Bug#864800: marked as done (Mail::DeliveryStatus::BounceParser contains a live virus and some real spam/phishing mails)

[Debian Bug Tracking System]

Your message dated Fri, 02 Nov 2018 22:02:09 +0000
with message-id <e1gihw5-000fg5...@fasolo.debian.org>
and subject line Bug#864800: fixed in libmail-deliverystatus-bounceparser-perl 
1.542+repacked-1~deb9u1
has caused the Debian Bug report #864800,
regarding Mail::DeliveryStatus::BounceParser contains a live virus and some 
real spam/phishing mails
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
864800: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864800
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: libmail-deliverystatus-bounceparser-perl
Version: 1.531-1
Severity: serious
X-Debbugs-CC: Ricardo Signes <r...@cpan.org>
Control: forwarded -1 Ricardo Signes <r...@cpan.org>
Control: found -1 1.536-1
Control: found -1 1.542-1
User: debian-ad...@lists.debian.org
Usertags: needed-by-DSA-Team

The Mail::DeliveryStatus::BounceParser source contains a live virus and
some real spam/phishing mails. This is leading to Netcraft and other
virus detection systems on the Internet reporting Debian mirrors as
malicious, which potentially reduces the reputation of debian.org on
various anti-spam and anti-malware services. Please fix this in
upstream git, with a new release on CPAN and in all Debian suites.

https://incident.netcraft.com/w/b0d11ab53944/
https://incident.netcraft.com/w/ffb6f95e5301/

To fix this you will need to strip the account-password.zip attachment
from t/corpus/virus-caused-multiple-weird-reports.msg and if possible
strip the phishing/spam content from the other files, while ensuring
that the tests still pass despite changes to the corpus but that the
new files in the corpus do not trip any anti-virus checkers:

https://www.virustotal.com/

$ clamdscan --fdpass --infected | sed "s|`pwd`/||"
t/corpus/virus-caused-multiple-weird-reports.msg: Win.Worm.Mytob-331 FOUND
t/corpus/spam-with-badly-parsed-email.msg: 
Sanesecurity.Phishing.Ivt.6456.UNOFFICIAL FOUND
t/corpus/spam-lots-of-bogus-addresses.msg: Sanesecurity.Spam.8684.UNOFFICIAL 
FOUND

----------- SCAN SUMMARY -----------
Infected files: 3
Time: 0.087 sec (0 m 0 s)

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

signature.asc
Description: This is a digitally signed message part

--- End Message ---

--- Begin Message ---

Source: libmail-deliverystatus-bounceparser-perl
Source-Version: 1.542+repacked-1~deb9u1

We believe that the bug you reported is fixed in the latest version of
libmail-deliverystatus-bounceparser-perl, which is due to be installed in the 
Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 864...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Xavier Guimard <y...@debian.org> (supplier of updated 
libmail-deliverystatus-bounceparser-perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 08 Oct 2018 06:57:36 +0200
Source: libmail-deliverystatus-bounceparser-perl
Binary: libmail-deliverystatus-bounceparser-perl
Architecture: source all
Version: 1.542+repacked-1~deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org>
Changed-By: Xavier Guimard <y...@debian.org>
Description:
 libmail-deliverystatus-bounceparser-perl - module for analyzing bounce messages
Closes: 864800
Changes:
 libmail-deliverystatus-bounceparser-perl (1.542+repacked-1~deb9u1) stretch; 
urgency=medium
 .
   * Team upload
   * Repack excluding viruses found by uscan (Closes: #864800)
Checksums-Sha1:
 605b58219ffcb0e7740adffb4e81c1a85e3e117d 2611 
libmail-deliverystatus-bounceparser-perl_1.542+repacked-1~deb9u1.dsc
 51a846124bd138510f11c05b493625c100db7f57 134689 
libmail-deliverystatus-bounceparser-perl_1.542+repacked.orig.tar.gz
 82429dbc1e3605938f4eb54d5e215ace1b2212cc 2952 
libmail-deliverystatus-bounceparser-perl_1.542+repacked-1~deb9u1.debian.tar.xz
 adb2aced2e8c8306d60f661d8379102c39f06036 24790 
libmail-deliverystatus-bounceparser-perl_1.542+repacked-1~deb9u1_all.deb
 743cb118d4b7bc83df2893acd6496432f3e379ee 6493 
libmail-deliverystatus-bounceparser-perl_1.542+repacked-1~deb9u1_amd64.buildinfo
Checksums-Sha256:
 a78387376fef70a82a80fb679caee20e8ac143a03f89218642ee0e1eca202297 2611 
libmail-deliverystatus-bounceparser-perl_1.542+repacked-1~deb9u1.dsc
 d24c5032ca6caf9fdd42b93747280e02f8bb2b212b9be32e54e2e6d2d2fb2b90 134689 
libmail-deliverystatus-bounceparser-perl_1.542+repacked.orig.tar.gz
 06b531967f51f4fcee384e3c505e666f481da63d786a22ca0680eb408a27bca8 2952 
libmail-deliverystatus-bounceparser-perl_1.542+repacked-1~deb9u1.debian.tar.xz
 6028dd9d7c7eceda1eebb24915dda5dc58dd0d3f378f8e6841b1c464f798b0bf 24790 
libmail-deliverystatus-bounceparser-perl_1.542+repacked-1~deb9u1_all.deb
 183db37d9b8ad2f9a22219e0f429426d18800a6a67f80dad7174cc53ad06d79a 6493 
libmail-deliverystatus-bounceparser-perl_1.542+repacked-1~deb9u1_amd64.buildinfo
Files:
 7114fefde38e16a5d871a3343dc49af3 2611 perl optional 
libmail-deliverystatus-bounceparser-perl_1.542+repacked-1~deb9u1.dsc
 cda9de7ffe9c3fde0b558c3bf1c2354a 134689 perl optional 
libmail-deliverystatus-bounceparser-perl_1.542+repacked.orig.tar.gz
 ba0030aa45b5bf7f4ff2fa5b6e0edc07 2952 perl optional 
libmail-deliverystatus-bounceparser-perl_1.542+repacked-1~deb9u1.debian.tar.xz
 93fc2b15be2b32e3cd621c2df02e367b 24790 perl optional 
libmail-deliverystatus-bounceparser-perl_1.542+repacked-1~deb9u1_all.deb
 43b7bc8c1c9e5415a9bf91c567c0ae14 6493 perl optional 
libmail-deliverystatus-bounceparser-perl_1.542+repacked-1~deb9u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCgAuFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAlvbdSYQHHlhZGRAZGVi
aWFuLm9yZwAKCRD210ynyZnu6ad6D/0X1Fvuew6CwGLfwxW2xczTO7cRJDMTvM7M
djJtg6PVq5/nmY45xViIkcYcdbEs47i3mZyOMii+qd6t1xPuMXxqlyqjofHJKWMV
Vgf5/CUmaE8s5+4rgMGGVaVJdbOMVzl9C4vB0/gV+tScdqTDxsWYlR/rymt7Gko+
PF1JwJI1ie4WITP/49B0pKwp7jJ66nbbaYW8TqTkbS9HTjP4vE9++n3pW51An1TK
qzU/EtojeI0+NQm051rYRxZ4jH6QI+jD2RbCCP/XGs465PiaUEds8+rIopeBCOcx
yjx80MnUAgJib79lODhKmOGayni7udWGIX/fNWI+D0h4aEK5lGThLff/AZpQXuYz
dj2VHL0NNCY7zNmiuYJhacZ1D7M0PbBF0kPfCjsCIS5pXZkXHKJVinwa9Q0faitp
HDnwWIH+whMrqm+jVLqKMZ7v6uuMQmIosOu46D1zGjqNIK5R+2Rwh9VtKI84YY6v
oHX8kTCkmavlPanvjZ37UAlDOeHKSv1BG+7ePcN1rYNpNS1oq4F+kJjb9tcMVHAa
1RnIT7nb1u1ztqXnu2SXz4EovdVulocuwAk2IqLX0LYHhTsYf1KPmgCMc6mWB5vR
ei23+43WcJ5mLUxxTaacNivCiJ+jvN6j2zM+Fu5zBlp2bC4HpgsfqfkyDOiC9EeL
jkUwNqgfVA==
=fv5U
-----END PGP SIGNATURE-----

--- End Message ---