Bug#573228: marked as done (Arbitrary command execution (report from full-disclosure))

Wed, 17 Mar 2010 23:36:22 -0700 

Your message dated Thu, 18 Mar 2010 06:32:09 +0000
with message-id <[email protected]>
and subject line Bug#573228: fixed in spamass-milter 0.3.1-9
has caused the Debian Bug report #573228,
regarding Arbitrary command execution (report from full-disclosure)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
573228: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573228
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: spamass-milter
Severity: grave
Tags: security

Hi Don,
The following report was posted to full-disclosure:
http://lists.grok.org.uk/pipermail/full-disclosure/2010-March/073489.html

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-2-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages spamass-milter depends on:
ii  adduser                       3.112      add and remove users and groups
ii  libc6                         2.10.2-6   Embedded GNU C Library: Shared lib
ii  libgcc1                       1:4.4.3-3  GCC support library
pn  libmilter1.0.1                <none>     (no description available)
ii  libstdc++6                    4.4.3-3    The GNU Standard C++ Library v3
pn  spamc                         <none>     (no description available)

Versions of packages spamass-milter recommends:
pn  sendmail | postfix            <none>     (no description available)
ii  spamassassin                  3.3.0-2    Perl-based spam filter using text 

spamass-milter suggests no packages.

--- End Message ---
--- Begin Message --- 
Source: spamass-milter
Source-Version: 0.3.1-9

We believe that the bug you reported is fixed in the latest version of
spamass-milter, which is due to be installed in the Debian FTP archive:

spamass-milter_0.3.1-9.diff.gz
  to main/s/spamass-milter/spamass-milter_0.3.1-9.diff.gz
spamass-milter_0.3.1-9.dsc
  to main/s/spamass-milter/spamass-milter_0.3.1-9.dsc
spamass-milter_0.3.1-9_amd64.deb
  to main/s/spamass-milter/spamass-milter_0.3.1-9_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Don Armstrong <[email protected]> (supplier of updated spamass-milter package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Format: 1.8
Date: Wed, 11 Mar 2009 03:59:39 -0700
Source: spamass-milter
Binary: spamass-milter
Architecture: source amd64
Version: 0.3.1-9
Distribution: unstable
Urgency: high
Maintainer: Don Armstrong <[email protected]>
Changed-By: Don Armstrong <[email protected]>
Description: 
 spamass-milter - milter for filtering mail through spamassassin
Closes: 514749 515158 518552 519245 573228
Changes: 
 spamass-milter (0.3.1-9) unstable; urgency=high
 .
   * Call restorecon on the socket and pidfile directories to make SELinux
     happy (thanks to Russel Coker) (closes: #518552)
   * Document how to make inet:[email protected] work (closes: #519245)
   * Document that using the -x option requires being in the smmsp group
     (closes: #515158)
   * Deal with inet:999 sockets (closes: #514749)
     - handle them more sanely in the init script
     - document how to deal with them in README.Debian and
       /etc/spamass-milter/default
   * Use new popenenv function instead of open; fixes remote code exploit
     as the spamass-milter user when run using -x. (closes: #573228)
Checksums-Sha1: 
 ac4e9767bfb8cebfbcce80faf36bc1e85170774b 1022 spamass-milter_0.3.1-9.dsc
 36e29741bbe96cb6939c0d8ef38b23a97b7d12cb 35717 spamass-milter_0.3.1-9.diff.gz
 883621a265ea847260e6ebea2ee711e15ded42ec 52996 spamass-milter_0.3.1-9_amd64.deb
Checksums-Sha256: 
 fd204ada00d8a96cc5124749b323a528e20a13698c330405cb60b0e32666149a 1022 
spamass-milter_0.3.1-9.dsc
 16d8554a4bdc3b758c718e416ac8d0b2d1b24c4769944a1f2b29164ee7e01078 35717 
spamass-milter_0.3.1-9.diff.gz
 39961044e3e309e05ca6e319bdc20c5b79d1f6ea66138eff1cc373bf5d5bb2fa 52996 
spamass-milter_0.3.1-9_amd64.deb
Files: 
 02a3c8e7e5b7088c5c7ec153135c6ca4 1022 mail extra spamass-milter_0.3.1-9.dsc
 1ea0540cd53e48efa5c8f74171aa0ada 35717 mail extra 
spamass-milter_0.3.1-9.diff.gz
 8b32fa5cf54e61a1f74898f2b396a089 52996 mail extra 
spamass-milter_0.3.1-9_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFLocV9gcCJIoCND9ARA1tMAJ4uUszhgnwMYi4Oa4f+Jaz8+W7YVwCfaHh6
/IoqI/kK6PdenM9SxrxEM5U=
=a9B9
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to