Bug#804457: marked as done (imapfilter: Uses SSLv3 method)

Wed, 16 Dec 2015 05:51:28 -0800 

Your message dated Wed, 16 Dec 2015 13:49:16 +0000
with message-id <[email protected]>
and subject line Bug#804457: fixed in imapfilter 1:2.6.4-1
has caused the Debian Bug report #804457,
regarding imapfilter: Uses SSLv3 method
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
804457: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804457
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: imapfilter
Version: 1:2.6.2-1
Severity: serious
Control: block 797926 by -1

Hi,

In imapfilter.c you set things up like this:
        ssl3ctx = SSL_CTX_new(SSLv3_client_method());
        ssl23ctx = SSL_CTX_new(SSLv23_client_method());
        tls1ctx = SSL_CTX_new(TLSv1_client_method());
#if OPENSSL_VERSION_NUMBER >= 0x01000100fL
        tls11ctx = SSL_CTX_new(TLSv1_1_client_method());
        tls12ctx = SSL_CTX_new(TLSv1_2_client_method());
#endif


And then in socket.c you have things like:
        if (!ssn->sslproto) {
                ctx = ssl23ctx;
        } else if (!strcasecmp(ssn->sslproto, "ssl3")) {
                ctx = ssl3ctx;
        } else if (!strcasecmp(ssn->sslproto, "tls1")) {
                ctx = tls1ctx;
        } else if (!strcasecmp(ssn->sslproto, "tls1.1")) {
#if OPENSSL_VERSION_NUMBER >= 0x01000100fL
                ctx = tls11ctx;
#else
                ctx = tls1ctx;
#endif
        } else if (!strcasecmp(ssn->sslproto, "tls1.2")) {
#if OPENSSL_VERSION_NUMBER >= 0x01000100fL
                ctx = tls12ctx;
#else
                ctx = tls1ctx;
#endif
        } else {
                ctx = ssl23ctx;
        }


I have just removed the SSLv3_* methods in unstable.  You could
use OPENSSL_NO_SSL3 to remove the code making use of the SSLv3_*
methods.  But I suggest you get rid of all of this and just use
the SSLv23_* method.

The SSLv23_* methods are the only ones that support multiple
versions.  The plan is for all the others to go away because they
only support 1 version.

If you want to support selecting versions I suggest you use
SSL_set_options() with things like SSL_OP_NO_SSLv3.


Kurt

--- End Message ---
--- Begin Message --- 
Source: imapfilter
Source-Version: 1:2.6.4-1

We believe that the bug you reported is fixed in the latest version of
imapfilter, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sylvestre Ledru <[email protected]> (supplier of updated imapfilter package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 16 Dec 2015 14:09:22 +0100
Source: imapfilter
Binary: imapfilter
Architecture: source amd64
Version: 1:2.6.4-1
Distribution: unstable
Urgency: medium
Maintainer: Francesco Paolo Lovergine <[email protected]>
Changed-By: Sylvestre Ledru <[email protected]>
Description:
 imapfilter - filter mail in your IMAP account
Closes: 804457
Changes:
 imapfilter (1:2.6.4-1) unstable; urgency=medium
 .
   * New upstream release
   * Remove the usage of SSLv3. Thanks to Andy Whitcroft for the patch
     (Closes: #804457)
Checksums-Sha1:
 c32985a741d50bcec600e2fb75ad20057e144bfc 1960 imapfilter_2.6.4-1.dsc
 9976ecd63b149787279a4641e332df75c611954a 56920 imapfilter_2.6.4.orig.tar.gz
 f1b124eaba894c366837f994889309f70a99eb3c 5176 imapfilter_2.6.4-1.debian.tar.xz
 688a1e2d683e3db0f1a6e005a21895b905ed94d8 59410 imapfilter_2.6.4-1_amd64.deb
Checksums-Sha256:
 ddf993271ef7b1c310c9b35fe414b31a9f5d1a49173dec126d348ca81217cccb 1960 
imapfilter_2.6.4-1.dsc
 ab29faab15a5b9ac616bfca65114c5067a3a26b7b32e2a70c32eb12ac1f16c1e 56920 
imapfilter_2.6.4.orig.tar.gz
 ff93ca871eb63b41743feaf8acca625af13773a829581a937767f5f43186c446 5176 
imapfilter_2.6.4-1.debian.tar.xz
 19594ca0c51ec17c768449f2f7be01ce98fbc012e435b9e6015852c8fae93200 59410 
imapfilter_2.6.4-1_amd64.deb
Files:
 dbba460668ca13e2649ccd4916a78071 1960 mail optional imapfilter_2.6.4-1.dsc
 11e79e4afae17489ec53c35a1aed90b8 56920 mail optional 
imapfilter_2.6.4.orig.tar.gz
 2df4fdd76d5cef4e7533662b4b681d7e 5176 mail optional 
imapfilter_2.6.4-1.debian.tar.xz
 ddd2bb2f1296e0eded0dd25aa4773447 59410 mail optional 
imapfilter_2.6.4-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWcWp6AAoJEH5lKNp1Lxvh3y4P/iVfkz1qvKjR/W3miyTk/mWE
Y2FgAxpIZIpdbmKoYZZAZv4W0Vi8OiXIMp3ceTXvcYUYZTjLIbYMwClZEyCD/5wd
PrLjxF3T2uh7ym/D0kDsB090dQCYXxnGruz7ggRbgRLsY7kiUJZ4+yUE/mOehIWN
9Pv+tEEkiqXJB5xOqXjCBE4F6DrepoXlatf+/RdV0LZPzpGOeA7N64tWRPd82Q3o
X9lrpT/9pvwHtcGWF1p6F+d/IkWY1zNFXxY23Z4mz041qYscgU9hQnshcCV8pYne
TDAMXpBC6VorLUhMW7k5f9AGhOkE+JVPwESZbvIEJx22tSrfwSNsr+Pp3gwct1k/
s1bgdqffOq9JmSV1cnxZlX2Hrq7j3R7t35XI3kbMCtbmr1mt1fqTAX5oT6WmFHZ1
WAVpdYLkcyt/bf7Q3bhvhXZwfkBn9C/HIQAIqs9eo6K/CMLWU/tJo6RYm5u0ROP2
wFb4rEsrpf6Q6YDFtGxDUPGUTXNIIWSg06J1gspbbLTQh2D1jCJ35GbbUpC9uFDU
/T7vrk9sfev6hmAIQ3zyv+z/jV8CcV7rRTECyI1SUJTCyCoiUJVIcWOFMsf+SMfp
WnheK06Kuoj7+JJanSjjhq9CfxoyK2xhWN/mldlHOy66nd+/fxrJJ+hvQUdddwzt
Tv5SijqDAzjaANVWAglI
=MfIz
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to