Bug#588090: marked as done (heap corruption overrun in bogofilter/bogolexer)

[Debian Bug Tracking System]

Your message dated Tue, 05 Oct 2010 08:00:07 +0000
with message-id <e1p32rt-0002sr...@franck.debian.org>
and subject line Bug#588090: fixed in bogofilter 1.1.7-1+lenny1
has caused the Debian Bug report #588090,
regarding heap corruption overrun in bogofilter/bogolexer
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
588090: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=588090
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: bogofilter
Severity: grave
Tags: security

The following security issue was found in bogofilter:

bogofilter-SA-2010-01

Topic:          heap corruption overrun in bogofilter/bogolexer

Announcement:   bogofilter-SA-2010-01
Writer:         Matthias Andree
Version:        0.1
CVE ID:
Announced:
Category:       vulnerability
Type:           array index underflow/out of bounds write through invalid input
Impact:         heap corruption, application crash
Credits:        Julius Plenz
Danger:         medium
URL:            http://bogofilter.sourceforge.net/security/bogofilter-SA-2010-01

Affected:       bogofilter <= 1.2.1
                SVN before 2010-07-03 08:40 UTC

Not affected:   bogofilter 1.2.2            (to be released)

1. Background
=============

Bogofilter is a software package for classifying a message as spam or
non-spam.  It uses a data base to store words and must be trained
which messages are spam and non-spam. It uses the probabilities of
individual words for classifying the message.

Note that the bogofilter project is issuing security announcements only
for current "stable" releases, and not necessarily for past "stable"
releases.

2. Problem description
======================

Bogofilter's/bogolexer's base64 could overwrite memory before its heap
buffer if the base64 input started with an equals sign, such as through
misdeclaration of quoted-printable as base64.

3. Impact
=========

Vulnerable bogofilter and bogolexer applications can corrupt their heap and
crash. The consequences are dependent on the local configuration, memory
layout and operating system features.

4. Solution
===========

Upgrade your bogofilter to version 1.2.2 (or a newer release).

bogofilter is available from SourceForge:

<https://sourceforge.net/project/showfiles.php?group_id=62265>

A. Copyright, License and Warranty
==================================

(C) Copyright 2010 by Matthias Andree, <matthias.and...@gmx.de>.
Some rights reserved.

This work is licenced under the Creative Commons
Attribution-NonCommercial-NoDerivs 3.0 Unported License. To view a copy
of this licence, visit http://creativecommons.org/licenses/by-nc-nd/3.0/
or send a letter to Creative Commons, 171 Second Street, Suite 300, San
Francisco, California 94105, USA.

THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES.
Use the information herein at your own risk.

END of bogofilter-SA-2010-01




-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages bogofilter depends on:
pn  bogofilter-bdb                <none>     (no description available)

bogofilter recommends no packages.

bogofilter suggests no packages.

--- End Message ---

--- Begin Message ---

Source: bogofilter
Source-Version: 1.1.7-1+lenny1

We believe that the bug you reported is fixed in the latest version of
bogofilter, which is due to be installed in the Debian FTP archive:

bogofilter-bdb_1.1.7-1+lenny1_i386.deb
  to main/b/bogofilter/bogofilter-bdb_1.1.7-1+lenny1_i386.deb
bogofilter-common_1.1.7-1+lenny1_all.deb
  to main/b/bogofilter/bogofilter-common_1.1.7-1+lenny1_all.deb
bogofilter-qdbm_1.1.7-1+lenny1_i386.deb
  to main/b/bogofilter/bogofilter-qdbm_1.1.7-1+lenny1_i386.deb
bogofilter-sqlite_1.1.7-1+lenny1_i386.deb
  to main/b/bogofilter/bogofilter-sqlite_1.1.7-1+lenny1_i386.deb
bogofilter-tokyocabinet_1.1.7-1+lenny1_i386.deb
  to main/b/bogofilter/bogofilter-tokyocabinet_1.1.7-1+lenny1_i386.deb
bogofilter_1.1.7-1+lenny1.diff.gz
  to main/b/bogofilter/bogofilter_1.1.7-1+lenny1.diff.gz
bogofilter_1.1.7-1+lenny1.dsc
  to main/b/bogofilter/bogofilter_1.1.7-1+lenny1.dsc
bogofilter_1.1.7-1+lenny1_i386.deb
  to main/b/bogofilter/bogofilter_1.1.7-1+lenny1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 588...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Serafeim Zanikolas <s...@debian.org> (supplier of updated bogofilter package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 20 Sep 2010 08:35:46 +0000
Source: bogofilter
Binary: bogofilter bogofilter-bdb bogofilter-qdbm bogofilter-sqlite 
bogofilter-tokyocabinet bogofilter-common
Architecture: source all i386
Version: 1.1.7-1+lenny1
Distribution: stable
Urgency: high
Maintainer: Serafeim Zanikolas <s...@debian.org>
Changed-By: Serafeim Zanikolas <s...@debian.org>
Description: 
 bogofilter - a fast Bayesian spam filter (dummy package)
 bogofilter-bdb - a fast Bayesian spam filter (Berkeley DB)
 bogofilter-common - a fast Bayesian spam filter (common files)
 bogofilter-qdbm - a fast Bayesian spam filter (QDBM)
 bogofilter-sqlite - a fast Bayesian spam filter (sqlite)
 bogofilter-tokyocabinet - a fast Bayesian spam filter (tokyocabinet)
Closes: 588090
Changes: 
 bogofilter (1.1.7-1+lenny1) stable; urgency=high
 .
   * Apply patch from Julius Plenz <pl...@cis.fu-berlin.de> to prevent possible
     heap corruption due to a bug in the base64_decode function (CVE-2010-2494,
     aka bogofilter-SA-2010-01). Setting urgency=high, but uploading to stable
     because the issue does not warrant a DSA. closes: #588090.
   * Update maintainer field in debian/control.
Checksums-Sha1: 
 2d0f4698b30b5e715971c0e82d90f404ccb93436 1808 bogofilter_1.1.7-1+lenny1.dsc
 76fd97d3a6fbf8ad5aff305cd65d81d46c2db52a 12245 
bogofilter_1.1.7-1+lenny1.diff.gz
 8339ce920243d3e22a363024c8ad646a7e55133c 150056 
bogofilter-common_1.1.7-1+lenny1_all.deb
 1a56a5327058f2303e3d55914c20c6b610b20e55 946 bogofilter_1.1.7-1+lenny1_i386.deb
 2961cb234c1293e12e9472fa3296f0d0ec5e23d9 217746 
bogofilter-bdb_1.1.7-1+lenny1_i386.deb
 161cb36daf2960fcb719d59b3a9c413bb22860d6 186292 
bogofilter-qdbm_1.1.7-1+lenny1_i386.deb
 56c655efcf59de38d4df67597da9eaf6fce70c96 189738 
bogofilter-sqlite_1.1.7-1+lenny1_i386.deb
 8e302e8b1ae4235b38f9461d537fdf74e3b52fc7 184514 
bogofilter-tokyocabinet_1.1.7-1+lenny1_i386.deb
Checksums-Sha256: 
 93ea8e27f2a7e67451329ff51218691702cbb600e9586e52c6504caa04487818 1808 
bogofilter_1.1.7-1+lenny1.dsc
 9df1d13f64f485a11abc311f37ba767d030282e4437b24fd43a6a4a60884587f 12245 
bogofilter_1.1.7-1+lenny1.diff.gz
 1ce19ab5e0b7704e2ce61454eabade929660cf02bcb7958705fe746887e0c433 150056 
bogofilter-common_1.1.7-1+lenny1_all.deb
 fa64e50bdd1bfeed6d11f3fba494ffd74e9150b86588a929919e7d15cf997546 946 
bogofilter_1.1.7-1+lenny1_i386.deb
 769255c305416d6b0f4273a238837dbb588d1ec189be3f6dd2aef1ff3dbdf167 217746 
bogofilter-bdb_1.1.7-1+lenny1_i386.deb
 c8f0b258f9ad72538a56e785bc8c0a9e3c09e12f357fb02e79b29d1c38b9c0f4 186292 
bogofilter-qdbm_1.1.7-1+lenny1_i386.deb
 af9bc7c04402d9e88c274ff45b15ccda92e74a61b7535f4cadda4987674dce96 189738 
bogofilter-sqlite_1.1.7-1+lenny1_i386.deb
 e27bfb5e1ee713733997cb7646190d8d6cce47f0dc836de8318bf5c3f0dc4da3 184514 
bogofilter-tokyocabinet_1.1.7-1+lenny1_i386.deb
Files: 
 95d07dd5a408a5b11fa2bee41e95cece 1808 mail optional 
bogofilter_1.1.7-1+lenny1.dsc
 a6e50d2409c4823bfa5599a4d08e5dc1 12245 mail optional 
bogofilter_1.1.7-1+lenny1.diff.gz
 04d4368a296284f0a10d8a14a8ef18e8 150056 mail optional 
bogofilter-common_1.1.7-1+lenny1_all.deb
 6d903b1702341c6463d9da6d34f96d16 946 mail optional 
bogofilter_1.1.7-1+lenny1_i386.deb
 5d2ae8fe37019949548f80160f2cece3 217746 mail optional 
bogofilter-bdb_1.1.7-1+lenny1_i386.deb
 8ef6d4c27446867fe904adae15f6ff39 186292 mail optional 
bogofilter-qdbm_1.1.7-1+lenny1_i386.deb
 1b3ebc4755ff1032bb366a466b4dd4a3 189738 mail optional 
bogofilter-sqlite_1.1.7-1+lenny1_i386.deb
 8ed563ddd0910f66bf1670f5edadb478 184514 mail optional 
bogofilter-tokyocabinet_1.1.7-1+lenny1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJMqjsmAAoJEE+fbVUO1hIqerIP/3XBMkalpzWOdcpgZahQzclC
AL1xD5X6crvBWJhfAp1zIRR1Wyim0wad3+m+2OYkDOiV0lbl/nfLOBl0c6kh1aLc
xDfXIOWpOUn+mNSGc0EcNm6f+ta7Cse7y5S5rDg7mH4ktHGmDtGarzms3Wp8K4xP
8ttBGk0H2l2qL4gyLuz+5nLaFKhkN87TAEQMnUp1kGPhxKUfomp6JfVJoT7JQyVN
kAmpypwp4mSeVjSDM3onLPvyMA/ZGarZ6TSbyq6Fs3ca8Grp9ADLlU0DJOXgk5wY
bmKv14HKWjV6py6tFCU7q4B6uvf0phBY8iuOt7KxjHUV1QvI2Q+AOn+CoNFAKyQk
ky73iUTM6R02i9xSvjOjtkVdEh7B0ElLG71Asjs8cZ/vmSJOM7UrGBPhaq6JLwlj
AtQ1vF/pkO5P3BbRN5eqTdF3FycFomAOkqYLdE68XfGfG9nPXNQlxD5mBIn4sdUJ
ImMyNdsnYlk88b262KYwHpu9nMMSZnAGpFkvOckqCQJFJUX8rLVswvf3s31QSfem
MP3TuhFDic420RxdCWgMQaoB1kSXhUVpuCpyBlulUedm+dhWOAxfWO0BOhUNCNGk
Z6jCjRGx0aZ8Wy18JQDl8i3MyHo94lGpm2MeBoLoZwXrx5o26okyCdnXZhaaoNnm
SuA9j1Xx7mCx3omZJRbo
=Isn7
-----END PGP SIGNATURE-----

--- End Message ---