Your message dated Wed, 17 Dec 2014 16:19:23 +0100
with message-id <20141217151923.ga19...@home.ouaza.com>
and subject line Re: Bug#773322: security-tracker: DSA-3104-1 vs. tracker
has caused the Debian Bug report #773322,
regarding security-tracker: DSA-3104-1 vs. tracker
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
773322: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773322
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: security-tracker
Severity: normal
Hello!
DSA-3104-1 [1] states, in part:
| An older security vulnerability, CVE-2004-2771, had already
| been addressed in the Debian's bsd-mailx package.
However, the tracker [2] seems to disagree, as it claims that
all versions of bsd-mailx in Debian are currently vulnerable...
I think the problem is an extra epoch in the (unstable) fixed
version for bsd-mailx: this time the epoch is in the tracker data,
but not in the actual package versions (contrary to the usual
missing epoch issues that I frequently spot!).
Please fix the tracker data.
Thanks for your time!
[1] https://lists.debian.org/debian-security-announce/2014/msg00294.html
[2] https://security-tracker.debian.org/tracker/CVE-2004-2771
--- End Message ---
--- Begin Message ---
Hi,
On Tue, 16 Dec 2014, Francesco Poli (wintermute) wrote:
> | An older security vulnerability, CVE-2004-2771, had already
> | been addressed in the Debian's bsd-mailx package.
>
> However, the tracker [2] seems to disagree, as it claims that
> all versions of bsd-mailx in Debian are currently vulnerable...
> I think the problem is an extra epoch in the (unstable) fixed
> version for bsd-mailx: this time the epoch is in the tracker data,
> but not in the actual package versions (contrary to the usual
> missing epoch issues that I frequently spot!).
That's right. The bug has been fixed in mailx 1:8.1.2-0.20040524cvs-2
but when the source package has been renamed to bsd-mailx, the epoch has
been dropped so we should drop it too in the fixed version in the CVE
tracker.
Fix committed.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
--- End Message ---
