbUPjIJ1MDzLRE/Ps1Fw6fGhlZM9bJro97R1LANlT56uHM/T8fgZmYBLqll
ddsf4SDKMoxJGm6H7uoHa1KGEyt5pJWuSIv8bzowpXa0tBcHUH0O20dPkT2P34qY
3VTAz10LWAkJo1r1GRDVQXwhXOLscZGn9LqV0Cd1V3mVNASXfnnDiVnkVXCQRp3M
gb7N0aM0u/slLOFqG4CX2xWswxX3ku5SvdUZ9K1Vk3QkndJGcP3EniswWK4ypLRe
hT4Khf95VGFTIFr8eA7Py+FzL3GSpSvDkTpcMI5PetcCi7clsD9fhRT8oIfhmwvl
LUMiXviXq/DpZgXbHUM8Y7fyNQIjnsS86pf/8KA4VW4j3AllZXY=
=Qdc/
-----END PGP SIGNATURE-----
pgpzBrIWmLuKn.pgp
Description: PGP signature
--- End Message ---
