-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 22 Feb 2015 09:27:51 +1030
Source: dovecot-antispam
Binary: dovecot-antispam
Architecture: source amd64
Version: 2.0+20130912-2
Distribution: unstable
Urgency: medium
Maintainer: Ron Lee <r...@debian.org>
Changed-By: Ron Lee <r...@debian.org>
Description:
dovecot-antispam - Dovecot plugins for training spam filters
Changes:
dovecot-antispam (2.0+20130912-2) unstable; urgency=medium
.
* Use the correct argc for pipe.ham_args
.
This fixes a typo bug, where if the number of arguments set for
antispam_pipe_program_spam_arg is not the same as what was set
for antispam_pipe_program_notspam_arg, then we'll either scribble
past the end of the allocated argv array, or populate it with
pointers to whatever followed the real ham_args.
.
Thanks to Peter Colberg who reported this, including a correct
patch to fix it, to the security team. The security implications
of this seem somewhat limited, since you need to edit a config
file as root to create the bad situation, and there is no path
for remote injection of crafted data (whether it overflows or
underflows) if you do, the argv array will just get some 'random'
extra pointers to existing internal data.
.
However it does pose a potential problem for a legitimate user
who does legitimately need or want to pass a different number of
arguments for the spam and ham cases, since that could crash
dovecot, or confuse the hell out of their pipe program when it
gets some random extra arguments. It's probably gone unnoticed
for this long because most uses will pass the same number of
arguments for both of them, but that's not a necessary condition
in the general case.
Checksums-Sha1:
f3158989ea5b777b0174bc3c7cf235bf69f8b0cb 1968
dovecot-antispam_2.0+20130912-2.dsc
776a45f61a6f4f191dcc8832924a8865cf5754e7 3848
dovecot-antispam_2.0+20130912-2.diff.gz
dee152aa7270e6377a3edfcf7934ea582dd075c6 20884
dovecot-antispam_2.0+20130912-2_amd64.deb
Checksums-Sha256:
df0dae7b194b14f7bab0ae5ae9fd2edea590c22a6b93bef886c3d8f73bdc4d88 1968
dovecot-antispam_2.0+20130912-2.dsc
6e93dfcdce0439ac38c539932c4845998381273e6ed22daaeaeb5bf7cd0bcfbf 3848
dovecot-antispam_2.0+20130912-2.diff.gz
b609453dbc935ee3c1ded6202559502031f856debc3ebe038f03fcba09d61c2e 20884
dovecot-antispam_2.0+20130912-2_amd64.deb
Files:
a1904446c64034f3562a2c11659e9cde 1968 mail optional
dovecot-antispam_2.0+20130912-2.dsc
4eae885cfabb6689dcb5baa7f2d413cb 3848 mail optional
dovecot-antispam_2.0+20130912-2.diff.gz
031565fed995a4d796a14453f19d7d43 20884 mail optional
dovecot-antispam_2.0+20130912-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJU6REFAAoJECSWn9pgwHEsiHQQAKhT+g2YhsbI7v13vu0rNYky
oiCE9dDiRZb+Z11WTkUwIJ3hZnE1tQdvb8N7VFB7dw2DYVH7Aq8ug3dhzNWLsefT
WBCJMYPQemWzn+/mLFB5jYLg1JMxAgCNDoFkI9/yh2vztHMczpCjg8u+V30bD9pc
7t8M1Urz+v7lljiL6GgjmOLPqwHvBOZ97kAgaorffz6WeLuseK5YBfkmTMAwjR4h
yIDoYvH5SV9wjMSsKwiFJhgwkU9BQoKcOUrti34FK26kzivrZ5pQqvJN0SgmMGLO
wnuX/rMsgenzo5dgPhY1/SMKIilvjszT1fobliGoKWrrngfGvFDiBvff/NpxNCI6
WDbbRDPoNJs+DY+hBvaoQY6a0OuEIFfAxY9zPDUpHK/sYjkx2vISaEpjZwcQ4T6W
hVwEHPGnIBCnwFyK4HO+hkVn+5FBO6oHndj9lSplA3aI2GuUyLIfux2nhbnbW0zA
2RcXn90kc8SBMjrFVvWX2M0uKWvGf6SJrEJaXjFHFBtJG5QOWjY2jtyLxEm6QxP8
56Jr0OmATThEnMe++feVCyju0c1ADPjvyyV661GjFZh0DSi7m8JN3Jio6mL1arvE
e16n7Bg0ZGgmSNpDZ80XJR9Ax0674ZmWagXk8wLrjNg1abaeFaukZLCsPqvZAdFb
QvZUZOUN8bODNiNpwQe3
=j3CN
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-devel-changes-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/e1ypjyc-0000ho...@franck.debian.org
