Debian Bug report logs -
#811048
claws-mail: CVE-2015-8708: Incomplete fix for CVE-2015-8614
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 15 Jan 2016 07:33:10 UTC
Severity: important
Tags: patch, security, upstream
Found in version claws-mail/3.13.1-1
Fixed in version claws-mail/3.13.1-1.1
Done: Salvatore Bonaccorso <carnil@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Ricardo Mones <mones@debian.org>
:
Bug#811048
; Package src:claws-mail
.
(Fri, 15 Jan 2016 07:33:14 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Ricardo Mones <mones@debian.org>
.
(Fri, 15 Jan 2016 07:33:14 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Source: claws-mail
Version: 3.13.1-1
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for claws-mail.
CVE-2015-8708[0]:
for incomplete fix for CVE-2015-8614
I'm attaching the patch made by Ben Hutchings for his upload to
squeeze-lts.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-8708
Regards,
Salvatore
[CVE-2015-8708.patch (text/x-diff, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Ricardo Mones <mones@debian.org>
:
Bug#811048
; Package src:claws-mail
.
(Fri, 15 Jan 2016 08:09:09 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Ricardo Mones <mones@debian.org>
.
(Fri, 15 Jan 2016 08:09:10 GMT) (full text, mbox, link).
Message #10 received at 811048@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: tags 811046 + patch
Hi
Find attached a proposed debdiff for the two issues #811046 and
#811048 in claws-mail.
I have not done any upload (to a delayed queue) yet.
Regards,
Salvatore
[claws-mail-3.13.1-1.1-nmu.diff (text/x-diff, attachment)]
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>
:
You have taken responsibility.
(Fri, 15 Jan 2016 12:09:15 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Fri, 15 Jan 2016 12:09:15 GMT) (full text, mbox, link).
Message #15 received at 811048-close@bugs.debian.org (full text, mbox, reply):
Source: claws-mail
Source-Version: 3.13.1-1.1
We believe that the bug you reported is fixed in the latest version of
claws-mail, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 811048@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated claws-mail package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 15 Jan 2016 08:46:03 +0100
Source: claws-mail
Binary: claws-mail claws-mail-dbg libclaws-mail-dev claws-mail-plugins claws-mail-spamassassin claws-mail-pgpmime claws-mail-pgpinline claws-mail-smime-plugin claws-mail-bogofilter claws-mail-i18n claws-mail-doc claws-mail-tools claws-mail-extra-plugins claws-mail-acpi-notifier claws-mail-address-keeper claws-mail-archiver-plugin claws-mail-attach-remover claws-mail-attach-warner claws-mail-bsfilter-plugin claws-mail-clamd-plugin claws-mail-fancy-plugin claws-mail-feeds-reader claws-mail-fetchinfo-plugin claws-mail-gdata-plugin claws-mail-libravatar claws-mail-newmail-plugin claws-mail-mailmbox-plugin claws-mail-managesieve claws-mail-multi-notifier claws-mail-tnef-parser claws-mail-perl-filter claws-mail-pdf-viewer claws-mail-python-plugin claws-mail-spam-report claws-mail-vcalendar-plugin
Architecture: source
Version: 3.13.1-1.1
Distribution: unstable
Urgency: medium
Maintainer: Ricardo Mones <mones@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 811046 811048
Description:
claws-mail - Fast, lightweight and user-friendly GTK+2 based email client
claws-mail-acpi-notifier - Laptop's Mail LED control for Claws Mail
claws-mail-address-keeper - Address keeper plugin for Claws Mail
claws-mail-archiver-plugin - Archiver plugin for Claws Mail
claws-mail-attach-remover - Mail attachment remover for Claws Mail
claws-mail-attach-warner - Missing attachment warnings for Claws Mail
claws-mail-bogofilter - Bogofilter plugin for Claws Mail
claws-mail-bsfilter-plugin - Spam filtering using bsfilter for Claws Mail
claws-mail-clamd-plugin - ClamAV socket-based plugin for Claws Mail
claws-mail-dbg - Debug symbols for Claws Mail mailer
claws-mail-doc - User documentation for Claws Mail mailer
claws-mail-extra-plugins - Extra plugins collection for Claws Mail
claws-mail-fancy-plugin - HTML mail viewer using GTK+2 WebKit
claws-mail-feeds-reader - Feeds (RSS/Atom) reader plugin for Claws Mail
claws-mail-fetchinfo-plugin - Add X-FETCH headers plugin for Claws Mail
claws-mail-gdata-plugin - Access to GData (Google services) for Claws Mail
claws-mail-i18n - Locale data for Claws Mail (i18n support)
claws-mail-libravatar - Display sender avatar from a libravatar server
claws-mail-mailmbox-plugin - mbox format mailboxes handler for Claws Mail
claws-mail-managesieve - manage Sieve filters with Claws Mail
claws-mail-multi-notifier - Various new mail notifiers for Claws Mail
claws-mail-newmail-plugin - New mail logger plugin for Claws Mail
claws-mail-pdf-viewer - PDF and PostScript attachment viewer for Claws Mail
claws-mail-perl-filter - Message filtering plugin using perl for Claws Mail
claws-mail-pgpinline - PGP/inline plugin for Claws Mail
claws-mail-pgpmime - PGP/MIME plugin for Claws Mail
claws-mail-plugins - Installs plugins for the Claws Mail mailer
claws-mail-python-plugin - Python plugin and console for Claws Mail
claws-mail-smime-plugin - S/MIME signature/encryption handling for Claws Mail
claws-mail-spam-report - Spam reporting plugin for Claws Mail
claws-mail-spamassassin - SpamAssassin plugin for Claws Mail
claws-mail-tnef-parser - TNEF attachment handler for Claws Mail
claws-mail-tools - Helper and utility scripts for Claws Mail mailer
claws-mail-vcalendar-plugin - vCalendar message handling plugin for Claws Mail
libclaws-mail-dev - Development files for Claws Mail plugins
Changes:
claws-mail (3.13.1-1.1) unstable; urgency=medium
.
* Non-maintainer upload (with maintainer approval).
* Add fix-bug-3584-After-3.13.1-characters-in-some-Japanes.patch.
Fixes "Characters in some Japanese codec are never correctly converted
to internal ones". (Closes: #811046)
* Add CVE-2015-8708.patch.
CVE-2015-8708: Incomplete fix for CVE-2015-8614. Adjusts and comments
range checks in JP text conversions.
Thanks to Ben Hutchings <ben@decadent.org.uk> (Closes: #811048)
Checksums-Sha1:
aee63cc874aa6e5b89f7d6a6cba91d1d89392e87 5091 claws-mail_3.13.1-1.1.dsc
cace0336cbd978fee65dbd66fd1eebd2f9cef14d 45088 claws-mail_3.13.1-1.1.debian.tar.xz
Checksums-Sha256:
6198aeade3adc3af435bb6dcb3cb90d784cf51849ca27cdcbb47acadc1ffcb17 5091 claws-mail_3.13.1-1.1.dsc
a28fbe8e6cf131fe5cb2dab2ce3f98d402929427704f1f7dd491f69e83c67427 45088 claws-mail_3.13.1-1.1.debian.tar.xz
Files:
99e8594ec61666a08271097adc4e5ee0 5091 mail optional claws-mail_3.13.1-1.1.dsc
c7d49711e3b5a99c13c23bca80e19e3a 45088 mail optional claws-mail_3.13.1-1.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWmNlUAAoJEAVMuPMTQ89EB1EP/AqjYhCCL2WBDrnqVObmkfEs
RgXCNLxu3P3UQtur0kRKPxpfDIp7nuScQ5AVBGQuUVZtTrgnyODb7L74zbCJXmiG
xg0UfSsNQDkRKS/hk3ev5WA8OEA6tYurBS/rL2ZIXIbReBNildEjh754+Q3V+fQ7
OGI/o1DCFSRIGZWIxbz28QqiBqGp4kTOf0GrCoY4sGi4NW/GnCfsLpc55tQ0bGvH
R4UKox6xFkxwwa3OCTtwWSaB+M8uL70sBOR2WZP8FDxBRmtJvrc6MIkkjcidTDfK
Coe4qg/dDKKNqz7sba+u79mVVPt0cgz5R4LCWNyWrff7KScoiYu49RvKY9a1zHOg
y0J+GBXn9uFdmGhuercJIuIiRZvJyTl4HzaOqX7t9xDiDu4mnU4K58gAwHm5uoom
57dccEqMbZY3k7MvU4CZLmIujuFyMkKgoKjd93CrMaVlCxZHrUyo+RdiK96TpYWY
MZNEmzF61nqVzl8o/32D7BEMcl1TO6dFGbyPyPLzPPtaU0Gyrk5x/Jt9trvtGMjM
ehijqItfDNst3eyq/6QmF54u6Ja1BqK5p2bKuf+HJOJjfmQ60hOBGgQKNEHNKO+H
0nj73yulOfemP0LfF++RJLNtt1OKw8WNCxhAEl/eU0ZTCK1NjbScVshqv3p6tLqs
yOl8txjlUQ1bLj/X/wXO
=QNQQ
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Tue, 01 Mar 2016 07:34:43 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:02:32 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.