Bug#573228: marked as done (Arbitrary command execution (report from full-disclosure))

[Debian Bug Tracking System]

Your message dated Sun, 18 Apr 2010 20:05:09 +0000
with message-id <e1o3ajt-0002nz...@ries.debian.org>
and subject line Bug#573228: fixed in spamass-milter 0.3.1-8+lenny1
has caused the Debian Bug report #573228,
regarding Arbitrary command execution (report from full-disclosure)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
573228: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573228
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: spamass-milter
Severity: grave
Tags: security

Hi Don,
The following report was posted to full-disclosure:
http://lists.grok.org.uk/pipermail/full-disclosure/2010-March/073489.html

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-2-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages spamass-milter depends on:
ii  adduser                       3.112      add and remove users and groups
ii  libc6                         2.10.2-6   Embedded GNU C Library: Shared lib
ii  libgcc1                       1:4.4.3-3  GCC support library
pn  libmilter1.0.1                <none>     (no description available)
ii  libstdc++6                    4.4.3-3    The GNU Standard C++ Library v3
pn  spamc                         <none>     (no description available)

Versions of packages spamass-milter recommends:
pn  sendmail | postfix            <none>     (no description available)
ii  spamassassin                  3.3.0-2    Perl-based spam filter using text 

spamass-milter suggests no packages.

--- End Message ---

--- Begin Message ---

Source: spamass-milter
Source-Version: 0.3.1-8+lenny1

We believe that the bug you reported is fixed in the latest version of
spamass-milter, which is due to be installed in the Debian FTP archive:

spamass-milter_0.3.1-8+lenny1.diff.gz
  to main/s/spamass-milter/spamass-milter_0.3.1-8+lenny1.diff.gz
spamass-milter_0.3.1-8+lenny1.dsc
  to main/s/spamass-milter/spamass-milter_0.3.1-8+lenny1.dsc
spamass-milter_0.3.1-8+lenny1_i386.deb
  to main/s/spamass-milter/spamass-milter_0.3.1-8+lenny1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 573...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Don Armstrong <d...@debian.org> (supplier of updated spamass-milter package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Format: 1.8
Date: Wed, 17 Mar 2010 12:52:56 -0700
Source: spamass-milter
Binary: spamass-milter
Architecture: source i386
Version: 0.3.1-8+lenny1
Distribution: stable-security
Urgency: high
Maintainer: Don Armstrong <d...@debian.org>
Changed-By: Don Armstrong <d...@debian.org>
Description: 
 spamass-milter - milter for filtering mail through spamassassin
Closes: 573228
Changes: 
 spamass-milter (0.3.1-8+lenny1) stable-security; urgency=high
 .
   * Use new popenenv function instead of open; fixes remote code exploit
     as the spamass-milter user when run using -x. (closes: #573228)
Checksums-Sha1: 
 086adc5c7ec8cede64958c4788b0427a0081db49 1050 spamass-milter_0.3.1-8+lenny1.dsc
 dd488eb9ab1f230440fba8a729bee80550f2fbff 141144 
spamass-milter_0.3.1.orig.tar.gz
 a5ca6a3a676751c676792271f1ad63558d46bdd6 35298 
spamass-milter_0.3.1-8+lenny1.diff.gz
 4c98586b6d5c8853497fec5c5bf8a4ae23e19a06 50980 
spamass-milter_0.3.1-8+lenny1_i386.deb
Checksums-Sha256: 
 4c69057bb519ec2a08815492671ee773c67571e5088819826853dd97e6657789 1050 
spamass-milter_0.3.1-8+lenny1.dsc
 4222b21d098f292b4899a84caf56458c876c6774fd14132fbd4c31f6190b27e5 141144 
spamass-milter_0.3.1.orig.tar.gz
 37e2b17719955b838adc4b2bee3c95ddb60d0f62513345ba3c47c2c8f7d0fb4d 35298 
spamass-milter_0.3.1-8+lenny1.diff.gz
 afdbe5f4f97884725ec8977040c0e842adb029484388bf447bfb71fce45109b0 50980 
spamass-milter_0.3.1-8+lenny1_i386.deb
Files: 
 bb733b6a573d78be8a64002dbc592d44 1050 mail extra 
spamass-milter_0.3.1-8+lenny1.dsc
 ca6bf6a9c88db74a6bfea41f499c0ba6 141144 mail extra 
spamass-milter_0.3.1.orig.tar.gz
 c67ac575ec83da156f19d90a21c400e2 35298 mail extra 
spamass-milter_0.3.1-8+lenny1.diff.gz
 109a06776578187d95ae70c3734e6b6d 50980 mail extra 
spamass-milter_0.3.1-8+lenny1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFLpYafgcCJIoCND9ARA9FvAKCXzMgJWox/VrcDThEt32UnUUNgtQCfREmw
8tqhdLd0UHcRTCNCkIkDbxw=
=OjGb
-----END PGP SIGNATURE-----

--- End Message ---