** Summary changed: - MIR fallout: libesmtp does not check NULL bytes in commonNames of certificates (variant of CVE-2009-2408) + [MIR] libesmtp
** Description changed: 1. Availability: amd64, armel, i386, ia64, powerpc, sparc 2. Rationale: The package helps meet - https://blueprints.edge.launchpad.net/ubuntu/+spec/server-lucid-cluster- - stack blueprint goal. Needed binary packages are libesmtp5 and libesmtp- - dev. + https://blueprints.edge.launchpad.net/ubuntu/+spec/server-maverick- + clusterstack blueprint goal. Needed binary packages are libesmtp5 and + libesmtp-dev. - 3. Security: 1 old CVE: CVE-2002-1090 + 3. Security: No CVEs. + Recent fix of "not check NULL bytes in commonNames of certificates" was issued in debian and already syncing into Ubuntu. 4. QA: 1 openssl/gnutls related bug in Debian, no bugs in Ubuntu. Upstream's last release was in 2005. URL: http://www.stafford.uklinux.net/libesmtp/ 5. UI standards: none 6. Dependencies: all in main 7. Standards: no lintian warnings. Package is packaged with debhelper and uses custom developed patch system. 8. Maintenance: simple package, syncs should be enough (there were no Ubuntu changes in package history) 9. Background information: this package is one of dependencies for new cluster stack in Ubuntu. ** Changed in: libesmtp (Ubuntu) Status: Incomplete => New ** Changed in: libesmtp (Ubuntu) Importance: Undecided => Wishlist -- [MIR] libesmtp https://bugs.launchpad.net/bugs/515996 You received this bug notification because you are a member of Ubuntu High Availability Team, which is a direct subscriber. Status in “libesmtp” package in Ubuntu: New Status in “libesmtp” package in Debian: Fix Released Bug description: 1. Availability: amd64, armel, i386, ia64, powerpc, sparc 2. Rationale: The package helps meet https://blueprints.edge.launchpad.net/ubuntu/+spec/server-maverick-clusterstack blueprint goal. Needed binary packages are libesmtp5 and libesmtp-dev. 3. Security: No CVEs. Recent fix of "not check NULL bytes in commonNames of certificates" was issued in debian and already syncing into Ubuntu. 4. QA: 1 openssl/gnutls related bug in Debian, no bugs in Ubuntu. Upstream's last release was in 2005. URL: http://www.stafford.uklinux.net/libesmtp/ 5. UI standards: none 6. Dependencies: all in main 7. Standards: no lintian warnings. Package is packaged with debhelper and uses custom developed patch system. 8. Maintenance: simple package, syncs should be enough (there were no Ubuntu changes in package history) 9. Background information: this package is one of dependencies for new cluster stack in Ubuntu. _______________________________________________ Mailing list: https://launchpad.net/~ubuntu-ha Post to : [email protected] Unsubscribe : https://launchpad.net/~ubuntu-ha More help : https://help.launchpad.net/ListHelp
