Your message dated Fri, 22 Aug 2008 21:33:45 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#494969: fixed in sympa 5.3.4-5.1
has caused the Debian Bug report #494969,
regarding sympa: Leftover debug code may lead to data loss
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
494969: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494969
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: sympa
Version: 5.2.3-1.2+etch1
Severity: critical
Justification: causes serious data loss
Tags: security
Thanks to Dmitry E. Oboukhov, for spotting that the following code in Sympa
leads to potential data loss due to symlink attacks (I think) :
In wwsympa.fcgi :
open TMP, ">/tmp/dump";
$document->dump(\*TMP);
close TMP;
open TMP, ">/tmp/dump2";
&tools::dump_var ($param, 0, \*TMP);
close TMP;
I'm not completely sure this may be called nor when, but if it may, then better
not have /tmp/dump linked to something the CGI could write to.
In any case, such code seems like debug to me, so should be removed I guess (to
be notified upstream, too).
Code in sympa.pl about --make_alias_file option may exhibit a similar
vulnerability too, although that may not be invoked unless under admin control
with a more or less changing filename... so may need more testing and analysis
on that second one.
Source : http://uvw.ru/report.lenny.txt,
http://lists.debian.org/debian-devel/2008/08/msg00312.html
Hope this helps,
-- System Information:
Debian Release: lenny/sid
APT prefers testing-proposed-updates
APT policy: (500, 'testing-proposed-updates'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.24-openvz-24-004.1d1-686 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages sympa depends on:
ii adduser 3.108 add and remove users and groups
ii debconf [debconf-2.0] 1.5.22 Debian configuration management sy
ii exim4-daemon-light [mail-tra 4.69-6 lightweight Exim MTA (v4) daemon
pn libarchive-zip-perl <none> (no description available)
ii libc6 2.7-13 GNU C Library: Shared libraries
pn libcgi-fast-perl <none> (no description available)
pn libcrypt-ciphersaber-perl <none> (no description available)
pn libdbd-mysql-perl | libdbd-p <none> (no description available)
ii libdbi-perl 1.605-1 Perl5 database interface by Tim Bu
ii libfcgi-perl 0.67-2.1+b1 FastCGI Perl module
ii libintl-perl 1.16-4 Uniforum message translations syst
ii libio-stringy-perl 2.110-4 Perl modules for IO from scalars a
ii libmailtools-perl 2.03-1 Manipulate email in perl programs
pn libmd5-perl <none> (no description available)
ii libmime-perl 5.427-1 transitional dummy package
ii libmime-tools-perl [libmime- 5.427-1 Perl5 modules for MIME-compliant m
pn libmsgcat-perl <none> (no description available)
pn libnet-ldap-perl <none> (no description available)
pn libtemplate-perl <none> (no description available)
ii libxml-libxml-perl 1.66-1+b1 Perl module for using the GNOME li
pn mhonarc <none> (no description available)
ii perl [libmime-base64-perl] 5.10.0-11.1 Larry Wall's Practical Extraction
pn perl-suid <none> (no description available)
ii sysklogd [system-log-daemon] 1.5-5 System Logging Daemon
Versions of packages sympa recommends:
ii doc-base 0.8.16 utilities to manage online documen
ii logrotate 3.7.1-3 Log rotation utility
Versions of packages sympa suggests:
ii apache2-mpm-prefork [httpd] 2.2.9-6 Apache HTTP Server - traditional n
pn libapache-mod-fastcgi <none> (no description available)
pn mysql-server | postgresql <none> (no description available)
ii openssl 0.9.8g-12 Secure Socket Layer (SSL) binary a
--
Olivier BERGER <[EMAIL PROTECTED]>
http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 1024D/6B829EEC
Ingénieur Recherche - Dept INF
Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France)
--- End Message ---
--- Begin Message ---
Source: sympa
Source-Version: 5.3.4-5.1
We believe that the bug you reported is fixed in the latest version of
sympa, which is due to be installed in the Debian FTP archive:
sympa_5.3.4-5.1.diff.gz
to pool/main/s/sympa/sympa_5.3.4-5.1.diff.gz
sympa_5.3.4-5.1.dsc
to pool/main/s/sympa/sympa_5.3.4-5.1.dsc
sympa_5.3.4-5.1_i386.deb
to pool/main/s/sympa/sympa_5.3.4-5.1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Perrier <[EMAIL PROTECTED]> (supplier of updated sympa package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 21 Aug 2008 15:10:38 +0200
Source: sympa
Binary: sympa
Architecture: source i386
Version: 5.3.4-5.1
Distribution: unstable
Urgency: low
Maintainer: Stefan Hornburg (Racke) <[EMAIL PROTECTED]>
Changed-By: Christian Perrier <[EMAIL PROTECTED]>
Description:
sympa - Modern mailing list manager
Closes: 411983 473655 480987 491959 494969 495087 495572 495588 495723
Changes:
sympa (5.3.4-5.1) unstable; urgency=low
.
* Non-maintainer upload.
* Bug fix: "(re)configuring sympa won't define soap_url to non-fixed
value", this time for good, hopefully (Closes: #411983).
* Fix insecure files creation in /tmp, backporting upstream fix
(Closes: #494969)
* Remove extra space in debconf templates. Translations unfuzzied
Closes: #473655
* Fix pending l10n issues
* Debconf translations:
- Galician. Closes: #480987
- Swedish. Closes: #491959
- Czech. Closes: #495087
- Russian. Closes: #495572
- Basque. Closes: #495588
- Brazilian Portuguese. Closes: #495723
* [Lintian] Change Depends from obsolete libmime-perl to libmime-tools-perl
* [Lintian] Change "can can handle" to "can handle" in package description
* [Lintian] Set debhelper compatibility level through debian/compat
Checksums-Sha1:
8929161d91d762275667f023a39d973e8b841506 992 sympa_5.3.4-5.1.dsc
ad4ce1634cdf724239779d30b3b9f20f2cd43d8c 111988 sympa_5.3.4-5.1.diff.gz
feb7903256b59eba9a288c6fa347979a0feb4b24 3096090 sympa_5.3.4-5.1_i386.deb
Checksums-Sha256:
e3838ff4f8d26c6bd46c67480be6334378307724452312e3f288d29cd24c898e 992
sympa_5.3.4-5.1.dsc
0a4bbf66a4534bb4ee06711aa4c07f8ef87fd9977e223aa789684628b669b98e 111988
sympa_5.3.4-5.1.diff.gz
1d78ce6209cbd1ea5d5a85d0202fcc9994685a51d78e3386a5b2223a7862f593 3096090
sympa_5.3.4-5.1_i386.deb
Files:
ded2d701a669009dc3be1c986f5dd7f4 992 mail optional sympa_5.3.4-5.1.dsc
227ee7719fc97d87086a161f729a8631 111988 mail optional sympa_5.3.4-5.1.diff.gz
707a274a6d2ace5defa682474044e153 3096090 mail optional sympa_5.3.4-5.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkitpeEACgkQ1OXtrMAUPS2zqwCgs+Bg5vFDS1aEBkwQSuOfnPbi
KDsAoIhnSOxZDI8Q20YoZH5f39iAUwTr
=aVtD
-----END PGP SIGNATURE-----
--- End Message ---