[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#115625: maildrop: Severe bug which could be used to for a DoS attack in reformime

Em Ter 16 Out 2001 19:35, Josip Rodin escreveu:
> On Sun, Oct 14, 2001 at 07:12:38PM +0000, Andre Luis Lopes wrote:
> It appears that the version 0.75 doesn't have the sanity check at all. This
> looks like a serious bug, it can overwrite and lose data that way...
> It also makes one chunk not apply, which is normal. What should be done?
>
> (Please CC: posts to debian-security to me, I'm not on the list)
>
> [the rest of the original post follows]

   Sorry, I'm just reporting a problem I think Potato is still vulnerable. I 
really didn't wrote the previous patch, I just found it in Amavis 
documentation and reported the problem.

   I think you should better ask upstream what should be done in this case. 
Maybe build a new package using a newer maildrop version for potato ? Is that 
possible ? I really don't know if some Debian policy will not allow to use a 
new maildrop version but, as you told, this bug seems to be serious and we 
should provide a fix for it anyway.

-- 
Andre Luis Lopes
andrelop at ig dot com dot br
Reply to: