Your message dated Tue, 29 Aug 2006 14:47:51 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#385054: fixed in sendmail 8.13.8-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: sendmail
Severity: grave
Tags: security
Justification: user security hole
According to [1], one of the problems fixed in 8.13.8 can be
used for a remote denial of service attack.
[1] http://secunia.com/advisories/21637/
AFAICS there is no CVE-id yet.
--- End Message ---
--- Begin Message ---
Source: sendmail
Source-Version: 8.13.8-1
We believe that the bug you reported is fixed in the latest version of
sendmail, which is due to be installed in the Debian FTP archive:
libmilter-dev_8.13.8-1_i386.deb
to pool/main/s/sendmail/libmilter-dev_8.13.8-1_i386.deb
libmilter0-dbg_8.13.8-1_i386.deb
to pool/main/s/sendmail/libmilter0-dbg_8.13.8-1_i386.deb
libmilter0_8.13.8-1_i386.deb
to pool/main/s/sendmail/libmilter0_8.13.8-1_i386.deb
rmail_8.13.8-1_i386.deb
to pool/main/s/sendmail/rmail_8.13.8-1_i386.deb
sendmail-base_8.13.8-1_all.deb
to pool/main/s/sendmail/sendmail-base_8.13.8-1_all.deb
sendmail-bin_8.13.8-1_i386.deb
to pool/main/s/sendmail/sendmail-bin_8.13.8-1_i386.deb
sendmail-cf_8.13.8-1_all.deb
to pool/main/s/sendmail/sendmail-cf_8.13.8-1_all.deb
sendmail-doc_8.13.8-1_all.deb
to pool/main/s/sendmail/sendmail-doc_8.13.8-1_all.deb
sendmail_8.13.8-1.diff.gz
to pool/main/s/sendmail/sendmail_8.13.8-1.diff.gz
sendmail_8.13.8-1.dsc
to pool/main/s/sendmail/sendmail_8.13.8-1.dsc
sendmail_8.13.8-1_all.deb
to pool/main/s/sendmail/sendmail_8.13.8-1_all.deb
sendmail_8.13.8.orig.tar.gz
to pool/main/s/sendmail/sendmail_8.13.8.orig.tar.gz
sensible-mda_8.13.8-1_i386.deb
to pool/main/s/sendmail/sensible-mda_8.13.8-1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Richard A Nelson (Rick) <[EMAIL PROTECTED]> (supplier of updated sendmail
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Format: 1.7
Date: Tue, 29 Aug 2006 14:00:00 -0000
Source: sendmail
Binary: libmilter-dev rmail sendmail sendmail-doc libmilter0 sendmail-cf
sensible-mda libmilter0-dbg sendmail-base sendmail-bin
Architecture: source all i386
Version: 8.13.8-1
Distribution: unstable
Urgency: high
Maintainer: Richard A Nelson (Rick) <[EMAIL PROTECTED]>
Changed-By: Richard A Nelson (Rick) <[EMAIL PROTECTED]>
Description:
libmilter-dev - Sendmail Mail Filter API (Milter)
libmilter0 - Sendmail Mail Filter API (Milter)
libmilter0-dbg - Sendmail Mail Filter API (Milter)
rmail - MTA->UUCP remote mail handler
sendmail - powerful, efficient, and scalable Mail Transport Agent
sendmail-base - powerful, efficient, and scalable Mail Transport Agent
sendmail-bin - powerful, efficient, and scalable Mail Transport Agent
sendmail-cf - powerful, efficient, and scalable Mail Transport Agent
sendmail-doc - powerful, efficient, and scalable Mail Transport Agent
sensible-mda - Mail Delivery Agent wrapper
Closes: 385054
Changes:
sendmail (8.13.8-1) unstable; urgency=high
.
* CVE-2006-4434: sendmail 8.13.8 fixes remote DoS vulnerability
use-after-free vulnerability in Sendmail before 8.13.8
closes: #385054
.
* I hadn't released this earlier because I had the 8.13.7 errata
patches in 8.13.7-2, so it didn't look like a big deal.
Files:
4e3012239cfd66c96113e686a01fef14 1021 mail extra sendmail_8.13.8-1.dsc
bcdd005ae02fdb0ecef2d6b21ac44e5d 1995868 mail extra sendmail_8.13.8.orig.tar.gz
1e885ae4bfc1d0be42f47b9f2a66ebef 376575 mail extra sendmail_8.13.8-1.diff.gz
d9c3ffc45b9aea466c33536b3bdba424 821158 doc extra sendmail-doc_8.13.8-1_all.deb
eb704edbed172f070a6e0f54bdda6653 197676 mail extra sendmail_8.13.8-1_all.deb
b9ad31d1455643e6394d987b14027116 345222 mail extra
sendmail-base_8.13.8-1_all.deb
9695d3f668df09f3a7275d404e44756e 283982 mail extra sendmail-cf_8.13.8-1_all.deb
5d0d72203065c8ac2946ca32324f7c01 830758 mail extra
sendmail-bin_8.13.8-1_i386.deb
ac5bb0e603fb600dcac201fcb8852228 228190 mail extra rmail_8.13.8-1_i386.deb
48ed416df51e08cbdcceeb955adf07d7 202888 mail extra
sensible-mda_8.13.8-1_i386.deb
c9100df2407532ad2d0787bd31f4e397 257670 libs extra libmilter0_8.13.8-1_i386.deb
44db80f2a1d4b7671922c9417f975a3e 197266 libs extra
libmilter0-dbg_8.13.8-1_i386.deb
ae88d25a4d945627205fbf93d8220027 292910 libdevel extra
libmilter-dev_8.13.8-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQCVAwUBRPSyA6VTksHk9ElFAQHNywP/ZCxGNV4F4jW7F9zVDBhzmjTOJjDVZtQ+
26FRbDd0Y9xZ/hOCX3NusbxlsEL27dzUD9ZMeUI0giWN6zBTi365jIkQyJFpNlwV
drkrkxKpLLWFn9zef4qXIq0M+Kvo9l+O6a6ncHmtzq+XixXgSTS5+Tdn4dztbHp3
81jQTCuZ0TU=
=3zDF
-----END PGP SIGNATURE-----
--- End Message ---
