Package: release.debian.org Severity: normal Tags: buster User: release.debian.org@packages.debian.org Usertags: pu Hi, the release team, I'd like to update package mew in buster to fix a security issue, managed as no advisory by the security team. See this changelog and the attached debdiff. mew (1:6.8-4+deb10u1) buster; urgency=medium * New patch 070_checkhost.patch to enable checkHost for stunnel (closes: #950411) -- Tatsuya Kinoshita <tats@debian.org> Sun, 02 Feb 2020 18:31:28 +0900 Please let me know if I can upload it. Thanks, -- Tatsuya Kinoshita
diffstat for mew-6.8 mew-6.8 changelog | 7 +++++++ patches/070_checkhost.patch | 15 +++++++++++++++ patches/series | 1 + 3 files changed, 23 insertions(+) diff -Nru mew-6.8/debian/changelog mew-6.8/debian/changelog --- mew-6.8/debian/changelog 2019-01-06 00:22:08.000000000 +0900 +++ mew-6.8/debian/changelog 2020-02-02 18:31:28.000000000 +0900 @@ -1,3 +1,10 @@ +mew (1:6.8-4+deb10u1) buster; urgency=medium + + * New patch 070_checkhost.patch to enable checkHost for stunnel + (closes: #950411) + + -- Tatsuya Kinoshita <tats@debian.org> Sun, 02 Feb 2020 18:31:28 +0900 + mew (1:6.8-4) unstable; urgency=medium [ YAMANAKA Hitoshi ] diff -Nru mew-6.8/debian/patches/070_checkhost.patch mew-6.8/debian/patches/070_checkhost.patch --- mew-6.8/debian/patches/070_checkhost.patch 1970-01-01 09:00:00.000000000 +0900 +++ mew-6.8/debian/patches/070_checkhost.patch 2020-02-01 22:18:14.000000000 +0900 @@ -0,0 +1,15 @@ +Subject: Enable checkHost for stunnel +Origin: upstream, https://github.com/kazu-yamamoto/Mew/commit/8de0a1398f10d0e8da29ce91ec22af17430c0004 +Bug: https://github.com/kazu-yamamoto/Mew/pull/133 + +--- a/mew-ssl.el ++++ b/mew-ssl.el +@@ -106,6 +106,8 @@ insert no extra text.") + (insert "client=yes\n") + (insert "pid=\n") + (insert (format "verify=%d\n" (mew-ssl-verify-level case))) ++ (if (> (mew-ssl-verify-level case) 0) ++ (insert (format "checkHost=%s\n" server))) + (insert "foreground=yes\n") + (insert "debug=debug\n") + (if (and mew-ssl-libwrap (or (>= mew-ssl-ver 5) (>= mew-ssl-minor-ver 45))) diff -Nru mew-6.8/debian/patches/series mew-6.8/debian/patches/series --- mew-6.8/debian/patches/series 2019-01-06 00:19:10.000000000 +0900 +++ mew-6.8/debian/patches/series 2020-02-01 22:18:14.000000000 +0900 @@ -2,3 +2,4 @@ 020_netpbm.patch 030_cache-long-scans.patch 040_incm-lock.patch +070_checkhost.patch
Attachment:
pgpGvvT0SxCY2.pgp
Description: PGP signature