Your message dated Thu, 28 Nov 2013 22:17:24 +0000 with message-id <e1vm9tk-0001dg...@franck.debian.org> and subject line Bug#728232: fixed in sup-mail 0.12.1+git20120407.aaa852f-1+deb7u1 has caused the Debian Bug report #728232, regarding sup-mail: CVE-2013-4478 and CVE-2013-4479 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 728232: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728232 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: sup-mail Severity: grave Tags: security upstream patch fixed-upstream Hi A remote command injection in sup-mail was reported, see [0] and [1] for more details. Upstream also released new versions fixing this issue, see [3] for the diff between 0.13.2 and 0.13.2.1. [0] http://rubyforge.org/pipermail/sup-talk/2013-October/004996.html [1] http://seclists.org/fulldisclosure/2013/Oct/272 [2] http://article.gmane.org/gmane.comp.security.oss.general/11389 [3] https://github.com/sup-heliotrope/sup/compare/release-0.13.2...release-0.13.2.1 (A CVE was requested, in case it get assigned before of releasing a fix, please include the CVE in your changelog). Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: sup-mail Source-Version: 0.12.1+git20120407.aaa852f-1+deb7u1 We believe that the bug you reported is fixed in the latest version of sup-mail, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 728...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Per Andersson <avtob...@gmail.com> (supplier of updated sup-mail package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 23 Nov 2013 15:16:09 +0100 Source: sup-mail Binary: sup-mail Architecture: source all Version: 0.12.1+git20120407.aaa852f-1+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintain...@lists.alioth.debian.org> Changed-By: Per Andersson <avtob...@gmail.com> Description: sup-mail - thread-centric mailer with tagging and fast search Closes: 728232 Changes: sup-mail (0.12.1+git20120407.aaa852f-1+deb7u1) wheezy-security; urgency=high . * Fix remote code injection when viewing attachments, CVE-2013-4478 and CVE-2013-4479 (Closes: #728232) Checksums-Sha1: 4e4868401b7ab0912e39c612c1b2c47c1a5b2ff1 2361 sup-mail_0.12.1+git20120407.aaa852f-1+deb7u1.dsc f0d1db3c895dbb2981e6f6e3a80cca1bffb4a5e4 461958 sup-mail_0.12.1+git20120407.aaa852f.orig.tar.gz d1b510d19d03e6e320d08fa6b7a40ea3f7a25023 18371 sup-mail_0.12.1+git20120407.aaa852f-1+deb7u1.debian.tar.gz 44307aa9d864b5448894ae143e76c99995d88aa4 163432 sup-mail_0.12.1+git20120407.aaa852f-1+deb7u1_all.deb Checksums-Sha256: acb258fc3103e1e0069e9a8c1d9a6d96963c8d18e1d91af891171ac045150017 2361 sup-mail_0.12.1+git20120407.aaa852f-1+deb7u1.dsc c9f2c8327d0e8dd28058f148c663a62d7eda72f06c56e4dda128fca847b8327f 461958 sup-mail_0.12.1+git20120407.aaa852f.orig.tar.gz b5e84f02e4cc26e6f530627c5ec3732536bbdae0240af2fe0c5ca19b4b89387f 18371 sup-mail_0.12.1+git20120407.aaa852f-1+deb7u1.debian.tar.gz 1b85fcf33ffeb2cda38ff7cfb356484f0c54ec4e01e99e60bb401e280040c74e 163432 sup-mail_0.12.1+git20120407.aaa852f-1+deb7u1_all.deb Files: 714e8db92d009a22d4745cdd9628fcbd 2361 mail optional sup-mail_0.12.1+git20120407.aaa852f-1+deb7u1.dsc 1d4af91a34d208708e78eca46eed971b 461958 mail optional sup-mail_0.12.1+git20120407.aaa852f.orig.tar.gz 4fdc612b0351a46a7452c81bc6a7878a 18371 mail optional sup-mail_0.12.1+git20120407.aaa852f-1+deb7u1.debian.tar.gz 26312453026bdc11082f07a4f68aef3d 163432 mail optional sup-mail_0.12.1+git20120407.aaa852f-1+deb7u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBCgAGBQJSkmCnAAoJELGIrlV59JL4KgQP/RDdtd7vT+Ws6PlQD9eFoRot 02pJHAQZ0PLixfk5du9A4HHLzwgvt7pX6kSJOBwMPNz2WwktfcPFFSL9y2pSvlkr ffhLMXOWVcb3KQviPrPy0xwP++/9ZaFT1F96wL+1R87IqdXZMTUtXNyWOEvNfSvr Fy14RWdOgHDv8fjQkaXtyYhEF7/lyOjpedarV+/lj5dbE3oEctF0N0JaBtpqb6/8 PXViLo+Fp7yirbvb0P/3x/SiHTEIatcMJpX/CR3REZGbFc0YxGJGZZXK4UBsFmj5 21TJomjyWXJ4ZyFPAYiIJHusGkQ4b5Mm+aMADRhrDLNn0Jg+keZztNh+eC/CC95P u4nIEft1ByrAPzfzlxqdeFNsU7wLHvqKAXAcFxLcFY+HYyn9ptiYnpXujlG9DppO /ljRw6efYQPsavSrdn1vu1/U40Qi0lEH0YIrbjYxkhxh+iSpxE9jWjN6CusmDeMh yI02CR/YvcbsQyIhvvueoZXvh2oM+izdtbzvl/RJEBHVY48kZkryPD/EapGZJQ1a 3AeuI5sdaeF06r71SsMpqqdn8wvEmyfSoe6S3IX6aH8Qr4VZ+GJLDcwYxAXRudQA pBs0P7gSfQjc/DYbq0N5SoNpL8gNdvlSKMVjBpNLMTXWlKa4Es+k6KRmwUsuklzL fMmXgdZbHb50WH5rEfCZ =DNT5 -----END PGP SIGNATURE-----
--- End Message ---
