Your message dated Fri, 25 Mar 2005 17:02:27 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#300516: fixed in mutt 1.5.8-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 20 Mar 2005 09:59:34 +0000
>From [EMAIL PROTECTED] Sun Mar 20 01:59:34 2005
Return-path: <[EMAIL PROTECTED]>
Received: from ultramega.info [81.169.178.155]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DCxDY-0005Xn-00; Sun, 20 Mar 2005 01:59:33 -0800
Received: from p5497d6ef.dip.t-dialin.net ([84.151.214.239]
helo=base.jerri.home)
by ultramega.info with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1DCxD1-0006yj-GO
for [EMAIL PROTECTED]; Sun, 20 Mar 2005 10:58:59 +0100
Received: from gerhard by base.jerri.home with local (Exim 4.50)
id 1DCxD0-0001qu-IW
for [EMAIL PROTECTED]; Sun, 20 Mar 2005 10:58:58 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Gerhard Siegesmund <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: security bug with mutt 1.5.6+20040907i and smime
X-Mailer: reportbug 3.8
Date: Sun, 20 Mar 2005 10:58:58 +0100
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: mutt
Version: 1.5.6-20040907+3
Severity: important
Tags: patch
As not a lot of people are using smime at the moment with mutt it seems a
severe security bug, which seems to be fixed in newer version of mutt, has be
ignored:
mutt doesn't forget the passphrase for smime encryption/signing. After once
entering the passphrase, on subsequent prompts for the passphrase you only have
to press return to encrypt/sign with your private smime-key. This renders the
passphrase-forget-timeout useless. It seems, only one line of code has to be
added to the file smime.c to fix this bug (this bug seems to be fixed in newer
versions of mutt):
--- smime.c.orig 2005-03-20 10:45:31.000000000 +0100
+++ smime.c 2005-03-20 10:45:49.000000000 +0100
@@ -102,6 +102,8 @@
/* Use cached copy. */
return 1;
+ smime_void_passphrase ();
+
if (mutt_get_password (_("Enter SMIME passphrase:"), SmimePass, sizeof
(SmimePass)) == 0)
{
SmimeExptime = time (NULL) + SmimeTimeout;
On a sidenote: Just a question: The current version of mutt development is
1.5.9. When will new versions of mutt be available as a debian package. Please,
don't get me wrong! Thanks for all the good work. Just wondering! :)
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.26-486
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages mutt depends on:
ii exim4 4.50-4 metapackage to ease exim MTA (v4)
ii exim4-daemon-light [mail-tr 4.50-4 lightweight exim MTA (v4) daemon
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
ii libdb4.2 4.2.52-18 Berkeley v4.2 Database Libraries [
ii libgnutls11 1.0.16-13 GNU TLS library - runtime library
ii libidn11 0.5.13-1.0 GNU libidn library, implementation
ii libncursesw5 5.4-4 Shared libraries for terminal hand
ii libsasl2 2.1.19-1.5 Authentication abstraction library
-- no debconf information
---------------------------------------
Received: (at 300516-close) by bugs.debian.org; 25 Mar 2005 22:09:06 +0000
>From [EMAIL PROTECTED] Fri Mar 25 14:09:05 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DEwzJ-0003cE-00; Fri, 25 Mar 2005 14:09:05 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DEwst-0000v1-00; Fri, 25 Mar 2005 17:02:27 -0500
From: =?utf-8?q?Adeodato_Sim=C3=B3?= <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#300516: fixed in mutt 1.5.8-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Fri, 25 Mar 2005 17:02:27 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00,DRASTIC_REDUCED,
FROM_ENDS_IN_NUMS,HAS_BUG_NUMBER autolearn=no
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 4
Source: mutt
Source-Version: 1.5.8-1
We believe that the bug you reported is fixed in the latest version of
mutt, which is due to be installed in the Debian FTP archive:
mutt_1.5.8-1.diff.gz
to pool/main/m/mutt/mutt_1.5.8-1.diff.gz
mutt_1.5.8-1.dsc
to pool/main/m/mutt/mutt_1.5.8-1.dsc
mutt_1.5.8-1_i386.deb
to pool/main/m/mutt/mutt_1.5.8-1_i386.deb
mutt_1.5.8.orig.tar.gz
to pool/main/m/mutt/mutt_1.5.8.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adeodato Simó <[EMAIL PROTECTED]> (supplier of updated mutt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 25 Mar 2005 21:55:52 +0100
Source: mutt
Binary: mutt
Architecture: source i386
Version: 1.5.8-1
Distribution: unstable
Urgency: low
Maintainer: [EMAIL PROTECTED]
Changed-By: Adeodato Simó <[EMAIL PROTECTED]>
Description:
mutt - Text-based mailreader supporting MIME, GPG, PGP and threading
Closes: 269699 275060 277665 285574 287744 295528 299060 300516
Changes:
mutt (1.5.8-1) unstable; urgency=low
.
* New upstream release, with a CVS pull to get all the translation updates
that happen right after a release. New features worth mentioning:
+ the PGP auto decode patch by Derek Martin has been accepted upstream,
so inline PGP messages are automatically verified/decrypted now if
$pgp_auto_decode is set. (Closes: #269699)
+ IDN decoding can be disabled by unseting $use_idn (set by default).
+ new hook 'send2-hook', which gets executed each time there is a change
in a message being composed. This permits, for example, to match against
recipients added manually after writing the mail, which wasn't possible
with 'send-hook' alone.
.
* This version also includes the following fixes:
+ message flags are not lost after editing a message. (Closes: #275060)
+ IMAP folder paths ending with the delimiter are trimmed so that they
don't fail to open with some servers, e.g. Courier. (Closes: #277665)
+ the correct charset is used when signing a forwarded message.
(Closes: #295528)
+ correctly forget the S/MIME passphrase. (Closes: #300516)
.
* Explicitly pass --enable-inodesort to ./configure, since upstream has
disabled it by default in this version.
.
* Updated the compressed folders patch to version 1.5.8.
.
* Dropped the adjust_line patch from extra-patches/mutt-ja-compat,
incorporated upstream. Renamed mutt-ja-compat to assumed-charset, since
that's the only patch that remains.
.
* Lots of patches in the Debian package have been applied upstream, drop
them (16 in total). Worth mentioning is the gnutls patch. The
maildir_inode_sort patch has been adopted too, with the static functions
no longer being nested, which closes: #287744 (FTBFS with gcc-4.0).
.
* Implemented a conf.d style directory for mutt: other packages or local
admins may now drop configuration snippets in /etc/Muttrc.d/*.rc and have
them sourced at the end of the default Muttrc. (Closes: #285574)
.
* Updated the header cache patch to version 28. The size of this patch has
been drastically reduced, since the generic code and the IMAP support has
been incorporated upstream.
.
* Updated the compressed folders patch to version 1.5.7.
.
* Dropped the adjust_edited_file patch from extra-patches/mutt-ja-compat,
incorporated upstream.
.
* Use mixmaster-filter by default. (Closes: #299060)
Files:
05b4c20d6a6581d548f00d7a12a41706 758 mail standard mutt_1.5.8-1.dsc
f9de305639cbd9030fa7637d8d1fb438 3007530 mail standard mutt_1.5.8.orig.tar.gz
d085f8667120a8a9954987e3527fd0b5 144241 mail standard mutt_1.5.8-1.diff.gz
e78df94e8d94d1b181145bd722d8eb91 1408792 mail standard mutt_1.5.8-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCRH0HFGfw2OHuP7ERAlw0AJ0Vb/tLPvFCNoTxwZvgHMhr5ClaOwCfVbj9
RF12iEdZZ6dzu+0sdI/8MoA=
=JLQv
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
