Your message dated Mon, 14 Nov 2011 11:21:05 +0000
with message-id <[email protected]>
and subject line Re: Bug#645327: CVE-2011-3481: Denial of service
has caused the Debian Bug report #645327,
regarding CVE-2011-3481: Denial of service
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
645327: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645327
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: cyrus-imapd-2.2
Severity: grave
Tags: security
Hi,
please see for details and a patch:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3481
http://bugzilla.cyrusimap.org/show_bug.cgi?id=2772
http://bugzilla.cyrusimap.org/show_bug.cgi?id=3463
This is already fixed in Cyrus 2.4. BTW, you said that only Cyrus 2.2 will be
shipped with
Wheezy. Maybe Cyrus 2.2 should be removed from sid rather sooner than later,
then?
Cheers,
Moritz
-- System Information:
Debian Release: 5.0.1
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.32-ucs44-amd64
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
--- End Message ---
--- Begin Message ---
Package: cyrus-imapd-2.2
Version: 2.4.12-1
On Fri, Oct 14, 2011 at 04:26:25PM +0200, Ondřej Surý wrote:
> I am quite confused by our archive, because all cyrus-imapd-2.2
> packages were replaced by transitional packages built from
> cyrus-imapd-2.4, so there is no real -2.2 package in the unstable
> right now.
>
> I filled a RM bug to fix the leftovers:
>
> ondrej@ries:~$ dak rm -n cyrus-imapd-2.2
> Working... done.
> Will remove the following packages from unstable:
>
> cyrus-admin-2.2 | 2.2.13p1-15 | all
> cyrus-doc-2.2 | 2.2.13p1-15 | all
> cyrus-imapd-2.2 | 2.2.13p1-15 | source
This seems to have been done. However, the versions of cyrus-imapd-2.4
that start to deliver these transitional packages were held out of
testing because this bug remained open. I think what happened is that
the BTS processed your mail to 645327-done@ with a Version:
pseudo-header marking the bug as fixed, but then processed the CC to
submit@ and interpreted the same pseudo-header as indicating that the
bug was found in that same version; hence the rather confusing message
found at http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=17;bug=645327.
This mail, which is *not* CCed to submit@ or 645327@ but only sent to
645327-done@, should close the bug properly, allowing cyrus-imapd-2.4 to
propagate to testing.
Cheers,
--
Colin Watson [[email protected]]
--- End Message ---
_______________________________________________
Pkg-Cyrus-imapd-Debian-devel mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-cyrus-imapd-debian-devel
