Bug#748918: postgrey fails to start

2014-05-22 Thread Geoff Crompton 
Package: postgrey
Version: 1.34-1.1
Severity: grave
Tags: patch
Justification: renders package unusable

Dear Maintainer,

A fresh install of postgrey on two Wheezy machines fails to start. Much like
was the case in debian bug #722136, starting the postgrey daemon on the
command
line reveals the same failure mode:

$ sudo postgrey --inet 10023
2014/05/22-19:09:07 postgrey (type Net::Server::Multiplex) starting!
pid(15633)
Resolved [localhost]:10023 to [127.0.0.1]:10023, IPv4
Binding to TCP port 10023 on host 127.0.0.1 with IPv4
Insecure dependency in bind while running with -T switch at
/usr/lib/perl/5.14/IO/Socket.pm line 202.

Applying the same patch,
https://github.com/yasuhirokimura/postgrey/commit/9673b54064691a5b9c295ffea340d8a1f9ee1cb8,
fixes this problem for me.

I wonder if the changes introduced with perl-base 5.14.2-21+deb7u1
created the problem, but I haven't found a perl-base 5.14.2-21 package
to install to see if the problem goes away.

-- System Information:
Debian Release: 7.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages postgrey depends on:
ii  adduser3.113+nmu3
ii  debconf [debconf-2.0]  1.5.49
ii  libberkeleydb-perl 0.51-1
ii  libnet-dns-perl0.66-2+b2
ii  libnet-server-perl 2.006-1+deb7u1
ii  perl   5.14.2-21+deb7u1
ii  ucf3.0025+nmu3

Versions of packages postgrey recommends:
ii  libnet-rblclient-perl  0.5-2
ii  libparse-syslog-perl   1.10-2
ii  postfix2.9.6-2

postgrey suggests no packages.

-- debconf information:
  postgrey/1.32-3_changeport:


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#703468: linux-image-3.2.0-4-amd64 fails to boot on apple iMac

2013-03-19 Thread Geoff Crompton 

Package: src:linux
Version: 3.2.39-2
Severity: grave

Dear Maintainer,

I upgraded to the 3.2.39-2 package last night, and this morning my 
system wouldn't boot. I used Marco's advice in #551798 to set 
init=/bin/bash, and found the boot stopped after running /etc/rcS.d/S02udev.


Sometimes there would be a screen full of kernel messages, that ended in 
a message like:


fb: conflicting fb hw usage radeondrmfb vs EFI VGA - removing generic driver

Sorry I can't provide more details, I didn't take a photo of the screen.

Using by init=/bin/bash shell I downgraded the kernel package to the 
3.2.35-2 package (which was what I was running prior to yesterdays 
upgrade), and my system booted successfully.


The attached linux-image-reportbugoutput file was generated by running:

$ reportbug -q --template -T none -s none -S normal -b --list-cc none -q 
linux-image-3.2.0-4-amd64 > ~/tmp/linux-image-reportbugoutput


Please note that this reportbug run was while running on the 3.2.35-2 
package of the kernel, so some of the details will be misleading.
Include network configuration and status from this computer? 
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Geoff Crompton 
To: Debian Bug Tracking System 
Subject: linux-image-3.2.0-4-amd64: none
X-Debbugs-Cc: none

Package: src:linux
Version: 3.2.35-2
Severity: normal

Dear Maintainer,
*** Please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these lines ***


-- Package-specific info:
** Version:
Linux version 3.2.0-4-amd64 (debian-ker...@lists.debian.org) (gcc version 4.6.3 
(Debian 4.6.3-14) ) #1 SMP Debian 3.2.35-2

** Command line:
BOOT_IMAGE=/vmlinuz-3.2.0-4-amd64 
root=UUID=7de8ea19-10bf-4b66-a1e3-a14e6ac34d80 ro quiet

** Not tainted

** Kernel log:
[   11.154250] ATOM BIOS: Apple
[   11.154260] [drm] GPU not posted. posting now...
[   11.172389] radeon :01:00.0: VRAM: 512M 0x - 
0x1FFF (512M used)
[   11.172391] radeon :01:00.0: GTT: 512M 0x2000 - 
0x3FFF
[   11.174594] [drm] Detected VRAM RAM=512M, BAR=256M
[   11.174596] [drm] RAM width 128bits DDR
[   11.174675] [TTM] Zone  kernel: Available graphics memory: 2019148 kiB.
[   11.174677] [TTM] Initializing pool allocator.
[   11.174711] [drm] radeon: 512M of VRAM memory ready
[   11.174713] [drm] radeon: 512M of GTT memory ready.
[   11.174726] [drm] Supports vblank timestamp caching Rev 1 (10.10.2010).
[   11.174727] [drm] Driver supports precise vblank timestamp query.
[   11.174765] radeon :01:00.0: irq 50 for MSI/MSI-X
[   11.174770] radeon :01:00.0: radeon: using MSI.
[   11.174814] [drm] radeon: irq initialized.
[   11.174817] [drm] GART: num cpu pages 131072, num gpu pages 131072
[   11.175157] [drm] Loading TURKS Microcode
[   11.264106] Bluetooth: Generic Bluetooth USB driver ver 0.6
[   11.264325] usbcore: registered new interface driver btusb
[   11.338630] platform radeon_cp.0: firmware: agent loaded 
radeon/TURKS_pfp.bin into memory
[   11.526432] platform radeon_cp.0: firmware: agent loaded radeon/TURKS_me.bin 
into memory
[   11.612326] platform radeon_cp.0: firmware: agent loaded radeon/BTC_rlc.bin 
into memory
[   11.662351] platform radeon_cp.0: firmware: agent loaded radeon/TURKS_mc.bin 
into memory
[   11.665046] [drm] PCIE GART of 512M enabled (table at 0x0004).
[   11.665170] radeon :01:00.0: WB enabled
[   11.681439] [drm] ring test succeeded in 2 usecs
[   11.681532] [drm] radeon: ib pool ready.
[   11.681635] [drm] ib test succeeded in 0 usecs
[   11.683096] [drm] Radeon Display Connectors
[   11.683097] [drm] Connector 0:
[   11.683098] [drm]   eDP
[   11.683099] [drm]   HPD3
[   11.683101] [drm]   DDC: 0x6450 0x6450 0x6454 0x6454 0x6458 0x6458 0x645c 
0x645c
[   11.683102] [drm]   Encoders:
[   11.683104] [drm] LCD1: INTERNAL_UNIPHY2
[   11.683105] [drm] Connector 1:
[   11.683106] [drm]   DisplayPort
[   11.683107] [drm]   HPD1
[   11.683108] [drm]   DDC: 0x6430 0x6430 0x6434 0x6434 0x6438 0x6438 0x643c 
0x643c
[   11.683109] [drm]   Encoders:
[   11.683110] [drm] DFP1: INTERNAL_UNIPHY1
[   11.683112] [drm] Connector 2:
[   11.683112] [drm]   DisplayPort
[   11.683113] [drm]   HPD2
[   11.683115] [drm]   DDC: 0x6440 0x6440 0x6444 0x6444 0x6448 0x6448 0x644c 
0x644c
[   11.683116] [drm]   Encoders:
[   11.683117] [drm] DFP2: INTERNAL_UNIPHY1
[   11.683118] [drm] Connector 3:
[   11.683119] [drm]   DisplayPort
[   11.683120] [drm]   HPD5
[   11.683121] [drm]   DDC: 0x6460 0x6460 0x6464 0x6464 0x6468 0x6468 0x646c 
0x646c
[   11.683123] [drm]   Encoders:
[   11.683124] [drm] DFP3: INTERNAL_UNIPHY2
[   11.683125] [drm] Connector 4:
[   11.683126] [drm]

Bug#594615: error while flashing on Harmony 525 remote

2010-10-01 Thread Geoff Crompton 
This is a me to. I've got a Harmony 525 remote, and I have the same
problems as the original bug reporter.

I also found that the 0.21-5 packages from snapshots.debian.org worked.

This seems to have been reported upstream:

http://sourceforge.net/tracker/?func=detail&aid=3071382&group_id=201579&atid=978127

There is a new upstream release, 0.23, but it according to the upstream
bug report, it doesn't fix this bug.

Cheers,
Geoff Crompton



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#567618: makes my system unbootable

2010-01-31 Thread Geoff Crompton 
I've had this problem as well, and my laptop then failed to boot. When I 
attempt to boot grub is launched by the bios, and I see:



GRUB loading.
Welcome to GRUB!

error: the symbol 'grub_env_find' not found.
Entering rescue mode...
grub rescue>



Please consider upgrading the severity of this bug to critical.

The grub manual http://grub.enbug.org/Manual suggests from the 
grub-rescue prompt said I should be able to load the normal module:

 insmod /boot/grub/normal.mod
But this doesn't work:

grub rescue> insmod /grub/normal.mod
error: the symbol 'grub_env_find' not found.
grub rescue>



I managed to recover my system by using the squeeze versions of grub-pc 
and grub-common. I achieved this by:

 * rebooting with a usb stick configured with the squeeze installer,
 * mounting the laptop drives
 * chrooting into the filesystem
 * downloaded the squeeze grub-pc and grub-common packages (version 
1.98~20100115-1)

 * installing them
 * bind mounting /dev and /proc into the chroot
 * running upgrade-grub and grub-install '(hd0)' (I suspect if I'd 
already mounted /dev and /proc when installing the packages I wouldn't 
have had to do that separately).


--
Geoff Crompton



--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#378070: CVE-2006-3403: Memory exhaustion DoS against smbd

2006-07-12 Thread Geoff Crompton 
Package: samba
Version: 3.0.14a-3sarge1
Severity: grave

Samba have announced http://www.samba.org/samba/security/CAN-2006-3403.html,
and have a patch available. It affects all samba configurations, hence I
consider this grave.
I wouldn't be surprised if the security team is already aware of this.


-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-3-686-smp
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1)

Versions of packages samba depends on:
ii  debconf [debconf-2.0] 1.4.30.13  Debian configuration management sy
ii  libacl1   2.2.23-1   Access control list shared library
ii  libc6 2.3.2.ds1-22sarge3 GNU C Library: Shared libraries an
ii  libcomerr21.37-2sarge1   common error description library
ii  libcupsys2-gnutls10   1.1.23-10sarge1Common UNIX Printing System(tm) - 
ii  libkrb53  1.3.6-2sarge2  MIT Kerberos runtime libraries
ii  libldap2  2.1.30-8   OpenLDAP libraries
ii  libpam-modules0.76-22Pluggable Authentication Modules f
ii  libpam-runtime0.76-22Runtime support for the PAM librar
ii  libpam0g  0.76-22Pluggable Authentication Modules l
ii  logrotate 3.7-5  Log rotation utility
ii  netbase   4.21   Basic TCP/IP networking system
ii  samba-common  3.0.14a-3sarge1Samba common files used by both th

-- debconf information excluded


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#364842: dnsmasq: bid 17662: broadcast reply DoS

2006-04-25 Thread Geoff Crompton 
Package: dnsmasq
Version: 2.22-2
Severity: grave
Justification: user security hole

According to securityfocus dnsmasq will crash if it gets a broadcast reply
packet:
http://www.securityfocus.com/bid/17662

This DoS affects sarge. Any idea if a DSA is in the works?

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-3-686-smp
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1)

Versions of packages dnsmasq depends on:
ii  libc6 2.3.2.ds1-22sarge3 GNU C Library: Shared libraries an
ii  netbase   4.21   Basic TCP/IP networking system


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#350964: CVE-2006-0225, scponly shell command possible

2006-03-27 Thread Geoff Crompton 
Just like to bring bug #350964 back to the limelight. Briefly recapping

Feb 2, I created the bug report
Feb 6, unstable fixed by Thomas
Feb 13 DSA 969-1 released
Feb 15 I questioned if sarge fixed, Thomas, Joey and Steve respond/discuss.

At the moment it looks like Thomas is suggesting that DSA 969 didn't fix
this bug, but did fix another bug, the CVE mentioned in the DSA.

I don't know if Thomas is saying this based on the text of the DSA, or
if he compared the actual package to the patch he suggested. It would be
great to get confirmation that either the DSA did fix this bug, or that
another DSA might be needed.

Cheers

Thomas Wana wrote:
> Steve Kemp wrote:
> 
>>On Wed, Feb 15, 2006 at 02:01:51PM +1100, Geoff Crompton wrote:
>>
>>
>>
>>>This bug has been closed for unstable (see bug 350964) with the 4.6
>>>upload, but will it be fixed for sarge?
>>
>>
>>  Please see DSA-969-1 released two days ago:
>>
>>http://www.us.debian.org/security/2006/dsa-969
>>
>>  Sarge is fixed.
> 
> 
> No, this is about Bug #350964, not Bug #344418 (which is fixed in
> Sarge).


-- 
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#352182: was this closed with DSA 985-1

2006-03-27 Thread Geoff Crompton 
Hi, did DSA 985-1 close this?

-- 
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#327139: apache-perl purge ate /etc/apache

2006-03-26 Thread Geoff Crompton 
Adam Conrad wrote:
> Geoff Crompton wrote:
> 
>>Do you have any recommendations on how to safely purge apache-perl? I
>>thought it'd be good to have it documented in this bug report, for
>>future people that might stumble across this.
>>
>> * manually edit files in /var/lib/dpkg/info to remove references to
>>things belonging to apache, then purge
> 
> 
> This one's probably your best bet.
> /var/lib/dpkg/info/apache-perl.{prerm,postrm} may both be executed on
> purge, depending on the current state of the package, and how those
> scripts are written.  Dissecting them to remove whatever offending bits
> they may have shouldn't be too hard.
> 
> ... Adam
> 

There is also /var/lib/dpkg/info/apache-perl.list, with the line
"/etc/apache". Does dpkg use this file to remove stuff? Or is everything
to be removed expressed in the apache-perl.*rm scritpts?

-- 
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#327139: apache-perl purge ate /etc/apache

2006-03-23 Thread Geoff Crompton 
Adam Conrad wrote:
> Geoff Crompton wrote:
> 
>>ii  apache 1.3.33-6sarge1 versatile, high-performance HTTP server
>>pc  apache-perl1.3.9-13.1-1.2 Versatile, high-performance HTTP
> 
> 
> There's nothing I can do to fix the potato (!) version of apache-perl at
> this point.
> 
> ... Adam


Thats an excellent point, one which occured to me after I sent my bug
report through.

Do you have any recommendations on how to safely purge apache-perl? I
thought it'd be good to have it documented in this bug report, for
future people that might stumble across this.

Strategies that I thought might work (but don't want to test on the
clients system) were:

 * install newest version of apache-perl, then purge it (don't know if
that will trigger the old apache-perl postrm
 * manually edit files in /var/lib/dpkg/info to remove references to
things belonging to apache, then purge
 * manually purge it by removing files in /var/lib/dpkg/info

However in each of these cases, I'm not sure of the specifics. Ie, what
would need to be removed for the third option, or what changes will make
purging safe in the second option.

-- 
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#327139: apache-perl purge ate /etc/apache

2006-03-23 Thread Geoff Crompton 
This just happened to me as well. It is currently reproducable, in that
after I'd restored /etc/apache from backup, I tried it again, and it
occured again.
It's a clients server, so I'm not keen repeating this process though.
You can see below I've done some investigating about whats going on.

[EMAIL PROTECTED]:/etc# dpkg -l apache apache-perl
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err:
uppercase=bad)
||/ Name   VersionDescription
+++-==-==-
ii  apache 1.3.33-6sarge1 versatile, high-performance HTTP server
pc  apache-perl1.3.9-13.1-1.2 Versatile, high-performance HTTP
server with

[EMAIL PROTECTED]:/etc# ls -1 apache
access.conf
conf
conf.d
httpd.conf
httpd.conf.0
mime.types
modules.conf
srm.conf
ssl.crl
ssl.crt
ssl.csr
ssl.key
ssl.prm

[EMAIL PROTECTED]:/etc# sudo aptitude purge apache-perl
Reading Package Lists... Done
Building Dependency Tree
Reading extended state information
Initializing package states... Done
Reading task descriptions... Done
The following packages will be REMOVED:
  apache-perl
0 packages upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
Need to get 0B of archives. After unpacking 0B will be used.
Do you want to continue? [Y/n/?]
Writing extended state information... Done
(Reading database ... 43883 files and directories currently installed.)
Removing apache-perl ...
Purging configuration files for apache-perl ...
Website at /var/www has NOT been deleted.
update-rc.d: /etc/init.d/apache exists during rc.d purge (use -f to force)
dpkg: error processing apache-perl (--purge):
 subprocess post-removal script returned error exit status 1
Errors were encountered while processing:
 apache-perl
E: Sub-process /usr/bin/dpkg returned an error code (1)
Ack!  Something bad happened while installing packages.  Trying to recover:
Reading Package Lists... Done
Building Dependency Tree
Reading extended state information
Initializing package states... Done
Reading task descriptions... Done

[EMAIL PROTECTED]:/etc# ls apache
ls: apache: No such file or directory

[EMAIL PROTECTED]:/etc# dpkg -l apache apache-perl
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err:
uppercase=bad)
||/ Name   VersionDescription
+++-==-==-
ii  apache 1.3.33-6sarge1 versatile, high-performance HTTP server
pc  apache-perl1.3.9-13.1-1.2 Versatile, high-performance HTTP
server with


[EMAIL PROTECTED]:/etc# cd /var/lib/dpkg/info/

[EMAIL PROTECTED]:/var/lib/dpkg/info# cat apache-perl.list
/etc/apache

[EMAIL PROTECTED]:/var/lib/dpkg/info# cat apache-perl.postrm
#! /bin/sh
# postrm script for apache
#
# see: dh_installdeb(1)

set -e

# summary of how this script can be called:
#*  `remove'
#*  `purge'
#*  `upgrade' 
#*  `failed-upgrade' 
#*  `abort-install'
#*  `abort-install' 
#*  `abort-upgrade' 
#*  `disappear' overwrit>r> 
# for details, see /usr/doc/packaging-manual/

if [ "$1" = "purge" ]
then
rm -rf /var/lib/apache
rm -rf /var/log/apache
rm -rf /var/run/apache
rm -rf /var/run/apache_runtime_status
rm -rf /var/run/apache.status
rm -rf /var/run/apache.scoreboard
rm -rf /etc/apache

if [ -e /var/www ]
then
echo Website at /var/www has NOT been deleted.
fi
fi

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.

# Automatically added by dh_installinit
if [ "$1" = "purge" ] ; then
update-rc.d apache remove >/dev/null
fi
# End automatically added section



-- 
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#357173: firebird2: local buffer overflow, please upload 1.5.3

2006-03-15 Thread Geoff Crompton 
Package: firebird2
Severity: grave
Justification: user security hole

Apparently firebird 1.5.3 fixes a buffer overflow. I saw it at
http://www.securityfocus.com/bid/17077. More details at
http://www.securityfocus.com/archive/1/427480

The researcher has a patch for the specific problem he found in 1.5.2, but he
recommends just upgrading to 1.5.3.

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686-smp
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#350964: CVE-2006-0225, scponly shell command possible

2006-02-14 Thread Geoff Crompton 
This bug has been closed for unstable (see bug 350964) with the 4.6
upload, but will it be fixed for sarge?

-- 
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#323706: CAN-2005-2103, CAN-2005-2102, AIM/ICQ protocols vulnerability

2006-02-14 Thread Geoff Crompton 
Just wondering if their will be a fix for this?

-- 
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#352902: CVE-2006-0481: PNG_Set_Strip_Alpha Buffer Overflow

2006-02-14 Thread Geoff Crompton 
Package: libpng
Severity: grave
Justification: user security hole

As seen on http://www.securityfocus.com/bid/16626, there is a buffer overflow.

Redhat have a patch available at:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179455

However security focus lists versions 1.0.16, 1.0.17, 1.2.6, and 1.2.7 as
vulnerable, but I see we've got higher versions in sarge.
But I'm unsure if 1.2.8rel-1 is a pre-release version of 1.2.8, and hence
whether it will have this fix or not.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#350964: CVE-2006-0225: shell command possible

2006-02-01 Thread Geoff Crompton 
Package: scponly
Severity: grave
Justification: user security hole

As seen at http://www.securityfocus.com/bid/16369, there is a vulnerability
that allows arbitary shell commands to be run.

More details at:
http://bugzilla.mindrot.org/show_bug.cgi?id=1094


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#340675: CVE-2005-3570: Cross site scripting vulnerability

2005-11-24 Thread Geoff Crompton 
Package: horde2
Severity: grave
Justification: user security hole


Security focus http://www.securityfocus.com/bid/15409 reports an
unspecidied problem with Horde.

Horde at http://www.securityfocus.com/advisories/9756 describes:
>By enticing a user to read a specially-crafted e-mail or using a
>manipulated URL, an attacker can execute arbitrary scripts running in
>the context of the victim's browser. This could lead to a compromise of
>the user's browser content.

They recommend using horde 2.2.9

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686-smp
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#310690: sarge patch?

2005-11-21 Thread Geoff Crompton 
Is sarge affected by this bug?

-- 
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#339526: spamassassin: CVE-2005-3351: Bus Error Spam Detection Bypass Vulnerability

2005-11-16 Thread Geoff Crompton 
Package: spamassassin
Version: 3.0.3-1
Severity: grave
File: spamassassin

Security Focus is reporting a problem with spamassassin: 
http://www.securityfocus.com/bid/15373

In short, there is a perl regexp that crashes if spamassassin tries to
pass an email with thousands of addressess in it.

They refer to the spamassassin bugzilla:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4570

In that bugzilla entry someone suggested this patch:
http://issues.apache.org/SpamAssassin/attachment.cgi?id=3121

And the end of the bugzilla report it says that the fix was committed with 
331942.

--
Geoff Crompton


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#334621: mozilla-thunderbird: SMTP down negotiation weakness

2005-10-18 Thread Geoff Crompton 
Package: mozilla-thunderbird
Version: 1.0.2-2.sarge1.0.6
Severity: grave
Justification: user security hole

Thunderbird reverts to plain authentication for SMTP, in order to
provide more compatability for SMTP servers that don't support crypt
auth. However no warning is given to user, and there is no way to
overide this behaviour, so it is very easy for users passwords to be
sent in clear text.

This is in mozillas bugzilla:
https://bugzilla.mozilla.org/show_bug.cgi?id=311657

It seems that at the moment upstream isn't too concerned about it. But
it sure as heck alarms me.

Researcher who discovered it has this page:
http://www.henlich.de/moz-smtp/

I first saw it mentioned on Security Focus:
http://www.securityfocus.com/bid/15106


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#324617: mozilla-firefox: history window segfaults

2005-09-01 Thread Geoff Crompton 
I can confirm that 1.0.4-2sarge3 fixes the history crashing bug for me.
Thanks!

-- 
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#324617: mozilla-firefox: side-bar segfaults

2005-08-29 Thread Geoff Crompton 
Chad Walstrom wrote:
> Package: mozilla-firefox
> Version: 1.0.4-2sarge2
> 
> I've also gotten mozilla to reliably crash when trying to view the
> sidebar, regardless if it's history or bookmarks.  I removed
> mozilla-tabextensions (1.14.2005040701-1) and it quit crashing.  So,
> this bug should probably be refiled against mozilla-tabextensions.
> 
> Test it to make certain, though.
> 

I don't have mozilla-tabextensions installed. I do have web developer
0.8 installed though. However I've just uninstalled web developer and
restarted, and trying to open the history still crashes the browser.

Cheers

-- 
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#324617: mozilla-firefox: history window segfaults

2005-08-22 Thread Geoff Crompton 
Package: mozilla-firefox
Version: 1.0.4-2sarge2
Severity: grave
Justification: renders package unusable

firefox 1.0.4-2sarge2 segfaults when I try to open the history window,
either using the short cut key, or the menu to open it. It leaves behind
a core file that is 56M. 

Backtrace is:
(gdb) bt
#0  0x401a7852 in raise () from /lib/tls/libpthread.so.0
#1  0x08c1abfa in nsProfileLock::FatalSignalHandler ()
#2  
#3  0x4002a022 in JS_GetClass () from
/usr/lib/mozilla-firefox/libmozjs.so
#4  0x08463a54 in nsScriptSecurityManager::CheckObjectAccess ()
#5  0x4004a8a8 in js_ErrorFromException ()
   from /usr/lib/mozilla-firefox/libmozjs.so
#6  0x4004b7a1 in js_ErrorToException ()
   from /usr/lib/mozilla-firefox/libmozjs.so
#7  0x400349a0 in js_ContextIterator ()
   from /usr/lib/mozilla-firefox/libmozjs.so
#8  0x40035109 in js_ReportErrorNumberVA ()
   from /usr/lib/mozilla-firefox/libmozjs.so
#9  0x4002e66a in JS_ReportErrorNumber ()
   from /usr/lib/mozilla-firefox/libmozjs.so
#10 0x4006b51d in js_ValueToNonNullObject ()
   from /usr/lib/mozilla-firefox/libmozjs.so
#11 0x400583a6 in js_Interpret () from
/usr/lib/mozilla-firefox/libmozjs.so
#12 0x40052617 in js_Invoke () from /usr/lib/mozilla-firefox/libmozjs.so
#13 0x400528f3 in js_InternalInvoke ()
   from /usr/lib/mozilla-firefox/libmozjs.so
#14 0x40052a4e in js_InternalGetOrSet ()
   from /usr/lib/mozilla-firefox/libmozjs.so
#15 0x40069365 in js_GetProperty () from
/usr/lib/mozilla-firefox/libmozjs.so
#16 0x08378497 in XPC_WN_JSOps_Shutdown ()
#17 0x4005836e in js_Interpret () from
/usr/lib/mozilla-firefox/libmozjs.so
#18 0x40052617 in js_Invoke () from /usr/lib/mozilla-firefox/libmozjs.so
#19 0x400528f3 in js_InternalInvoke ()
   from /usr/lib/mozilla-firefox/libmozjs.so
#20 0x4002debb in JS_CallFunctionValue ()
   from /usr/lib/mozilla-firefox/libmozjs.so
#21 0x088c03cf in nsJSContext::CallEventHandler ()
#22 0x087863e6 in nsJSEventListener::SetEventName ()
#23 0x0872b760 in nsXBLPrototypeHandler::ExecuteHandler ()
#24 0x0872c50b in nsXBLPrototypeHandler::BindingAttached ()
#25 0x088ae722 in nsXBLBinding::InstallAnonymousContent ()
#26 0x0877d66a in nsEventReceiverSH::RegisterCompileHandler ()
#27 0x0836f267 in XPCWrappedNative::GetNewOrUsed ()
#28 0x08360432 in XPCConvert::NativeInterface2JSObject ()
#29 0x0835f631 in XPCConvert::NativeData2JS ()
#30 0x083726c7 in XPCWrappedNative::CallMethod ()
#31 0x08379701 in XPC_WN_CallMethod ()
#32 0x40052546 in js_Invoke () from /usr/lib/mozilla-firefox/libmozjs.so
#33 0x4005c5c9 in js_Interpret () from
/usr/lib/mozilla-firefox/libmozjs.so
#34 0x40052617 in js_Invoke () from /usr/lib/mozilla-firefox/libmozjs.so
#35 0x4005c5c9 in js_Interpret () from
/usr/lib/mozilla-firefox/libmozjs.so
#36 0x40052617 in js_Invoke () from /usr/lib/mozilla-firefox/libmozjs.so
#37 0x400528f3 in js_InternalInvoke ()
   from /usr/lib/mozilla-firefox/libmozjs.so
#38 0x4002debb in JS_CallFunctionValue ()
   from /usr/lib/mozilla-firefox/libmozjs.so
#39 0x088c03cf in nsJSContext::CallEventHandler ()
#40 0x087863e6 in nsJSEventListener::SetEventName ()
#41 0x0872b760 in nsXBLPrototypeHandler::ExecuteHandler ()
#42 0x088b6871 in nsXBLWindowHandler::WalkHandlersInternal ()
#43 0x0872a609 in nsXBLWindowKeyHandler::EnsureHandlers ()
#44 0x0872a901 in nsXBLWindowKeyHandler::EnsureHandlers ()
#45 0x0869d379 in nsScriptEventManager::~nsScriptEventManager ()
#46 0x0869ff59 in nsEventListenerManager::HandleEventSubType ()
#47 0x08737ef4 in nsXULDocument::HandleDOMEvent ()
#48 0x087a790a in nsXULElement::HandleDOMEvent ()
#49 0x0858f529 in PresShell::HandleEventInternal ()
#50 0x0858ed91 in PresShell::RetargetEventToParent ()
#51 0x08754071 in nsViewManager::HandleEvent ()
#52 0x08753496 in nsViewManager::UpdateViews ()
#53 0x0874c1c8 in HandleNumbers ()
#54 0x0856adc9 in nsCommonWidget::DispatchResizeEvent ()
#55 0x0856432d in nsWindow::OnKeyPressEvent ()
#56 0x08568242 in nsWindow::DragInProgress ()
#57 0x08ff82f0 in ?? ()
#58 0x08fca538 in ?? ()
#59 0xbfffd368 in ?? ()
#60 0x40488e34 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#61 0x40488e34 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#62 0xbfffd388 in ?? ()
#63 0x402d299e in _gtk_marshal_BOOLEAN__BOXED ()
   from /usr/lib/libgtk-x11-2.0.so.0
Previous frame inner to this frame (corrupt stack?)



-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686-smp
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1)

Versions of packages mozilla-firefox depends on:
ii  debianutils2.8.4 Miscellaneous utilities specific t
ii  fontconfig 2.3.1-2   generic font configuration library
ii  libatk1.0-01.8.0-4   The ATK accessibility toolkit
ii  libc6  2.3.2.ds1-22  GNU C Library: Shared libraries an
ii  libfontconfig1 2.3.1-2   generic font configuration library
ii  libfreetype6   2.1.7-2.4 FreeType 2 font engine, shared lib
ii  libgcc11:3.4.

Bug#323706: gaim: CAN-2005-2103, CAN-2005-2102, AIM/ICQ protocols vulnerability

2005-08-17 Thread Geoff Crompton 
Package: gaim
Version: 1:1.2.1-1.4
Severity: grave
Justification: user security hole

This info from http://www.securityfocus.com/bid/14531. Seems ubuntu have
released usn-168-1 to announce their fix:
http://www.ubuntulinux.org/support/documentation/usn/usn-168-1

CAN-2005-2102 is about an attacker crashing gaim by sending a file over
ICQ with a filename containing invalid UTF-8 characters.

CAN-2005-2103 is about a memory alignment problem in the Gadu library
for the Gadu protocol, of which Gaim has a copy of.


-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686-smp
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1)

Versions of packages gaim depends on:
ii  gaim-data  1:1.2.1-1.4   multi-protocol instant messaging c


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#322273: [CAN-2005-2456]: XFRM array index buffer overflow

2005-08-09 Thread Geoff Crompton 
Package: kernel-source-2.6.8
Version: 2.6.8-16
Severity: critical
Justification: root security hole

SecurityFocus http://www.securityfocus.com/bid/14477 mentions an array index 
buffer overflow.
In short, the suspect it can cause a denial of service attack, but
aren't sure whether or not it allows code execution.

Balaz Scheidler says at
http://www.mail-archive.com/netdev@vger.kernel.org/msg00520.html:
"While reading through the xfrm code I've found a possible array
overflow in struct sock"

He goes on to suggest some patches. However the patch at
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a4f1bac62564049ea4718c4624b0fadc9f597c84
is in the xfrm_user file instead.
I suspect this second patch that was commited will work, and checks the
direction earlier in the code flow than the original email from Balaz in
the first link. The xfrm_user patch is:

--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1350,6 +1350,9 @@ static struct xfrm_policy *xfrm_compile_
if (nr > XFRM_MAX_DEPTH)
return NULL;
 
+   if (p->dir > XFRM_POLICY_OUT)
+   return NULL;
+
xp = xfrm_policy_alloc(GFP_KERNEL);
if (xp == NULL) {
*dir = -ENOBUFS;


On another note, when I'm looking at bugs like this, and I haven't found
them in the bug tracking database, should I be putting them against just
kernel-source-2.6.8, or against kernel-source-2.6.11 as well, or is
there a generic kernel-source-2.6 package?


-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686-smp
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1)

Versions of packages kernel-source-2.6.8 depends on:
ii  binutils  2.15-6 The GNU assembler, linker and bina
ii  bzip2 1.0.2-7high-quality block-sorting file co
ii  coreutils [fileutils] 5.2.1-2The GNU core utilities

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#315115: sudo: This bug refers to CAN-2005-1993

2005-06-22 Thread Geoff Crompton 
Package: sudo
Version: 1.6.8p7-1.1
Followup-For: Bug #315115

Just for information, this bug refers to CAN-2005-1993, and corresponds
to security focus BID 13993.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#310803: bzip2: CAN-2005-1260 decompression bomb vulnerability

2005-05-25 Thread Geoff Crompton 
Package: bzip2
Version: 1.0.2-6
Severity: critical
Justification: breaks the whole system

See http://www.securityfocus.com/bid/13657 for more info. Quoting from
MDKSA-2005:091
>A vulnerability was found where specially crafted bzip2 archives would
> cause an infinite loop in the decompressor, resulting in an
> indefinitively large output file (also known as a "decompression
> bomb").  This could be exploited to cause a Denial of Service attack
> on the host computer due to disk space exhaustion (CAN-2005-1260).

Ubuntu have released advisory USN-127-1. I had a look through the patch
that this cited, but I couldn't tell which parts of it were related to
this, which were related to CAN-2005-0953, and which were other mods.
I pulled this patch from
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.2-1ubuntu0.1.diff.gz

I've also not been able to find a diff between 1.0.2 and 1.0.3 from
upsteam.

I've marked this RC as it can hose a system, but if others think the
likely hood of exploit is fairly small, I've no problems with it being
reclassified.

--
Geoff Crompton


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#305605: CAN-2005-0718: remote DoS from aborted connections

2005-04-20 Thread Geoff Crompton 
Package: squid
Severity: grave
Justification: user security hole

More info at http://www.securityfocus.com/bid/13166, but in summary:

> A remote denial of service vulnerability affects the Squid Proxy.
> This issue is due to a failure of the application to properly handle
> exceptional network requests.  The problem presents itself when a
> remote attacker prematurely aborts a connection during a PUT or POST
> request.
> A remote attacker may leverage this issue to crash the affected Squid
> Proxy, denying service to legitimate users.

Vulnerable versions listed at that site say that 2.4.6, and 2.5.9 are
both vulnerable, suggesting that Woody, Sarge, Sid are all exposed.


-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686-smp
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#305601: CAN-2005-0404: serious content spoofing vulnerability

2005-04-20 Thread Geoff Crompton 
Package: kmail
Severity: grave
Justification: user security hole

For more information see:
http://www.securityfocus.com/bid/13085

In summary:
> A remote email message content spoofing vulnerability affects KDE
> KMail.  This issue is due to a failure of the application to properly
> sanitize HTML email messages.
> An attacker may leverage this issue to spoof email content and various
> header fields of email messages.  This may aid an attacker in
> conducting phishing and social engineering attacks by spoofing PGP
> keys as well as other critical information.

securityfocus list 3.3.2 as vulnerable, which is currently in Sarge and
Sid. No idea if it would affect 2.2.2 which is in Woody.

See KDE bug 96020.

Work around is to disable HTML email.

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686-smp
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#303501: CAN-2005-0750: Bluetooth root exploit due to boundary checking

2005-04-06 Thread Geoff Crompton 
Package: kernel-source-2.6.8
Version: 2.6.8-15
Severity: critical
Justification: root security hole

USN-103-1 says this:
> Ilja van Sprundel discovered that the bluez_sock_create() function did
> not check its "protocol" argument for negative values. A local
> attacker could exploit this to execute arbitrary code with root
> privileges by creating a Bluetooth socket with a specially crafted
> protocol number. (CAN-2005-0750) 

It's fixed in 2.6.11.6, and the relevant diff can be seen:
http://www.kernel.org/diff/diffview.cgi?file=%2Fpub%2Flinux%2Fkernel%2Fv2.6%2Fincr%2Fpatch-2.6.11.5-6.bz2;z=6


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#302093: CAN-2005-0762: buffer overflow, code execution

2005-03-29 Thread Geoff Crompton 
Package: imagemagick
Version: 6:6.0.6.2-2.2
Severity: grave
Justification: user security hole

See http://www.securityfocus.com/bid/12873 for more information. In
summary:
> ImageMagick is prone to a heap-based buffer overflow vulnerability.
> This vulnerability exists in the SGI image file parser.
> Successful exploitation may result in execution of arbitrary code.
> This issue may potentially be exploited through the ImageMagick
> application or in other applications that import the SGI image file
> parser component.
> It is noted that the SGI codec is enabled by default in ImageMagick.

Seems Sid and Sarge with their newer versions are not affected.


-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686-smp
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1)

Versions of packages imagemagick depends on:
ii  libmagick6 6:6.0.6.2-2.2 Image manipulation library

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#299865: CAN-2005-0736: Boundary condition error in sys_epoll_wait

2005-03-16 Thread Geoff Crompton 
Package: kernel-source-2.6.8
Version: 2.6.8-13
Severity: critical
Justification: root security hole

There is a local integer overflow vulnerability in the sys_epoll_wait()
call. See following for detail:
http://www.securityfocus.com/bid/12763/

Apologies if already reported.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]