Your message dated Tue, 30 May 2017 23:18:52 +0000
with message-id <[email protected]>
and subject line Bug#862151: fixed in libetpan 1.6-3
has caused the Debian Bug report #862151,
regarding libetpan: CVE-2017-8825
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
862151: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862151
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libetpan
Version: 1.6-2
Severity: important
Tags: upstream patch security
Forwarded: https://github.com/dinhviethoa/libetpan/issues/274
Hi,
the following vulnerability was published for libetpan.
CVE-2017-8825[0]:
| A null dereference vulnerability has been found in the MIME handling
| component of LibEtPan before 1.8, as used in MailCore and MailCore 2. A
| crash can occur in low-level/imf/mailimf.c during a failed parse of a
| Cc header containing multiple e-mail addresses.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-8825
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8825
[1] https://github.com/dinhviethoa/libetpan/issues/274
[2]
https://github.com/dinhviethoa/libetpan/commit/1fe8fbc032ccda1db9af66d93016b49c16c1f22d
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libetpan
Source-Version: 1.6-3
We believe that the bug you reported is fixed in the latest version of
libetpan, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ricardo Mones <[email protected]> (supplier of updated libetpan package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 30 May 2017 10:16:19 +0200
Source: libetpan
Binary: libetpan17 libetpan-dev libetpan-doc libetpan-dbg
Architecture: source amd64 all
Version: 1.6-3
Distribution: unstable
Urgency: high
Maintainer: Ricardo Mones <[email protected]>
Changed-By: Ricardo Mones <[email protected]>
Description:
libetpan-dbg - debugging symbols for libetpan
libetpan-dev - mail handling library - development files
libetpan-doc - mail handling library - API documentation
libetpan17 - mail handling library
Closes: 862151
Changes:
libetpan (1.6-3) unstable; urgency=high
.
* patches/fix-CVE-2017-8825.diff, patches/series
- Add upstream patch to fix CVE-2017-8825 (Closes: #862151)
* control
- Homepage: point to library's own page
Checksums-Sha1:
7e517da63e015ac986978fdce04dfa46158ac3e7 2230 libetpan_1.6-3.dsc
ed7dd13873f3dd827d4e3110d3d2b36362414d34 21916 libetpan_1.6-3.debian.tar.xz
0c4ce0a1fbe6e7d6de0bed17de6b330487d0de47 1178536 libetpan-dbg_1.6-3_amd64.deb
e3825b560238aa375a3eed807fac7927feefcfb8 388402 libetpan-dev_1.6-3_amd64.deb
143d97768d67c465ad014f2f36abc949b03a7356 103996 libetpan-doc_1.6-3_all.deb
db61facb45affab0682e21e468b1a6b2479cdbdf 305474 libetpan17_1.6-3_amd64.deb
184606e8d0bc6062b7f3bd2becb2d1af440f244a 7670 libetpan_1.6-3_amd64.buildinfo
Checksums-Sha256:
c6e05a58f890235d691db36adf1d7bc805ab34a452ef56d55aa9bab131524f72 2230
libetpan_1.6-3.dsc
6c3d0b28f0c314201562522fba62e287c11b61b0a49e242d3b91c53e19cc894f 21916
libetpan_1.6-3.debian.tar.xz
3e87ceff542d3b45cfd463799900ca00bd717a291db83a68ecbed85feb41b163 1178536
libetpan-dbg_1.6-3_amd64.deb
8a0e54709a74f4b92cd7932d48beb9426cd73e66fd25f82615c8dca02c76f257 388402
libetpan-dev_1.6-3_amd64.deb
b362f5ed0edb6c9cb11b88d46c09971a2fd227afba3ad47ee14d4f48bd06b4e1 103996
libetpan-doc_1.6-3_all.deb
436201d08cbc46f2519b3cc0368370071c83bcf9814b0321cef9c69fd622d966 305474
libetpan17_1.6-3_amd64.deb
7010a0a1b58d594e28868b99a364ee61a035b16ec4c5ade6955a7cd3817517b3 7670
libetpan_1.6-3_amd64.buildinfo
Files:
5780f097980f1a05b016ffcfa3ed0ed4 2230 mail optional libetpan_1.6-3.dsc
5d1c416e70f0215e51ae83998d8d084e 21916 mail optional
libetpan_1.6-3.debian.tar.xz
43ed794676e08769cbfdf3d8bf9b601e 1178536 debug extra
libetpan-dbg_1.6-3_amd64.deb
ee7e9583deacdc528970f8429b546213 388402 libdevel extra
libetpan-dev_1.6-3_amd64.deb
52ca503fd88d51d640574833195893d9 103996 doc optional libetpan-doc_1.6-3_all.deb
518b07c76e823cd4fa75c405843d5d4a 305474 libs optional
libetpan17_1.6-3_amd64.deb
32aa7fd44e8234c8de6efcfee33f0eff 7670 mail optional
libetpan_1.6-3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEQ7w2SxbfDCBevXWSHw8KiN5bzKYFAlktQuEACgkQHw8KiN5b
zKZisQ/9GrYO8MLAV53m+vlENU3hhFI2Kd1V7r5UvyKI5Cl8J9NpnVqkFJ84VUXo
ffEMFC61E/W1l5kQ20KCkdw+PG6rLFtsrtPnIuB+GLxRm1w/xDeT5gn400RNptpU
I6e2FP+y/rW5prvmqDyx4sGuFcnL+N/A4vxLZdmfPF5wrgWp0POyuN3tSeIgEiPY
6KwQN/0dL38ZS4otB8maOHlKPwYgsoEu5ND9XH/aaDcj/ps8YuTFdLKEjKzRl5oM
MRMCgIAcfZM6UkRJps/JSGSE3tnUdRPegnK/7LzfRjy8iNPPIxaI/kBCrzv3Exyc
jBXEVd//MKtZEiIexZHMEJ1JMKAejZiKOqhoFJePrqvImNKzTBb3JZHDvT+c+Ooy
393VXpCZMy77rZEpFM0K/QcqYTFc3338JgCsOBxg+mtyiM400RkUvPvPnCriej2v
ekByeXYTHDP6f7zgIJRq8DVdXAESYIcgWs16FQsRvs9+YAPOlRN9iJdR3SvIj+CO
nrvZ6barP43KTIBC74Nfs9GtFyZZk2eBYjMm8Qjq3ICF2eGTLRmH7AsCqhct/gDn
VmC/GkWBjiQUp/RN1Gk+p8TBpfM1FOrwvl7sHBge44PMsqXfGHiUSmri6aHlLVZ/
3sYgh7qXpOnYcBM/r8EHBdIh4GP5iXFebrARORNxJuagyO5aZ64=
=LvPy
-----END PGP SIGNATURE-----
--- End Message ---
