Bug#551307: CVE-2009-2939 is still affecting postfix in lenny.

Fri, 16 Oct 2009 20:49:59 -0700 

Package: postfix
Version: 2.5.5-1.1
Severity: important

CVE-2009-2939 is still affecting postfix in lenny.
There is a patch available at 
http://www.openwall.com/lists/oss-security/2009/09/18/6
(quote of the patch from that page).



"
-- 
Jamie Strandboge             | http://www.canonical.com

diff -u postfix-2.5.5/debian/postfix.postinst 
postfix-2.5.5/debian/postfix.postinst
--- postfix-2.5.5/debian/postfix.postinst
+++ postfix-2.5.5/debian/postfix.postinst
@@ -211,9 +211,8 @@
     fi
      fi
       
       -for dir in pid public; do
       -    makedir ${dir} postfix:root 755
       -done
       +makedir pid root:root 755
       +makedir public postfix:root 755
        for dir in incoming active bounce defer deferred flush saved corrupt; do
             makedir ${dir} postfix:root 700
                  if [ -n "$chat" ]; then
"

-- System Information:
Debian Release: 5.0.3
  APT prefers stable
  APT policy: (900, 'stable'), (600, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.30-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages postfix depends on:
ii  adduser           3.110                  add and remove users and groups
ii  debconf [debconf- 1.5.24                 Debian configuration management sy
ii  dpkg              1.14.25                Debian package management system
ii  libc6             2.7-18                 GNU C Library: Shared libraries
ii  libdb4.6          4.6.21-11              Berkeley v4.6 Database Libraries [
ii  libsasl2-2        2.1.22.dfsg1-23+lenny1 Cyrus SASL - authentication abstra
ii  libssl0.9.8       0.9.8g-15+lenny5       SSL shared libraries
ii  lsb-base          3.2-20                 Linux Standard Base 3.2 init scrip
ii  netbase           4.34                   Basic TCP/IP networking system
ii  ssl-cert          1.0.23                 simple debconf wrapper for OpenSSL

postfix recommends no packages.

Versions of packages postfix suggests:
ii  libsasl2-modules  2.1.22.dfsg1-23+lenny1 Cyrus SASL - pluggable authenticat
ii  mutt [mail-reader 1.5.18-6               text-based mailreader supporting M
pn  postfix-cdb       <none>                 (no description available)
pn  postfix-ldap      <none>                 (no description available)
pn  postfix-mysql     <none>                 (no description available)
pn  postfix-pcre      <none>                 (no description available)
pn  postfix-pgsql     <none>                 (no description available)
ii  procmail          3.22-16                Versatile e-mail processor
pn  resolvconf        <none>                 (no description available)
pn  sasl2-bin         <none>                 (no description available)
pn  ufw               <none>                 (no description available)

-- debconf information excluded



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to