Package: postgrey
Version: 1.18-2
Severity: critical
Justification: breaks the whole system
Postgrey 1.21 was release due to a remotely exploitable DoS
vulnerability:
Changes
-------
* 2005-04-14: version 1.21
Security: this release fixes a remotely exploitable DoS
vulnerability.
- fix crash with '%' in sender addresses (Stefan Schmidt)
- fix other users of unchecked strings with syslog/printf
(Peter Bieringer)
- run in tainted mode -T (Peter Bieringer)
(version 1.19 and 1.20 were released on the same day
with the above fixes)
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11ac6
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages postgrey depends on:
ii debconf 1.4.30.11 Debian configuration management sy
ii libberkeleydb-perl 0.26-3 use Berkeley DB 4 databases from P
ii libnet-dns-perl 0.48-1 Perform DNS queries from a Perl sc
ii libnet-server-perl 0.87-3 An extensible, general perl server
ii perl 5.8.4-8 Larry Wall's Practical Extraction
ii ucf 1.17 Update Configuration File: preserv
-- debconf information:
postgrey/1.13-5_move-db:
postgrey/1.14-1_lookup-by-subnet:
* postgrey/1.13-5_old-config:
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
