Re: [SECURITY] [DSA 728-1] New qpopper packages fix arbitrary file overwriting

To: debian-security@lists.debian.org
Cc: Catalyst Sysadmins <sysadmins@catalyst.net.nz>
Subject: Re: [SECURITY] [DSA 728-1] New qpopper packages fix arbitrary file overwriting
From: Andrew McMillan <andrew@catalyst.net.nz>
Date: Thu, 26 May 2005 14:02:51 +1200
Message-id: <[🔎] 1117072971.30150.85.camel@lamb.mcmillan.net.nz>
In-reply-to: <m1DaxuI-000okaC@finlandia.Infodrom.North.DE>
References: <m1DaxuI-000okaC@finlandia.Infodrom.North.DE>

Hi,

There appears to be some inconsistency in this DSA, with the woody
version announced at the top being ...2.woody.5 and the URLs referring
to ...2.woody.4.

Looks like the ...2.woody.5 is correct, but the files aren't there on
the security archive.

Thanks,
					Andrew McMillan.


On Wed, 2005-05-25 at 17:34 +0200, Martin Schulze wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> - --------------------------------------------------------------------------
> Debian Security Advisory DSA 728-1                     security@debian.org
> http://www.debian.org/security/                             Martin Schulze
> May 25th, 2005                          http://www.debian.org/security/faq
> - --------------------------------------------------------------------------
> 
> Package        : qpopper
> Vulnerability  : missing privilege release
> Problem-Type   : local
> Debian-specific: no
> CVE IDs        : CAN-2005-1151 CAN-2005-1152
> 
...

> 
> For the stable distribution (woody) these problems have been fixed in
> version 4.0.4-2.woody.5.

...


> Debian GNU/Linux 3.0 alias woody
> - --------------------------------
> 
>   Source archives:
> 
>     http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.4.dsc
>       Size/MD5 checksum:      648 8a4a3c4d3a90bd48f34c26db8fa8a184
>     http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.4.diff.gz
>       Size/MD5 checksum:    17473 ac7cb7a84e82c3f20bbd8663a2be4c0e
>     http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4.orig.tar.gz
>       Size/MD5 checksum:  2261992 77f0968cd10b0d5236114838d9f507e5
> 
>   Alpha architecture:
> 
>     http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.4_alpha.deb
>       Size/MD5 checksum:   458526 fdc450895431518af490ed70c26690b4
>     http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.4_alpha.deb
>       Size/MD5 checksum:   459292 b5669199d6f4372f2b5ee7cbf600a5ee
> 
>   ARM architecture:
> 
>     http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.4_arm.deb
>       Size/MD5 checksum:   433370 e40e461e59983b3c4bd72544c9823ddf
>     http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.4_arm.deb
>       Size/MD5 checksum:   434144 89f7de875966d5398208664745b0825d
> 
>   Intel IA-32 architecture:
> 
>     http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.4_i386.deb
>       Size/MD5 checksum:   422496 275080592bb86fb37f44fe6ddc17a930
>     http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.4_i386.deb
>       Size/MD5 checksum:   423426 4837430cf6367f82d6a55e3b238c30c0
> 
>   Intel IA-64 architecture:
> 
>     http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.4_ia64.deb
>       Size/MD5 checksum:   484928 a765fbbc4cec479b962b15fcf4506554
>     http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.4_ia64.deb
>       Size/MD5 checksum:   485876 aea333e7c81e270dd1594765394d08ca
> 
>   HP Precision architecture:
> 
>     http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.4_hppa.deb
>       Size/MD5 checksum:   442848 d4024658e0876e72c93773d21eec2750
>     http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.4_hppa.deb
>       Size/MD5 checksum:   443930 b5bddba42ffe723dcea8ecc172401409
> 
>   Motorola 680x0 architecture:
> 
>     http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.4_m68k.deb
>       Size/MD5 checksum:   416310 5561b088daaf6b0a891715623d2919f5
>     http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.4_m68k.deb
>       Size/MD5 checksum:   417256 c4879974d172134e8ec28c2b495012ed
> 
>   Big endian MIPS architecture:
> 
>     http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.4_mips.deb
>       Size/MD5 checksum:   439160 85103a9f874de432a57feb0a938349ab
>     http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.4_mips.deb
>       Size/MD5 checksum:   439940 e9e5442b85568f63324e85257e931962
> 
>   Little endian MIPS architecture:
> 
>     http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.4_mipsel.deb
>       Size/MD5 checksum:   439462 f912738cb0e25b0e215bc968d8b2e250
>     http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.4_mipsel.deb
>       Size/MD5 checksum:   440732 208a5f8d25f7bc83cbdc14145dfa9093
> 
>   PowerPC architecture:
> 
>     http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.4_powerpc.deb
>       Size/MD5 checksum:   433316 67f331a07b83d8e3bb745c3aa576b186
>     http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.4_powerpc.deb
>       Size/MD5 checksum:   433894 b373674498d8f38df3c161d698e28eb5
> 
>   IBM S/390 architecture:
> 
>     http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.4_s390.deb
>       Size/MD5 checksum:   428582 7d2aa35d8172623fae1e782c8bbd39c9
>     http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.4_s390.deb
>       Size/MD5 checksum:   429694 71ea0abc8b2ec5dcbea76a1b47ff7e84
> 
>   Sun Sparc architecture:
> 
>     http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.4_sparc.deb
>       Size/MD5 checksum:   434720 67b37565b3633c6111f01a66ea88d17b
>     http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.4_sparc.deb
>       Size/MD5 checksum:   435372 413153ac3d8d7be1ea191f2e8e084641


-------------------------------------------------------------------------
Andrew @ Catalyst .Net .NZ  Ltd,  PO Box 11-053, Manners St,  Wellington
WEB: http://catalyst.net.nz/            PHYS: Level 2, 150-154 Willis St
DDI: +64(4)803-2201      MOB: +64(272)DEBIAN      OFFICE: +64(4)499-2267
           Aim for the moon. If you miss, you may hit a star.
                          -- W. Clement Stone

-------------------------------------------------------------------------

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Prev by Date: Out of the office / nicht im Büro
Next by Date: Yet another security update for 'elog'
Previous by thread: Out of the office / nicht im Büro
Next by thread: Yet another security update for 'elog'
Index(es):
- Date
- Thread