[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#778941: marked as done (unblock: dovecot-antispam/2.0+20130912-2)

Your message dated Sun, 22 Feb 2015 20:44:09 +0100
with message-id <20150222194409.GG14545@dogguy.org>
and subject line Re: Bug#778941: unblock: dovecot-antispam/2.0+20130912-2
has caused the Debian Bug report #778941,
regarding unblock: dovecot-antispam/2.0+20130912-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
778941: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778941
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package dovecot-antispam

This one got reported to the security team who forwarded it to me,
so there's no bug currently open against the package for it.  The
security implications seem limited, but it is a real potential
crasher, with a trivially correct fix, so it seems appropriate to
get this change into the release.


diff -u dovecot-antispam-2.0+20130912/debian/changelog dovecot-antispam-2.0+20130912/debian/changelog
--- dovecot-antispam-2.0+20130912/debian/changelog
+++ dovecot-antispam-2.0+20130912/debian/changelog
@@ -1,3 +1,32 @@
+dovecot-antispam (2.0+20130912-2) unstable; urgency=medium
+
+  * Use the correct argc for pipe.ham_args
+
+    This fixes a typo bug, where if the number of arguments set for
+    antispam_pipe_program_spam_arg is not the same as what was set
+    for antispam_pipe_program_notspam_arg, then we'll either scribble
+    past the end of the allocated argv array, or populate it with
+    pointers to whatever followed the real ham_args.
+
+    Thanks to Peter Colberg who reported this, including a correct
+    patch to fix it, to the security team.  The security implications
+    of this seem somewhat limited, since you need to edit a config
+    file as root to create the bad situation, and there is no path
+    for remote injection of crafted data (whether it overflows or
+    underflows) if you do, the argv array will just get some 'random'
+    extra pointers to existing internal data.
+
+    However it does pose a potential problem for a legitimate user
+    who does legitimately need or want to pass a different number of
+    arguments for the spam and ham cases, since that could crash
+    dovecot, or confuse the hell out of their pipe program when it
+    gets some random extra arguments.  It's probably gone unnoticed
+    for this long because most uses will pass the same number of
+    arguments for both of them, but that's not a necessary condition
+    in the general case.
+
+ -- Ron Lee <ron@debian.org>  Sun, 22 Feb 2015 09:27:51 +1030
+
 dovecot-antispam (2.0+20130912-1) unstable; urgency=medium
 
   * Merge upstreamed patches from the upstream branch,
only in patch2:
unchanged:
--- dovecot-antispam-2.0+20130912.orig/pipe.c
+++ dovecot-antispam-2.0+20130912/pipe.c
@@ -46,7 +46,7 @@
 		break;
 	case CLASS_NOTSPAM:
 		dest = cfg->pipe.ham_args;
-		dest_num = cfg->pipe.spam_args_num;
+		dest_num = cfg->pipe.ham_args_num;
 		break;
 	}
 

unblock dovecot-antispam/2.0+20130912-2

--- End Message ---
--- Begin Message --- 
On Sun, Feb 22, 2015 at 11:05:10AM +1030, Ron <ron@debian.org> wrote:
> 
> Please unblock package dovecot-antispam
> 

Unblocked.

Regards,

-- 
Mehdi Dogguy

--- End Message ---
Reply to: