[Bug 1090551] Re: bogofilter heap vulnerabilty CVE-2012-5468
** Changed in: bogofilter (Fedora) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1090551 Title: bogofilter heap vulnerabilty CVE-2012-5468 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bogofilter/+bug/1090551/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1090551]
Shouldn't this issue be closed? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1090551 Title: bogofilter heap vulnerabilty CVE-2012-5468 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bogofilter/+bug/1090551/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1090551]
Hello Red Hat Product Security, can this bug be closed? Both bugs this depends on have been closed. So it looks like this could also be closed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1090551 Title: bogofilter heap vulnerabilty CVE-2012-5468 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bogofilter/+bug/1090551/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1090551] Re: bogofilter heap vulnerabilty CVE-2012-5468
Launchpad has imported 8 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=883358. If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. On 2012-12-04T11:59:01+00:00 Jan wrote: A heap-based buffer overflow flaw was found in the way bogolexer component of Bogofilter, fast anti-spam filtering tool by Bayesian statistical analysis, performed decoding of certain base64 strings. A remote attacker could provide a specially-crafted base64 code (decoding to incomplete multibyte characters) that, when processed, would lead to bogolexer executable crash or, potentially, arbitrary code execution with the privileges of the user running the binary. Upstream advisory: [1] http://bogofilter.sourceforge.net/security/bogofilter-SA-2012-01 References: [2] http://www.openwall.com/lists/oss-security/2012/12/03/13 Relevant upstream patch: [3] http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision=6973 Reproducer / regression test: [4] http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision=6975 Reply at: https://bugs.launchpad.net/ubuntu/+source/bogofilter/+bug/1090551/comments/0 On 2012-12-04T12:00:51+00:00 Jan wrote: This issue affects the versions of the bogofilter package, as shipped with Fedora release of 16 and 17. Please schedule an update. -- This issue affects the versions of the bogofilter package, as shipped with Fedora EPEL 5 and Fedora EPEL 6. Please schedule an update. Reply at: https://bugs.launchpad.net/ubuntu/+source/bogofilter/+bug/1090551/comments/1 On 2012-12-04T12:02:14+00:00 Jan wrote: Created bogofilter tracking bugs for this issue Affects: fedora-all [bug 883359] Affects: epel-all [bug 883360] Reply at: https://bugs.launchpad.net/ubuntu/+source/bogofilter/+bug/1090551/comments/2 On 2012-12-13T05:57:14+00:00 Fedora wrote: bogofilter-1.2.3-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/bogofilter/+bug/1090551/comments/3 On 2012-12-13T05:58:50+00:00 Fedora wrote: bogofilter-1.2.3-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/bogofilter/+bug/1090551/comments/4 On 2012-12-21T00:32:46+00:00 Fedora wrote: bogofilter-1.2.3-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/bogofilter/+bug/1090551/comments/6 On 2012-12-21T00:33:58+00:00 Fedora wrote: bogofilter-1.2.3-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/bogofilter/+bug/1090551/comments/7 On 2013-01-12T01:12:20+00:00 Fedora wrote: bogofilter-1.2.3-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/bogofilter/+bug/1090551/comments/9 ** Changed in: bogofilter (Fedora) Status: Unknown => Confirmed ** Changed in: bogofilter (Fedora) Importance: Unknown => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1090551 Title: bogofilter heap vulnerabilty CVE-2012-5468 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bogofilter/+bug/1090551/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1090551] Re: bogofilter heap vulnerabilty CVE-2012-5468
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-5468 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1090551 Title: bogofilter heap vulnerabilty CVE-2012-5468 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bogofilter/+bug/1090551/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1090551] Re: bogofilter heap vulnerabilty CVE-2012-5468
http://www.ubuntu.com/usn/usn-1667-1/ ** Changed in: bogofilter (Ubuntu) Status: New = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1090551 Title: bogofilter heap vulnerabilty CVE-2012-5468 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bogofilter/+bug/1090551/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1090551] [NEW] bogofilter heap vulnerabilty CVE-2012-5468
*** This bug is a security vulnerability *** Public security bug reported: Debian already has a package update: http://bugs.debian.org/cgi- bin/bugreport.cgi?bug=695139 Should be easily releasable for all Ubtuntu LTS versions. For example on 10.04 bogofilter is part of the main repository. The Redhat/Fedora bug: https://bugzilla.redhat.com/show_bug.cgi?id=883358 ** Affects: bogofilter (Ubuntu) Importance: Undecided Status: New ** Affects: bogofilter (Debian) Importance: Unknown Status: Unknown ** Affects: bogofilter (Fedora) Importance: Unknown Status: Unknown ** Information type changed from Private Security to Public Security ** Bug watch added: Debian Bug tracker #695139 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695139 ** Also affects: bogofilter (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695139 Importance: Unknown Status: Unknown ** Bug watch added: Red Hat Bugzilla #883358 https://bugzilla.redhat.com/show_bug.cgi?id=883358 ** Also affects: bogofilter (Fedora) via https://bugzilla.redhat.com/show_bug.cgi?id=883358 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1090551 Title: bogofilter heap vulnerabilty CVE-2012-5468 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bogofilter/+bug/1090551/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1090551] Re: bogofilter heap vulnerabilty CVE-2012-5468
** Changed in: bogofilter (Debian) Status: Unknown = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1090551 Title: bogofilter heap vulnerabilty CVE-2012-5468 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bogofilter/+bug/1090551/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs