Your message dated Wed, 09 Mar 2005 11:01:18 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#298692: CAN-2005-0687: format string vulnerability
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 9 Mar 2005 10:48:17 +0000
>From [EMAIL PROTECTED] Wed Mar 09 02:48:16 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mail-out.m-online.net [212.18.0.9]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1D8yjg-0002uF-00; Wed, 09 Mar 2005 02:48:16 -0800
Received: from mail.m-online.net (svr20.m-online.net [192.168.3.148])
by mail-out.m-online.net (Postfix) with ESMTP id C342368F1
for <[EMAIL PROTECTED]>; Wed, 9 Mar 2005 11:48:15 +0100 (CET)
Received: from k.local (ppp-82-135-3-249.mnet-online.de [82.135.3.249])
by mail.m-online.net (Postfix) with ESMTP id B46785B764
for <[EMAIL PROTECTED]>; Wed, 9 Mar 2005 11:48:15 +0100 (CET)
Received: from stf by k.local with local (Exim 4.50)
id 1D8yjf-00029k-Hy
for [EMAIL PROTECTED]; Wed, 09 Mar 2005 11:48:15 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Stefan Fritsch <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: CAN-2005-0687: format string vulnerability
X-Mailer: reportbug 3.8
Date: Wed, 09 Mar 2005 11:48:15 +0100
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: hashcash
Severity: grave
Tags: security
Justification: user security hole
Format string vulnerability in Hashcash 1.x allows remote attackers
to cause a denial of service (memory consumption) and possibly execute
arbitrary code via format string specifiers in a reply address, which
is not properly handled when printing the header.
See
http://www.gentoo.org/security/en/glsa/glsa-200503-12.xml
http://secunia.com/advisories/14487
Patch is at
http://bugs.gentoo.org/show_bug.cgi?id=83541
---------------------------------------
Received: (at 298692-close) by bugs.debian.org; 9 Mar 2005 16:01:36 +0000
>From [EMAIL PROTECTED] Wed Mar 09 08:01:36 2005
Return-path: <[EMAIL PROTECTED]>
Received: from infinity.plus1.co.za (esquilax.uhoreg.ca) [66.45.233.150]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1D93cu-00022Z-00; Wed, 09 Mar 2005 08:01:36 -0800
Received: from hubert by esquilax.uhoreg.ca with local (Exim 4.34)
id 1D93co-0008At-GY; Wed, 09 Mar 2005 11:01:31 -0500
Date: Wed, 09 Mar 2005 11:01:18 -0500
Subject: Re: Bug#298692: CAN-2005-0687: format string vulnerability
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0 (Generated by Pantomime 1.2.0)
From: Hubert Chan <[EMAIL PROTECTED]>
To: Stefan Fritsch <[EMAIL PROTECTED]>
Cc: Debian Bug Tracking System <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
X-Mailer: GNUMail (Version 1.2.0)
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Rcpt-To: [EMAIL PROTECTED], [EMAIL PROTECTED]
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on esquilax.uhoreg.ca); SAEximRunCond expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Hi Stefan
Thanks for the report. I've already checked, and hashcash 1.13, which
is what is in Debian, is not vulnerable.
--
Hubert Chan <[EMAIL PROTECTED]> - http://www.uhoreg.ca/
PGP/GnuPG key: 1024D/124B61FA
Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA
Key available at wwwkeys.pgp.net. Encrypted e-mail preferred.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
