Your message dated Sat, 16 Apr 2005 07:17:16 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#304749: fixed in postgrey 1.21-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 15 Apr 2005 07:41:29 +0000
>From [EMAIL PROTECTED] Fri Apr 15 00:41:29 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mail.charite.de [160.45.207.131]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DMLSD-0005FR-00; Fri, 15 Apr 2005 00:41:29 -0700
Received: from mail.charite.de (localhost [127.0.0.1])
by mail.charite.de (Postfix) with ESMTP id A434216D605;
Fri, 15 Apr 2005 09:41:33 +0200 (CEST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Ralf Hildebrandt <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: postgrey: remotely exploitable DoS vulnerability
X-Mailer: reportbug 3.8
Date: Fri, 15 Apr 2005 09:41:33 +0200
Message-Id: <[EMAIL PROTECTED]>
X-Virus-Scanned: amavisd-new at charite.de
X-purgate-ID: 149814::050415094134-5C79-244AFCC3 0
X-purgate-Ad: Checked for SPAM by eleven - eXpurgate www.eXpurgate.net
X-purgate: This mail is considered clean
X-purgate: clean
X-purgate-type: clean
X-purgate-size: 1508/1272
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: postgrey
Version: 1.18-2
Severity: critical
Justification: breaks the whole system
Postgrey 1.21 was release due to a remotely exploitable DoS
vulnerability:
Changes
-------
* 2005-04-14: version 1.21
Security: this release fixes a remotely exploitable DoS
vulnerability.
- fix crash with '%' in sender addresses (Stefan Schmidt)
- fix other users of unchecked strings with syslog/printf
(Peter Bieringer)
- run in tainted mode -T (Peter Bieringer)
(version 1.19 and 1.20 were released on the same day
with the above fixes)
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11ac6
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages postgrey depends on:
ii debconf 1.4.30.11 Debian configuration management sy
ii libberkeleydb-perl 0.26-3 use Berkeley DB 4 databases from P
ii libnet-dns-perl 0.48-1 Perform DNS queries from a Perl sc
ii libnet-server-perl 0.87-3 An extensible, general perl server
ii perl 5.8.4-8 Larry Wall's Practical Extraction
ii ucf 1.17 Update Configuration File: preserv
-- debconf information:
postgrey/1.13-5_move-db:
postgrey/1.14-1_lookup-by-subnet:
* postgrey/1.13-5_old-config:
---------------------------------------
Received: (at 304749-close) by bugs.debian.org; 16 Apr 2005 11:23:28 +0000
>From [EMAIL PROTECTED] Sat Apr 16 04:23:28 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DMlOZ-0003B6-00; Sat, 16 Apr 2005 04:23:27 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DMlIa-0003CU-00; Sat, 16 Apr 2005 07:17:16 -0400
From: Adrian von Bidder <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#304749: fixed in postgrey 1.21-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sat, 16 Apr 2005 07:17:16 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: postgrey
Source-Version: 1.21-1
We believe that the bug you reported is fixed in the latest version of
postgrey, which is due to be installed in the Debian FTP archive:
postgrey_1.21-1.diff.gz
to pool/main/p/postgrey/postgrey_1.21-1.diff.gz
postgrey_1.21-1.dsc
to pool/main/p/postgrey/postgrey_1.21-1.dsc
postgrey_1.21-1_all.deb
to pool/main/p/postgrey/postgrey_1.21-1_all.deb
postgrey_1.21.orig.tar.gz
to pool/main/p/postgrey/postgrey_1.21.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adrian von Bidder <[EMAIL PROTECTED]> (supplier of updated postgrey package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 16 Apr 2005 11:46:26 +0200
Source: postgrey
Binary: postgrey
Architecture: source all
Version: 1.21-1
Distribution: unstable
Urgency: high
Maintainer: Adrian von Bidder <[EMAIL PROTECTED]>
Changed-By: Adrian von Bidder <[EMAIL PROTECTED]>
Description:
postgrey - greylisting implementation for Postfix
Closes: 303943 304749
Changes:
postgrey (1.21-1) unstable; urgency=high
.
* New upstream version
- SECURITY: fixes remote DoS vulnerability (closes: #304749)
<http://lists.ee.ethz.ch/postgrey/msg00647.html>
- Typo in manpage (closes: #303943)
* New maintainer email.
* log '%' as '%'
<http://lists.ee.ethz.ch/postgrey/msg00653.html>
Files:
dd9a92a0108094dccb8ee13c8b3580f5 624 mail optional postgrey_1.21-1.dsc
1274e073be5178445e0892a9dcc6fe98 25934 mail optional postgrey_1.21.orig.tar.gz
21ce5b5a068a01a412542acc0cb0b11c 12072 mail optional postgrey_1.21-1.diff.gz
48f882e6da7e1e51b601e5abe5c95ff7 41824 mail optional postgrey_1.21-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iEYEARECAAYFAkJg8RYACgkQIgvIgzMMSnXgFACdGFejORHtxRSjx9sqGxmnsdaF
bRUAn0P9DOzdAf6aPuqrVaGnkIK+eYQS
=DFBu
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
