Your message dated Mon, 19 Dec 2011 20:04:43 +0000
with message-id <[email protected]>
and subject line Bug#619216: fixed in mutt 1.5.20-9+squeeze2
has caused the Debian Bug report #619216,
regarding mutt: incorrect validation of remote SSL commonname
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
619216: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=619216
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: mutt
Version: 1.5.20-9+squeeze1
Severity: grave
Tags: security
Justification: user security hole
The gnutls implementation of ssl found in mutt, in mutt_ssl_gnutls.c, appears
to not validate
the common name of a remote server correctly. The openssl implementation found
in mutt_ssl.c
does perform this check correctly.
Can the mutt package be re-build against openssl and not gnutls.
This bug is reported upstream at http://dev.mutt.org/trac/ticket/3506.
-- System Information:
Debian Release: 6.0.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.38 (SMP w/128 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: mutt
Source-Version: 1.5.20-9+squeeze2
We believe that the bug you reported is fixed in the latest version of
mutt, which is due to be installed in the Debian FTP archive:
mutt-dbg_1.5.20-9+squeeze2_amd64.deb
to main/m/mutt/mutt-dbg_1.5.20-9+squeeze2_amd64.deb
mutt-patched_1.5.20-9+squeeze2_amd64.deb
to main/m/mutt/mutt-patched_1.5.20-9+squeeze2_amd64.deb
mutt_1.5.20-9+squeeze2.diff.gz
to main/m/mutt/mutt_1.5.20-9+squeeze2.diff.gz
mutt_1.5.20-9+squeeze2.dsc
to main/m/mutt/mutt_1.5.20-9+squeeze2.dsc
mutt_1.5.20-9+squeeze2_amd64.deb
to main/m/mutt/mutt_1.5.20-9+squeeze2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonathan Wiltshire <[email protected]> (supplier of updated mutt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 14 Dec 2011 20:55:08 +0000
Source: mutt
Binary: mutt mutt-patched mutt-dbg
Architecture: source amd64
Version: 1.5.20-9+squeeze2
Distribution: stable
Urgency: low
Maintainer: Antonio Radici <[email protected]>
Changed-By: Jonathan Wiltshire <[email protected]>
Description:
mutt - text-based mailreader supporting MIME, GPG, PGP and threading
mutt-dbg - debugging symbols for mutt
mutt-patched - the Mutt Mail User Agent with extra patches
Closes: 619216
Changes:
mutt (1.5.20-9+squeeze2) stable; urgency=low
.
* Non-maintainer upload.
* 619216-gnutls-CN-validation.patch: backport from unstable
Fixes the validation of the commonname in the gnutls code
(Closes: #619216)
Checksums-Sha1:
8b561fccadb19bfd47dde54c5b758ded6922838b 2095 mutt_1.5.20-9+squeeze2.dsc
c77994e9a5a8a3c617fa682335d6854ef71c169e 170393 mutt_1.5.20-9+squeeze2.diff.gz
21d7d6b436202f07edc694690b939e7efcc418b8 2082256
mutt_1.5.20-9+squeeze2_amd64.deb
761577bc23bb6018ebe4cadc490263d5e870068d 433558
mutt-patched_1.5.20-9+squeeze2_amd64.deb
21e780f3ac3c38775b396e9c4c132fad3557a31d 1431824
mutt-dbg_1.5.20-9+squeeze2_amd64.deb
Checksums-Sha256:
fbb558b4dea80d48c11c8029a581be2de8d81efbcad80f1c108350359e0520a1 2095
mutt_1.5.20-9+squeeze2.dsc
0c59b3f1380eb2341a04a4e36d0f038cdd8a671a7b00b3bcbee23ffd7f1bc5ae 170393
mutt_1.5.20-9+squeeze2.diff.gz
9ee52b1343661086bb6431f11e1cfde7c3e43e68f43a42dc9d72ffd4fa8d20e1 2082256
mutt_1.5.20-9+squeeze2_amd64.deb
06cfafd2ec6f618769432fbaac9a7f103a465aca7e972edd8d63c196cfce4af0 433558
mutt-patched_1.5.20-9+squeeze2_amd64.deb
d44dfd2f798e8b56b90b8d99896e93cc54144d1bbb41df28895a90a23c9f8125 1431824
mutt-dbg_1.5.20-9+squeeze2_amd64.deb
Files:
5d0a92065a8837bd6a9aaa151ed3ee94 2095 mail standard mutt_1.5.20-9+squeeze2.dsc
933eeb5970259a0ace4115b31167802d 170393 mail standard
mutt_1.5.20-9+squeeze2.diff.gz
09c1e211b582b45bbe100c527ef3b596 2082256 mail standard
mutt_1.5.20-9+squeeze2_amd64.deb
68daa9739220a9585e2812940202cd61 433558 mail extra
mutt-patched_1.5.20-9+squeeze2_amd64.deb
38e95083cd442d821990540c3aa3a05f 1431824 debug extra
mutt-dbg_1.5.20-9+squeeze2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBAgAGBQJO7nHVAAoJEFOUR53TUkxRUAsQAJ72LXcZEz1yPUZoGU4LFK1f
BukbFqyn4T0beTXKyXqMhfb/8NZ9dXC9d49weR0g5r/s2FLWC8zww+WgfESv2edc
xx1y7dpGPP4BXtpgSSiOsPMvIdbHJpeTTQCHGYY695H2CTFSyNWLFkCjlEWnzP/R
sZkF4MX1ibClHgcgmPzrojaXj3aaULEvFzWnnvaueDcQ9tupeENWJPswTZZA5hgq
GcdFb88sofnczt6WLKYjByhGawocCJ4gg33SdicLD5qgbtv+FrllX/pF+4Fabauf
hxAEHRKwoct1nfe/Ll7bq8j8X668yDs9c0haqFGdxavFVZ1nyMApfg3Xj3UqtRXg
MVmxHx13zPTfJqBUEkz5UtGnamY2M+2X+94ICowWoxUWnLPkMfeyqlRZ/YRvCkYE
sMMWW6Nz1mwWpseaSFbcgaaB6rdjDVoKIP0zYweJNhen5vUms5qAcsLdeCiFihri
siPKmvIHrtsJDDcfrpuvxXf7H1xL0+U8fSQlYTZ6oPyXLKLVDOcnavbRNgtCTRBN
R7JqPmGiNbmcacNqblhDgq7uQJlklY0C4m4ZeMTk/htK1TYi2IDlzOkvLh4BYVrE
SvtRjZi0ghEKtBDm3Pyvx7rABkG/c9Zigfb7KQhMYeROF2VESIA8LghPzPE6HCG5
x5xhq14A4WA+yK8QgFMB
=Dz9Z
-----END PGP SIGNATURE-----
--- End Message ---
