Your message dated Sun, 12 Aug 2007 11:02:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#435735: fixed in postfix-policyd 1.80-2.2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: postfix-policyd
Version: 1.80-2.1
Severity: grave
Tags: security
Justification: user security hole
A vulnerability has been found in policyd. From CVE-2007-3791:
"Buffer overflow in the w_read function in sockets.c in Cami Sardinha
and Nigel Kukard policyd before 1.81 for Postfix allows remote
attackers to cause a denial of service and possibly execute arbitrary
code via long SMTP commands."
This is fixed in 1.81 according to
http://sourceforge.net/project/shownotes.php?release_id=522366
Please mention the CVE id in the changelog.
--- End Message ---
--- Begin Message ---
Source: postfix-policyd
Source-Version: 1.80-2.2
We believe that the bug you reported is fixed in the latest version of
postfix-policyd, which is due to be installed in the Debian FTP archive:
postfix-policyd_1.80-2.2.diff.gz
to pool/main/p/postfix-policyd/postfix-policyd_1.80-2.2.diff.gz
postfix-policyd_1.80-2.2.dsc
to pool/main/p/postfix-policyd/postfix-policyd_1.80-2.2.dsc
postfix-policyd_1.80-2.2_i386.deb
to pool/main/p/postfix-policyd/postfix-policyd_1.80-2.2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steffen Joeris <[EMAIL PROTECTED]> (supplier of updated postfix-policyd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 12 Aug 2007 10:46:25 +0000
Source: postfix-policyd
Binary: postfix-policyd
Architecture: source i386
Version: 1.80-2.2
Distribution: unstable
Urgency: high
Maintainer: OndÅej Surý <[EMAIL PROTECTED]>
Changed-By: Steffen Joeris <[EMAIL PROTECTED]>
Description:
postfix-policyd - anti-spam plugin for Postfix
Closes: 435735
Changes:
postfix-policyd (1.80-2.2) unstable; urgency=high
.
* Non-maintainer upload
* Fix buffer overflow in the w_read function in sockets.c to avoid
possible DoS and execution of arbitary code via long SMTP commands
(apply directly, because no patch system is used so far)
(Closes: #435735) Fixes: CVE-2007-3791
Files:
592daa817e03abd56f3bf8dfefd43886 651 mail optional postfix-policyd_1.80-2.2.dsc
f7525b9deb91b803e9558b4417a251d0 11346 mail optional
postfix-policyd_1.80-2.2.diff.gz
586cf53bc541f4c51fe9d543d8ed9a2e 70442 mail optional
postfix-policyd_1.80-2.2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGvuaz62zWxYk/rQcRAmn/AJwIIGCJ7nFL5JGo6YMWiSc3d2bOewCeNkEy
Gghd3H6grtCzc9UYC5jd8oo=
=bgDi
-----END PGP SIGNATURE-----
--- End Message ---
