[Evolution] Bug#290291: marked as done (evolution: Evolution does
not authenticate using MD5 methods (DIGEST/CRAM) and remains
plaintext)
Debian Bug Tracking System
owner at bugs.debian.org
Mon Oct 10 09:03:16 UTC 2005
Your message dated Mon, 10 Oct 2005 10:52:12 +0200
with message-id <20051010085212.GA16145 at bugs.debian.org>
and subject line Fixed in NMU of evolution 2.0.3-1.2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 13 Jan 2005 12:24:50 +0000
>From blancher at cartel-securite.fr Thu Jan 13 04:24:50 2005
Return-path: <blancher at cartel-securite.fr>
Received: from spoutnik.cartel-securite.net [194.3.136.16] (root)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cp41x-0002mL-00; Thu, 13 Jan 2005 04:24:50 -0800
Received: from anduril.intranet.cartel-securite.net (APuteaux-115-2-1-48.w193-251.abo.wanadoo.fr [193.251.40.48])
(authenticated bits=0)
by spoutnik.cartel-securite.net (8.12.9/8.12.9) with ESMTP id j0DCOiAK021449
(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK);
Thu, 13 Jan 2005 13:24:45 +0100
X-Authentication-Warning: spoutnik.cartel-securite.net: Host APuteaux-115-2-1-48.w193-251.abo.wanadoo.fr [193.251.40.48] claimed to be anduril.intranet.cartel-securite.net
Received: by anduril.intranet.cartel-securite.net (MTA, from userid 1000)
id C312B37464; Thu, 13 Jan 2005 13:24:52 +0100 (CET)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Cedric Blancher <blancher at cartel-securite.fr>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Subject: evolution: Evolution does not authenticate using MD5 methods (DIGEST/CRAM)
and remains plaintext
X-Mailer: reportbug 3.5
Date: Thu, 13 Jan 2005 13:24:52 +0100
Message-Id: <20050113122452.C312B37464 at anduril.intranet.cartel-securite.net>
X-Scanned-By: MIMEDefang 2.43
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: evolution
Version: 2.0.3-1.1
Severity: grave
Justification: user security hole
Since yesterday's sid update, my Evolution only authenticate using
plaintext login/password, whether you choose NTLM, DIGEST-MD5 or
CRAM-MD5, introducing a security issue on non SSL accounts and denial of
access on servers refusing plaintext authentications.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.9
Locale: LANG=fr_FR at euro, LC_CTYPE=fr_FR at euro (charmap=ISO-8859-15)
Versions of packages evolution depends on:
ii evolution-data-server 1.0.3-2 evolution database backend server
ii gconf2 2.8.1-4 GNOME configuration database syste
ii gnome-icon-theme 2.8.0-1 GNOME Desktop icon theme
ii gtkhtml3.2 3.2.4-1 HTML rendering/editing library - b
ii libart-2.0-2 2.3.16-6 Library of functions for 2D graphi
ii libatk1.0-0 1.8.0-4 The ATK accessibility toolkit
ii libaudiofile0 0.2.6-5 Open-source version of SGI's audio
ii libbonobo2-0 2.8.0-4 Bonobo CORBA interfaces library
ii libbonoboui2-0 2.8.0-2 The Bonobo UI library
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
ii libcompfaceg1 1989.11.11-24 Compress/decompress images for mai
ii libdb4.2 4.2.52-17 Berkeley v4.2 Database Libraries [
ii libebook8 1.0.3-2 Client library for evolution addre
ii libecal6 1.0.3-2 Client library for evolution calen
ii libedataserver3 1.0.3-2 Utily library for evolution data s
ii libegroupwise6 1.0.3-2 Client library for accessing group
ii libesd-alsa0 [libesd0] 0.2.35-2 Enlightened Sound Daemon (ALSA) -
ii libfontconfig1 2.2.3-4 generic font configuration library
ii libfreetype6 2.1.7-2.3 FreeType 2 font engine, shared lib
ii libgail-common 1.8.2-1 GNOME Accessibility Implementation
ii libgail17 1.8.2-1 GNOME Accessibility Implementation
ii libgal2.2-1 2.2.4-1 G App Libs (run time library)
ii libgal2.2-common 2.2.4-1 G App Libs (common files)
ii libgconf2-4 2.8.1-4 GNOME configuration database syste
ii libgcrypt11 1.2.0-11 LGPL Crypto library - runtime libr
ii libglade2-0 1:2.4.1-1 Library to load .glade files at ru
ii libglib2.0-0 2.4.8-1 The GLib library of C routines
ii libgnome-keyring0 0.4.1-1 GNOME keyring services library
ii libgnome-pilot2 2.0.12-1.1 Support libraries for gnome-pilot
ii libgnome2-0 2.8.0-6 The GNOME 2 library - runtime file
ii libgnomecanvas2-0 2.8.0-1 A powerful object-oriented display
ii libgnomeprint2.2-0 2.8.2-1 The GNOME 2.2 print architecture -
ii libgnomeprintui2.2-0 2.8.2-1 The GNOME 2.2 print architecture U
ii libgnomeui-0 2.8.0-3 The GNOME 2 libraries (User Interf
ii libgnomevfs2-0 2.8.3-8 The GNOME virtual file-system libr
ii libgnutls11 1.0.16-13 GNU TLS library - runtime library
ii libgpg-error0 1.0-1 library for common error values an
ii libgtk2.0-0 2.4.14-2 The GTK+ graphical user interface
ii libgtkhtml3.2-11 3.2.4-1 HTML rendering/editing library - r
ii libice6 6.8.1-0.4 Inter-Client Exchange library
ii libjpeg62 6b-9 The Independent JPEG Group's JPEG
ii libldap2 2.1.30-3 OpenLDAP libraries
ii libnspr4 2:1.7.5-1 Netscape Portable Runtime Library
ii libnss3 2:1.7.5-1 Network Security Service Libraries
ii liborbit2 1:2.10.2-1.1 libraries for ORBit2 - a CORBA ORB
ii libpango1.0-0 1.6.0-3 Layout and rendering of internatio
ii libpisock8 0.11.8-10 Library for communicating with a P
ii libpisync0 0.11.8-10 Synchronization library for PalmOS
ii libpopt0 1.7-5 lib for parsing cmdline parameters
ii libsm6 6.8.1-0.4 X Window System Session Management
ii libsoup2.2-7 2.2.1-1 an HTTP library implementation in
ii libtasn1-2 0.2.10-4 Manage ASN.1 structures (runtime)
ii libx11-6 6.8.1-0.4 X Window System protocol client li
ii libxml2 2.6.11-5 GNOME XML library
ii xlibs 6.8.1-0.4 X Window System client libraries m
ii zlib1g 1:1.2.2-4 compression library - runtime
-- no debconf information
---------------------------------------
Received: (at 290291-done) by bugs.debian.org; 10 Oct 2005 08:52:15 +0000
>From lool at dooz.org Mon Oct 10 01:52:15 2005
Return-path: <lool at dooz.org>
Received: from pig.zood.org [194.242.112.24]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1EOtOI-0007GZ-00; Mon, 10 Oct 2005 01:52:15 -0700
Received: by pig.zood.org (Postfix, from userid 1000)
id 941A04C0A7; Mon, 10 Oct 2005 10:52:12 +0200 (CEST)
Date: Mon, 10 Oct 2005 10:52:12 +0200
From: =?iso-8859-1?Q?Lo=EFc?= Minier <lool at dooz.org>
To: 290291-done at bugs.debian.org
Subject: Re: Fixed in NMU of evolution 2.0.3-1.2
Message-ID: <20051010085212.GA16145 at bugs.debian.org>
References: <E1CtYzj-0000BJ-00 at newraff.debian.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
In-Reply-To: <E1CtYzj-0000BJ-00 at newraff.debian.org>
Content-Transfer-Encoding: quoted-printable
Delivered-To: 290291-done at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
Version: 2.0.3-1.2
Hi,
The NMU below was never acknowledged but was merged and I'm closing
this bug:
On mar, jan 25, 2005, Jordi Mallach wrote:
> tag 290291 + fixed
>=20
> quit
>=20
> This message was generated automatically in response to a
> non-maintainer upload. The .changes file follows.
>=20
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>=20
> Format: 1.7
> Date: Tue, 25 Jan 2005 17:49:41 +0100
> Source: evolution
> Binary: evolution-dev evolution
> Architecture: source i386
> Version: 2.0.3-1.2
> Distribution: unstable
> Urgency: high
> Maintainer: Takuo KITAME <kitame at debian.org>
> Changed-By: Jordi Mallach <jordi at debian.org>
> Description:=20
> evolution - The groupware suite
> evolution-dev - Development library files for Evolution
> Closes: 290291
> Changes:=20
> evolution (2.0.3-1.2) unstable; urgency=3DHIGH
> .
> * Non-maintainer upload to fix SECURITY issues.
> * debian/patches/CAN-2005-0102.patch:
> - camel/camel-lock-helper.c: malloc()'ing supplied path length + 1=
allowed
> an integer overflow and malloc()ation of a 0-byte buffer, which =
was then
> filled by an arbitrary amount of user-supplied data. Now restric=
t
> the length of the supplied path to at most 0xFFFF characters (pa=
tch
> taken from Ubuntu USN-69-1, thanks pitti!).
> * debian/patches/mail-preserve-auth-conf.patch: patch from Ximian Bu=
gzilla
> to fix the skipping of the needauth setting (closes: #290291).
> * debian/rules: add DEB_FIXPERMS_EXCLUDE for camel-lock-helper.
> * debian/evolution.postinst: removed, chmod/chgrp handled by make in=
stall
> (this changes camel-lock-help from suid root to sgid mail).
> Files:=20
> 2a78ec8d55fba55463da3edc84b0437d 1141 gnome optional evolution_2.0.3-1=
.2.dsc
> 7e8f066dad44529a92e6b7e036e0a450 265925 gnome optional evolution_2.0.3=
-1.2.diff.gz
> 53737df6e9812366dac110e948796ecc 10209014 gnome optional evolution_2.0=
.3-1.2_i386.deb
> 09a1e0db1d45b6266357eb5cfa85d89b 159108 devel optional evolution-dev_2=
.0.3-1.2_i386.deb
>=20
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.5 (GNU/Linux)
>=20
> iD8DBQFB9r5+JYSUupF6Il4RAi4jAJ4+6eHMQsS/aBNn6m3XqZyiN5nCGwCgh7YT
> uuzouQiLVfMbcU/cDScQMno=3D
> =3DqqCB
> -----END PGP SIGNATURE-----
>=20
>=20
>=20
Cheers,
--=20
Lo=EFc Minier <lool at dooz.org>
More information about the Pkg-evolution-maintainers
mailing list