Re: Bug#115625: maildrop: Severe bug which could be used to for a DoS attack in reformime
Em Ter 16 Out 2001 19:35, Josip Rodin escreveu:
> On Sun, Oct 14, 2001 at 07:12:38PM +0000, Andre Luis Lopes wrote:
> It appears that the version 0.75 doesn't have the sanity check at all. This
> looks like a serious bug, it can overwrite and lose data that way...
> It also makes one chunk not apply, which is normal. What should be done?
> (Please CC: posts to debian-security to me, I'm not on the list)
> [the rest of the original post follows]
Sorry, I'm just reporting a problem I think Potato is still vulnerable. I
really didn't wrote the previous patch, I just found it in Amavis
documentation and reported the problem.
I think you should better ask upstream what should be done in this case.
Maybe build a new package using a newer maildrop version for potato ? Is that
possible ? I really don't know if some Debian policy will not allow to use a
new maildrop version but, as you told, this bug seems to be serious and we
should provide a fix for it anyway.
Andre Luis Lopes
andrelop at ig dot com dot br