Your message dated Thu, 3 Jul 2008 00:00:43 +0200 with message-id <20080702220043.GA6946@galadriel.inutil.org> and subject line Re: CVE-2007-5208 arbitrary command execution via unfiltered from address has caused the Debian Bug report #447341, regarding CVE-2007-5208 arbitrary command execution via unfiltered from address to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 447341: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447341 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: CVE-2007-5208 arbitrary command execution via unfiltered from address
- From: Nico Golde <nion@debian.org>
- Date: Sat, 20 Oct 2007 11:58:37 +0200
- Message-id: <20071020095837.GA13877@ngolde.de>
Package: hplip Version: 1.6.10-3 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for hplip. CVE-2007-5208[0]: | hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) | 1.x and 2.x before 2.7.10 allows context-dependent attackers to | execute arbitrary commands via shell metacharacters in a from address, | which is not properly handled when invoking sendmail. If you fix this vulnerability please also include the CVE id in your changelog entry. You can find a patch on: http://launchpadlibrarian.net/9737865/90_subprocess_replacement.dpatch For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5208 Kind regards Nico -- Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.Attachment: pgpwQXxsiK9z0.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 447341-done@bugs.debian.org
- Subject: Re: CVE-2007-5208 arbitrary command execution via unfiltered from address
- From: Moritz Muehlenhoff <jmm@inutil.org>
- Date: Thu, 3 Jul 2008 00:00:43 +0200
- Message-id: <20080702220043.GA6946@galadriel.inutil.org>
- In-reply-to: <20071020095837.GA13877@ngolde.de>
- References: <20071020095837.GA13877@ngolde.de>
Version: 1.6.10-4.3 On Sat, Oct 20, 2007 at 11:58:37AM +0200, Nico Golde wrote: > Package: hplip > Version: 1.6.10-3 > Severity: grave > Tags: security patch Closing versioned against the fix uploaded to sid some time ago, since this still showed up at bts.turmzimmer.net Cheers, Moritz
--- End Message ---