Your message dated Sun, 10 Jan 2021 18:03:35 +0000
with message-id <e1kyf3v-0009ce...@fasolo.debian.org>
and subject line Bug#966647: fixed in libetpan 1.9.4-3
has caused the Debian Bug report #966647,
regarding libetpan: CVE-2020-15953
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
966647: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966647
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libetpan
Version: 1.9.4-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/dinhvh/libetpan/issues/386
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for libetpan.
CVE-2020-15953[0]:
| LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other
| products, has a STARTTLS buffering issue that affects IMAP, SMTP, and
| POP3. When a server sends a "begin TLS" response, the client reads
| additional data (e.g., from a meddler-in-the-middle attacker) and
| evaluates it in a TLS context, aka "response injection."
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-15953
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15953
[1] https://github.com/dinhvh/libetpan/issues/386
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libetpan
Source-Version: 1.9.4-3
Done: Ricardo Mones <mo...@debian.org>
We believe that the bug you reported is fixed in the latest version of
libetpan, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 966...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ricardo Mones <mo...@debian.org> (supplier of updated libetpan package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 10 Jan 2021 18:39:40 +0100
Source: libetpan
Architecture: source
Version: 1.9.4-3
Distribution: unstable
Urgency: medium
Maintainer: Ricardo Mones <mo...@debian.org>
Changed-By: Ricardo Mones <mo...@debian.org>
Closes: 966647
Changes:
libetpan (1.9.4-3) unstable; urgency=medium
.
* Patch from upstream commits fixing CVE-2020-15953 (Closes: #966647)
* Standards-Version: update to 4.5.1 with no other changes
* Remove dh_strip override: dbgsym already in stable
* Raise compat level to 13 and simplify rules
* Rules-Requires-Root: add field
* Add patch fixing encoding in some header files
* Add upstream metadata file
* Annotate files not installed
Checksums-Sha1:
361b76a3e5879e6a49c8904e4d4f0a138952304e 2138 libetpan_1.9.4-3.dsc
0435649f4c221af1a70835be94d46183424d64d9 23252 libetpan_1.9.4-3.debian.tar.xz
7b749e755e1b61635b008b1598e836e0da83d74f 8069 libetpan_1.9.4-3_amd64.buildinfo
Checksums-Sha256:
1629fe8ad57accb991d0b4d76e529d84cb02130b2ec55ed37a4ae0eb205e54fc 2138
libetpan_1.9.4-3.dsc
a7fdb374d95d4bd59f8b8a4b2c84e749a1d36cfa5bce3cc0c038d6ccdf457f38 23252
libetpan_1.9.4-3.debian.tar.xz
6802dea75d5651de6ebb62ee3dc155d952ce33e474c01dc21b0dd5439249001e 8069
libetpan_1.9.4-3_amd64.buildinfo
Files:
5a9f65dece7622f480ba2258a0bdad96 2138 mail optional libetpan_1.9.4-3.dsc
b911a32224cf2deb40961a862b629a57 23252 mail optional
libetpan_1.9.4-3.debian.tar.xz
00587267b0b908500b31b7da5ccb156d 8069 mail optional
libetpan_1.9.4-3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEQ7w2SxbfDCBevXWSHw8KiN5bzKYFAl/7PQsACgkQHw8KiN5b
zKa4sg//QY0TfyI+WpwGl0zoQzvo0XQf2u0gNUrMxDQOCNOpiNWnP3LL/LtJl0pP
EVO/uraxkaFA8SWLCP2vsnpC2sSbo3Wh+7lhuNqiPqcEXp1qs2naLvNGU48KoUhl
OtyUv761QU+yCMw9+1iDNWaxXz2oM2sAH979kGes14C3JdlyqdDqHYJ/ws3MDsyY
Ke6QULULoGKDv+jdd/l8eqU+vVhJeUy1Ct3Pkf2JeJxjP9Rxg4rjjVQa/xLJNGcH
zzzkp96+x/RKPUttBJ7oOEcKgqPlhqSiZMr58PbRgv4yLiAJHQoPkvuqyLNa067M
ek8GE2+VFz7QzTmHXr6NuyrQK1xj0EPrdrPs4T99Pl1FA80c913+2q1BbzZijAaO
IsBB822osnkptmQ2DI3a7ZHaUWLEXqE4RJrTdyiO5qQPXep65Kad664nUPYPlfAP
Zuze0n1Bc/5jelzkYkcz121cG4GKFklLMfz5OwKlk1LbmPYeVMi4xxHLZzBzwMaW
VNI9l101+FbbNfrHntzpj04UacD+UuHLjebaJEchx5iT8SmSt1hCg00BvS1sIAs0
4T5Lqw6iPsQ5AVfClItpLTs1givbqTa+tmjD08/kWYFXCH5ygdY6+lQnuYko/hZz
icv9v2iJZeElzWcMzYzPnP0rNwbncGtJ8OCjdIuf5OWBCHxF/HI=
=nBk0
-----END PGP SIGNATURE-----
--- End Message ---
