Your message dated Sat, 16 Apr 2005 07:17:16 -0400 with message-id <[EMAIL PROTECTED]> and subject line Bug#304749: fixed in postgrey 1.21-1 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 15 Apr 2005 07:41:29 +0000 >From [EMAIL PROTECTED] Fri Apr 15 00:41:29 2005 Return-path: <[EMAIL PROTECTED]> Received: from mail.charite.de [160.45.207.131] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1DMLSD-0005FR-00; Fri, 15 Apr 2005 00:41:29 -0700 Received: from mail.charite.de (localhost [127.0.0.1]) by mail.charite.de (Postfix) with ESMTP id A434216D605; Fri, 15 Apr 2005 09:41:33 +0200 (CEST) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Ralf Hildebrandt <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Subject: postgrey: remotely exploitable DoS vulnerability X-Mailer: reportbug 3.8 Date: Fri, 15 Apr 2005 09:41:33 +0200 Message-Id: <[EMAIL PROTECTED]> X-Virus-Scanned: amavisd-new at charite.de X-purgate-ID: 149814::050415094134-5C79-244AFCC3 0 X-purgate-Ad: Checked for SPAM by eleven - eXpurgate www.eXpurgate.net X-purgate: This mail is considered clean X-purgate: clean X-purgate-type: clean X-purgate-size: 1508/1272 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: postgrey Version: 1.18-2 Severity: critical Justification: breaks the whole system Postgrey 1.21 was release due to a remotely exploitable DoS vulnerability: Changes ------- * 2005-04-14: version 1.21 Security: this release fixes a remotely exploitable DoS vulnerability. - fix crash with '%' in sender addresses (Stefan Schmidt) - fix other users of unchecked strings with syslog/printf (Peter Bieringer) - run in tainted mode -T (Peter Bieringer) (version 1.19 and 1.20 were released on the same day with the above fixes) -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.11ac6 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages postgrey depends on: ii debconf 1.4.30.11 Debian configuration management sy ii libberkeleydb-perl 0.26-3 use Berkeley DB 4 databases from P ii libnet-dns-perl 0.48-1 Perform DNS queries from a Perl sc ii libnet-server-perl 0.87-3 An extensible, general perl server ii perl 5.8.4-8 Larry Wall's Practical Extraction ii ucf 1.17 Update Configuration File: preserv -- debconf information: postgrey/1.13-5_move-db: postgrey/1.14-1_lookup-by-subnet: * postgrey/1.13-5_old-config: --------------------------------------- Received: (at 304749-close) by bugs.debian.org; 16 Apr 2005 11:23:28 +0000 >From [EMAIL PROTECTED] Sat Apr 16 04:23:28 2005 Return-path: <[EMAIL PROTECTED]> Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1DMlOZ-0003B6-00; Sat, 16 Apr 2005 04:23:27 -0700 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1DMlIa-0003CU-00; Sat, 16 Apr 2005 07:17:16 -0400 From: Adrian von Bidder <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] X-Katie: $Revision: 1.55 $ Subject: Bug#304749: fixed in postgrey 1.21-1 Message-Id: <[EMAIL PROTECTED]> Sender: Archive Administrator <[EMAIL PROTECTED]> Date: Sat, 16 Apr 2005 07:17:16 -0400 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Source: postgrey Source-Version: 1.21-1 We believe that the bug you reported is fixed in the latest version of postgrey, which is due to be installed in the Debian FTP archive: postgrey_1.21-1.diff.gz to pool/main/p/postgrey/postgrey_1.21-1.diff.gz postgrey_1.21-1.dsc to pool/main/p/postgrey/postgrey_1.21-1.dsc postgrey_1.21-1_all.deb to pool/main/p/postgrey/postgrey_1.21-1_all.deb postgrey_1.21.orig.tar.gz to pool/main/p/postgrey/postgrey_1.21.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Adrian von Bidder <[EMAIL PROTECTED]> (supplier of updated postgrey package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sat, 16 Apr 2005 11:46:26 +0200 Source: postgrey Binary: postgrey Architecture: source all Version: 1.21-1 Distribution: unstable Urgency: high Maintainer: Adrian von Bidder <[EMAIL PROTECTED]> Changed-By: Adrian von Bidder <[EMAIL PROTECTED]> Description: postgrey - greylisting implementation for Postfix Closes: 303943 304749 Changes: postgrey (1.21-1) unstable; urgency=high . * New upstream version - SECURITY: fixes remote DoS vulnerability (closes: #304749) <http://lists.ee.ethz.ch/postgrey/msg00647.html> - Typo in manpage (closes: #303943) * New maintainer email. * log '%' as '%' <http://lists.ee.ethz.ch/postgrey/msg00653.html> Files: dd9a92a0108094dccb8ee13c8b3580f5 624 mail optional postgrey_1.21-1.dsc 1274e073be5178445e0892a9dcc6fe98 25934 mail optional postgrey_1.21.orig.tar.gz 21ce5b5a068a01a412542acc0cb0b11c 12072 mail optional postgrey_1.21-1.diff.gz 48f882e6da7e1e51b601e5abe5c95ff7 41824 mail optional postgrey_1.21-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iEYEARECAAYFAkJg8RYACgkQIgvIgzMMSnXgFACdGFejORHtxRSjx9sqGxmnsdaF bRUAn0P9DOzdAf6aPuqrVaGnkIK+eYQS =DFBu -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]