Your message dated Wed, 02 Oct 2013 22:36:06 +0000
with message-id <[email protected]>
and subject line Bug#712141: fixed in sympa 6.1.17~dfsg-1
has caused the Debian Bug report #712141,
regarding sympa: Very long loop while compiling some digest messages
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
712141: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712141
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: sympa
Version: 6.1.11~dfsg-5
Severity: important
Tags: patch

Hi,

While compiling the digest for one list, the "sympa" process ran into some kind 
of infinite loop. This issue is encountered when one of the messages that needs 
to be digested contains binary attachments that are embedded in text/plain 
parts.

The problem was fixed in the 6.1.16 release of Sympa and in particular in the 
changeset 7955[1]. 

In my case, Sympa was unable to deliver messages to the lists while compiling 
the digest and thus can be considered as as DoS. Fix delivered in Sympa 6.1.16 
solved the problem.

1. 
https://sourcesup.renater.fr/scm/viewvc.php?view=revision&root=sympa&revision=7955

Kind regards,
Olivier;

-- System Information:
Debian Release: 7.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.8.13-xxxx-std-ipv6-64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages sympa depends on:
ii  adduser                           3.113+nmu3
ii  ca-certificates                   20130119
ii  dbconfig-common                   1.8.47+nmu1
ii  debconf [debconf-2.0]             1.5.49
ii  dpkg                              1.16.10
ii  libarchive-zip-perl               1.30-6
ii  libc6                             2.13-38
ii  libcgi-fast-perl                  5.14.2-21
ii  libcgi-pm-perl                    3.61-2
ii  libdbd-mysql-perl                 4.021-1+b1
ii  libdbd-pg-perl                    2.19.2-2
ii  libdbd-sqlite3-perl               1.37-1
ii  libdbd-sybase-perl                1.14-1
ii  libdbi-perl                       1.622-1
ii  libfcgi-perl                      0.74-1+b1
ii  libfile-copy-recursive-perl       0.38-1
ii  libhtml-format-perl               2.10-1
ii  libhtml-stripscripts-parser-perl  1.03-1
ii  libhtml-tree-perl                 5.02-1
ii  libintl-perl                      1.20-1
ii  libio-stringy-perl                2.110-5
ii  libmailtools-perl                 2.09-1
ii  libmime-charset-perl              1.009.2-1
ii  libmime-encwords-perl             1.012.4-1
ii  libmime-lite-html-perl            1.23-1.1
ii  libmime-tools-perl                5.503-1
ii  libmsgcat-perl                    1.03-5+b2
ii  libnet-ldap-perl                  1:0.4400-1
ii  libnet-netmask-perl               1.9016-1
ii  libregexp-common-perl             2011121001-1
ii  libtemplate-perl                  2.24-1
ii  libterm-progressbar-perl          2.13-1
ii  libunicode-linebreak-perl         0.0.20120401-1
ii  libxml-libxml-perl                2.0001+dfsg-1
ii  lsb-base                          4.1+Debian8
ii  mhonarc                           2.6.18-2
ii  perl                              5.14.2-21
ii  perl-modules [libcgi-pm-perl]     5.14.2-21
ii  postfix [mail-transport-agent]    2.9.6-2
ii  rsyslog [system-log-daemon]       5.8.11-3
ii  sqlite3                           3.7.13-1+deb7u1

Versions of packages sympa recommends:
ii  apache2-suexec-custom [apache2-suexec]  2.2.22-13
ii  doc-base                                0.10.4
ii  libapache2-mod-fcgid                    1:2.3.6-1.2
ii  libcrypt-ciphersaber-perl               0.61-4
ii  libfile-nfslock-perl                    1.21-1
ii  libio-socket-ssl-perl                   1.76-2
ii  libmail-dkim-perl                       0.39-1
ii  libsoap-lite-perl                       0.714-1
ii  locales                                 2.13-38
ii  logrotate                               3.8.1-4
ii  mysql-server                            5.5.31+dfsg-0+wheezy1

Versions of packages sympa suggests:
ii  apache2-mpm-worker [httpd-cgi]  2.2.22-13
pn  libauthcas-perl                 <none>
pn  libdbd-oracle-perl              <none>
pn  libtext-wrap-perl               <none>
ii  openssl                         1.0.1e-2

-- Configuration Files:
/etc/logrotate.d/sympa changed [not included]
/etc/sympa/httpd.conf-cgi [Errno 2] No such file or directory: 
u'/etc/sympa/httpd.conf-cgi'
/etc/sympa/httpd.conf-fcgi [Errno 2] No such file or directory: 
u'/etc/sympa/httpd.conf-fcgi'
/etc/sympa/topics.conf changed [not included]

-- debconf information:
* sympa/db_passwd: (password omitted)
  sympa/password-confirm: (password omitted)
  sympa/pgsql/admin-pass: (password omitted)
  sympa/app-password-confirm: (password omitted)
  sympa/key_password_again: (password omitted)
* sympa/db_passwd_again: (password omitted)
  sympa/key_password: (password omitted)
  sympa/pgsql/app-pass: (password omitted)
  sympa/mysql/admin-pass: (password omitted)
* sympa/db_adminpasswd: (password omitted)
  sympa/mysql/app-pass: (password omitted)
* sympa/dbconfig-install: false
* sympa/listmaster: [email protected]
* wwsympa/wwsympa_url: http://list.attac.org/wws
* wwsympa/webserver_restart: true
  sympa/upgrade-backup: true
  sympa/pgsql/changeconf: false
  sympa/db_options:
  sympa/db_configured: true
  sympa/internal/skip-preseed: true
  sympa/remote/host:
  sympa/db_user: sympa
  sympa/internal/reconfiguring: true
  sympa/remove-error: abort
* wwsympa/webserver_type: Apache 2
  sympa/dbconfig-remove:
  sympa/mysql/method: unix socket
  sympa/wwsympa_configured: false
* sympa/language: fr
  sympa/pgsql/method: unix socket
  sympa/db_removeonpurge: false
  sympa/install-error: abort
  sympa/pgsql/no-empty-passwords:
  sympa/pgsql/authmethod-admin: ident
  sympa/passwords-do-not-match:
  sympa/missing-db-package-error: abort
  sympa/remove_spool: false
  sympa/remote/newhost:
  sympa/pgsql/manualconf:
  sympa/remote/port:
* sympa/hostname: attac-mail.attac.org
  sympa/pgsql/authmethod-user: password
* sympa/db_hostname: localhost
  sympa/dbconfig-upgrade: true
  sympa/use_db: true
* sympa/use_soap: false
  sympa/db/dbname: sympa
  sympa/database-type: mysql
  sympa/db/basepath:
* wwsympa/fastcgi: true
  sympa/db/app-user: sympa
  sympa/purge: false
  sympa/db_authtype: Ident-based
  sympa/db_port:
  sympa/mysql/admin-user: root
  sympa/db_name: sympa
* sympa/dbconfig-reinstall: false
* sympa/db_type: MySQL
  sympa/pgsql/admin-user: postgres
  sympa/upgrade-error: abort
* wwsympa/remove_spool: false
  sympa/use_wwsympa: false
  sympa/smime_support: false

--- End Message ---
--- Begin Message ---
Source: sympa
Source-Version: 6.1.17~dfsg-1

We believe that the bug you reported is fixed in the latest version of
sympa, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emmanuel Bouthenot <[email protected]> (supplier of updated sympa package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 24 Sep 2013 21:41:18 +0000
Source: sympa
Binary: sympa
Architecture: source amd64
Version: 6.1.17~dfsg-1
Distribution: unstable
Urgency: low
Maintainer: Debian Sympa team <[email protected]>
Changed-By: Emmanuel Bouthenot <[email protected]>
Description: 
 sympa      - Modern mailing list manager
Closes: 669803 682563 682664 691506 706965 709565 712141 714388 717435 724086
Changes: 
 sympa (6.1.17~dfsg-1) unstable; urgency=low
 .
   * New upstream release:
     - Fix possible infinite loop while generating digest with text/plain
       binary attachements (Closes: #712141)
     - Fix missing templates (Closes: #714388)
     - Switch the default locale from en_US to en (update debconf templates
       accordingly) (Closes: #682563)
   * Refresh patches:
     - Fix 'CREATE DATABASE' syntax with mysql backend. Thanks to Daniel
     Caillibaud for the patch (Closes: #682664)
   * Add a patch to make possible to fallback on C locale when no other
     locales are available
   * Add a patch to raise a warning instead of an error when the CA bundle file
     is not readable (Closes: #706965, #717435)
   * Fix packaging to support Apache >= 2.4 (Closes: #669803)
   * Update manpages patch to fix a FTBFS caused by lack of 'encoding'
     identifer in pod snippets (Closes: #724086)
   * Add dependency on libsoap-lite-perl
   * Fix Vcs-* fields
   * Bump Standards-Version to 3.9.4
   * Remove support of sqlite < 3
   * Add a warning message in postinst about the fix of permissions and
     ownership which can take a while. Thanks to David Prévot for the
     suggestion (Closes: #709565)
   * Fix a bug in postinst while trying to add missing parameters in
     sympa.conf during upgrade to sympa > 6.0.1. Thanks to Paul Menzel
     for the patch (Closes: #691506)
   * Minor updates in debian/copyright
   * Switch to debhelper >= 9
Checksums-Sha1: 
 51684a564a966934a1419cd7857a0e976c41c4be 2517 sympa_6.1.17~dfsg-1.dsc
 ac43ab205d681343681abff9772d55a541fd912a 5582004 sympa_6.1.17~dfsg.orig.tar.gz
 3d42df0f13b216b595b14541426c6959c0e2b7f4 118776 
sympa_6.1.17~dfsg-1.debian.tar.gz
 f58cb1ed377f8d6a22d2b565a10a7a66eff2e23d 2096214 sympa_6.1.17~dfsg-1_amd64.deb
Checksums-Sha256: 
 9a6ae19a77c40d8d68f00b6b3ec4f737e056aed93d695be17f3fe96456d7ef49 2517 
sympa_6.1.17~dfsg-1.dsc
 82398955d8052d323441718ee3830ddf505ee50acdb82431acc7a297bf3f77b6 5582004 
sympa_6.1.17~dfsg.orig.tar.gz
 73c9acd941894a1d0d17194d5cdfc2e7f3d2d403f7b9cdfe2ea9ddf005d6b9a0 118776 
sympa_6.1.17~dfsg-1.debian.tar.gz
 1974ef0f15c530418f65ea17ce25b7750cc633800fbed1c5921e2d0b74c27839 2096214 
sympa_6.1.17~dfsg-1_amd64.deb
Files: 
 3a2cac33de59432b8d11aea192413b21 2517 mail optional sympa_6.1.17~dfsg-1.dsc
 1cf3040bf1f8013b7ebcf3bf8216bb18 5582004 mail optional 
sympa_6.1.17~dfsg.orig.tar.gz
 076cf5d8c110c6856b82f0e244dd846d 118776 mail optional 
sympa_6.1.17~dfsg-1.debian.tar.gz
 9e623cba0566abc75033faea3eb073bc 2096214 mail optional 
sympa_6.1.17~dfsg-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBCgAGBQJSTJ0qAAoJEEsHdyOSnULDoNAQAIANqdXVv5W7IIKo02rmWzbE
nBXmNm133H/r50kNoAv2Ht162dwqaUhdyDxPMmqsWxA2EjcIODhWReyE/89e6jgB
S7OPbWEYo9xe8rLA/68K4CcqBAi9kLBL+awSvkpdCWcfmv3DEP6kiPeuFU280LXm
0hpYQ8WJu8jzaFTftRa8J2a5DsS0zyPR6UsQsdNPclCNX3fT5NMaoucTp3/Aub/k
VSMOW6BK1bmM1YPUAjJ8YDoNKlbarKLxmuHxDzEEBzS/2ATKu6cmgQ7wSgp3fO0W
or4I6bRkwrWJGdU0azXufl6Jq45YeLaWMojM/AgoYetbsDQA9WyLASHFNVfGLVF0
Ae6k/Q0XGlpy6jyi+e7k4PoCPOQ3r8dyt8hC7jShb3ihnKUxsrDCQnqv4muMzYNm
lQX5v57Gc7J+oBVt7pyMXSMoJ6O0FqcEiEQc46eKAP11RD6VdoWYxQacrOY315+8
6BMIMC/L6T7O8u0UYJ6PShGhJXD/XCjlzYnBO5zka5k6VikoefEY6k+d93mPwM4X
+FoRd/OZHVyv/Y0GHfwRMrxxwDiEcWZR5Gd+ryW5n/PxLqasnst727Wn2WgQ2UP5
h9gK7my/0V/A7NMiDfyuws3m9IvyBS1YFYKtkWEbtxKML/tlSwqTjYsNySPjrOpa
yZ6R2V+fQOhHzj7zB/bB
=/RcS
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to