registry team mailing list archive

Thread
Date

[Bug 515996] Re: [MIR] libesmtp

To: registry@xxxxxxxxxxxxxxxxxxx
From: Andres Rodriguez <andreserl@xxxxxxxxxxxxx>
Date: Tue, 27 Jul 2010 21:49:09 -0000
Reply-to: Bug 515996 <515996@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Summary changed:

- MIR fallout: libesmtp does not check NULL bytes in commonNames of certificates (variant of CVE-2009-2408)
+ [MIR] libesmtp

** Description changed:

  1. Availability: amd64, armel, i386, ia64, powerpc, sparc
  
  2. Rationale: The package helps meet
- https://blueprints.edge.launchpad.net/ubuntu/+spec/server-lucid-cluster-
- stack blueprint goal. Needed binary packages are libesmtp5 and libesmtp-
- dev.
+ https://blueprints.edge.launchpad.net/ubuntu/+spec/server-maverick-
+ clusterstack blueprint goal. Needed binary packages are libesmtp5 and
+ libesmtp-dev.
  
- 3. Security: 1 old CVE: CVE-2002-1090
+ 3. Security: No CVEs. 
+ Recent fix of "not check NULL bytes in commonNames of certificates" was issued in debian and already syncing into Ubuntu.
  
  4. QA: 1 openssl/gnutls related bug in Debian, no bugs in Ubuntu.
  Upstream's last release was in 2005. URL:
  http://www.stafford.uklinux.net/libesmtp/
  
  5. UI standards: none
  
  6. Dependencies: all in main
  
  7. Standards: no lintian warnings. Package is packaged with debhelper
  and uses custom developed patch system.
  
  8. Maintenance: simple package, syncs should be enough (there were no
  Ubuntu changes in package history)
  
  9. Background information: this package is one of dependencies for new
  cluster stack in Ubuntu.

** Changed in: libesmtp (Ubuntu)
       Status: Incomplete => New

** Changed in: libesmtp (Ubuntu)
   Importance: Undecided => Wishlist

-- 
[MIR] libesmtp
https://bugs.launchpad.net/bugs/515996
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for Debian.