mailscanner: lock/pid file location symlink attack / TEMP-0000000-477739
Is TEMP-0000000-477739 same as CVE-2010-3095?
"""
Index: data/CVE/list
===================================================================
--- data/CVE/list (revision 15492)
+++ data/CVE/list (revision 15493)
@@ -2354,7 +2354,7 @@
NOT-FOR-US: SoftX FTP Client 3.3
CVE-2010-3095 [mailscanner incomplete fix for CVE-2008-5313]
RESERVED
- - mailscanner <unfixed> (bug #596403)
+ - mailscanner 4.79.11-2.1 (bug #596403)
CVE-2010-3094 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x ...)
{DSA-2113-1}
- drupal6 6.18-1 (low; bug #592716)
"""
Links:
http://security-tracker.debian.org/tracker/TEMP-0000000-477739
http://security-tracker.debian.org/tracker/CVE-2008-5313
http://security-tracker.debian.org/tracker/CVE-2010-3095
http://www.mail-archive.com/debian-security-tracker@lists.debian.org/msg01016.html
By the way:
"""
[Date: Sun, 27 Feb 2011 10:33:42 +0000] [ftpmaster: Alexander Reichle-Schmehl]
Removed the following packages from unstable:
mailscanner | 4.79.11-2.2 | source, all
Closed bugs: 531317
------------------- Reason -------------------
RoQA; orphaned
----------------------------------------------
Also closing bug(s): 303929 313145 353266 408161 410647 490948 506148 577916 583527 595945 596396 596397 596398 596399 596400 596510 596512 596514 597611 598726 605869 607226 607747 608337
Also closing WNPP bug(s):
"""
Best regards,
Henri Salo
Reply to: