Bug#701586: marked as done (git: CVE-2013-0308: Incorrect IMAP server's SSL x509.v3 certificate validation)

Sun, 24 Feb 2013 16:24:17 -0800 

Your message dated Sun, 24 Feb 2013 16:21:12 -0800
with message-id <[email protected]>
and subject line Re: git: CVE-2013-0308: Incorrect IMAP server's SSL x509.v3 
certificate validation
has caused the Debian Bug report #701586,
regarding git: CVE-2013-0308: Incorrect IMAP server's SSL x509.v3 certificate 
validation
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
701586: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701586
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: git
Version: 1:1.7.10.4-2
Severity: important
Tags: security patch

Hi,

the following vulnerability was published for git.

CVE-2013-0308[0,1]:
Incorrect IMAP server's SSL x509.v3 certificate validation in git-imap-send 
command

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

Upstream commit is [1] (not checked if complete).

For further information see:

[0] http://security-tracker.debian.org/tracker/CVE-2013-0308
[1] http://marc.info/?l=git&m=136134619013145&w=2
[2] 
https://github.com/gitster/git/commit/0ee7198f457c8ea031b09b528cfd88f0f0e630d8

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
notfound 701586 git/1:1.7.10.4-2
notfound 701586 git/1:1.7.2.5-3
notfound 701586 git/1:1.7.10.4-1+wheezy1
quit

Hi Salvatore,

Salvatore Bonaccorso wrote:

> CVE-2013-0308[0,1]:
> Incorrect IMAP server's SSL x509.v3 certificate validation in git-imap-send 
> command

git imap-send in Debian does not actually support SSL at all yet
(which is even worse, but expected), so there's nothing to do.
Therefore closing.  See <http://bugs.debian.org/434599>.

Please don't hesitate to reopen if I've made a mistake, though.

Thanks for reporting,
Jonathan

--- End Message ---

Reply via email to