#506353 CVE-2008-5312/3: mailscanner might allow local users to overwrite arbitrary files via a symlink attack

To: debian-mentors@lists.debian.org
Subject: #506353 CVE-2008-5312/3: mailscanner might allow local users to overwrite arbitrary files via a symlink attack
From: Simon Walter <simon.walter@hp-factory.de>
Date: Mon, 15 Dec 2008 22:16:31 +0100
Message-id: <[🔎] 87abaxw34g.fsf@hp-factory.de>

Hi,

as you can see here[1] I have got a little security problem with the
package[2] I maintain.

Upstream has fixed the problem quite fast[3] in the last release (4.74.8-1).
I can easily bring this into sid, but what's about lenny?

lenny (testing) 4.68.8-1: all 

Is there a chance to get 4.74.8 unblocked? Is it very unwise to even
try so? Do I have to contact security team and work on a fix for
4.68.8?

Any suggestion/hints where to look or whom to talk to?

-- 
Regards
Simon Walter

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506353
[2] http://packages.debian.org/search?keywords=mailscanner
[3] http://mailscanner.info/ChangeLog

Reply to:

Follow-Ups:
- Re: #506353 CVE-2008-5312/3: mailscanner might allow local users to overwrite arbitrary files via a symlink attack
  - From: Nico Golde <nico@ngolde.de>
- Re: #506353 CVE-2008-5312/3: mailscanner might allow local users to overwrite arbitrary files via a symlink attack
  - From: "Boyd Stephen Smith Jr." <bss03@volumehost.net>

Prev by Date: Re: ITS: xf86-input-tslib (updated package)
Next by Date: Re: #506353 CVE-2008-5312/3: mailscanner might allow local users to overwrite arbitrary files via a symlink attack
Previous by thread: Re: ITS: xf86-input-tslib (updated package)
Next by thread: Re: #506353 CVE-2008-5312/3: mailscanner might allow local users to overwrite arbitrary files via a symlink attack
Index(es):
- Date
- Thread