Bug#288918: marked as done (Security patch)
Debian Bug Tracking System
owner@bugs.debian.org
Tue, 11 Jan 2005 08:33:25 -0800
Your message dated Tue, 11 Jan 2005 17:26:13 +0100
with message-id <20050111162613.GC4286@downhill.at.eu.org>
and subject line Fixed in 4.34-10 (which is in both sarge and sid)
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 6 Jan 2005 10:54:46 +0000
>From Klaus@ethgen.de Thu Jan 06 02:54:46 2005
Return-path: <Klaus@ethgen.de>
Received: from static-195-068.catv.glattnet.ch (hathi.ethgen.de) [80.242.195.68]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CmVHy-0005gw-00; Thu, 06 Jan 2005 02:54:46 -0800
Received: from ikki.ket ([192.168.17.4])
by hathi.ethgen.de with asmtp (TLS-1.0:RSA_ARCFOUR_SHA:16)
(Exim 4.34)
id 1CmVHs-0004fe-QX; Thu, 06 Jan 2005 11:54:40 +0100
Received: from klaus by ikki.ket with local (Exim 4.34)
id 1CmVHs-0006sM-Bu; Thu, 06 Jan 2005 11:54:40 +0100
Date: Thu, 6 Jan 2005 11:54:40 +0100
From: Klaus Ethgen <Klaus@Ethgen.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Security patch
Message-ID: <20050106105440.GA26338@ikki>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii; x-action=pgp-signed
Content-Disposition: inline
X-Reportbug-Version: 3.5
User-Agent: Mutt/1.5.6+20040523i
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Package: exim4
Version: 4.34-9
Severity: critical
Two security holes are reported and should be fixed:
http://www.exim.org/mail-archives/exim-announce/2005/msg00000.html
- -- Package-specific info:
Exim version 4.34 #1 built 07-Dec-2004 13:59:38
Copyright (c) University of Cambridge 2004
Berkeley DB: Sleepycat Software: Berkeley DB 3.2.9: (May 26, 2004)
Support for: iconv() IPv6 GnuTLS
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Configuration file is /var/lib/exim4/config.autogenerated
- -- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (800, 'unstable'), (700, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.10
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1) (ignored: LC_ALL set to de_DE)
Versions of packages exim4 depends on:
ii exim4-base 4.34-9 EXperimental Internal Mailer -- a
ii exim4-daemon-light 4.34-9 Lightweight version of the Exim (v
- -- no debconf information
- --
Klaus Ethgen http://www.ethgen.de/
pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <Klaus@Ethgen.de>
Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iQEVAwUBQd0Y8J+OKpjRpO3lAQLQSwf7B/4Cr1sOXIU7pDC3whhfPbIjlJXwZ0nZ
OsIwtGYkRKedVg0zNK9BZ5NJrAj7etctcQ+9jlPdxQLrM2vBkaOe4L6xgc0YBOyn
/Cp/AiVtM4oiiMNqpEAQRpBwWY74r7JhE4CJlimnAJPTKzXMc0HTuy1yQgT70zIV
ScFXEDrLP2xYCmvBua8DT1ipSLdC8LPLkhquV9+imi2Vf8BfkZeSw33Qf1q80dBB
lkl/ggUjx2zHBgWSNYO3oFVFcaA8MR+3ud1PLVyAlot2laKMDfYNDfOH+eKPTcS+
NHO5v3IdJnodz7HFDwhQ9l+ARm+021+9cEVS6e7YHov/S0RtE6k0rg==
=gn+Z
-----END PGP SIGNATURE-----
---------------------------------------
Received: (at 288918-done) by bugs.debian.org; 11 Jan 2005 16:26:30 +0000
>From ametzler@debian.org Tue Jan 11 08:26:29 2005
Return-path: <ametzler@debian.org>
Received: from m26s25.vlinux.de [83.151.30.59]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CoOqj-0003je-00; Tue, 11 Jan 2005 08:26:29 -0800
Received: from m-134-246.adsl.univie.ac.at ([131.130.134.246])
by m26s25.vlinux.de with asmtp (Exim 4.34)
id 1CoOrM-00037V-Nu
for 288918-done@bugs.debian.org; Tue, 11 Jan 2005 16:27:25 +0000
Received: from ametzler by downhill.univie.ac.at with local (cert-ver=0) (Exim 4.34)
id 1CoOqT-0001GZ-7n
for 288918-done@bugs.debian.org; Tue, 11 Jan 2005 17:26:13 +0100
Date: Tue, 11 Jan 2005 17:26:13 +0100
From: Andreas Metzler <ametzler@debian.org>
To: 288918-done@bugs.debian.org
Subject: Fixed in 4.34-10 (which is in both sarge and sid)
Message-ID: <20050111162613.GC4286@downhill.at.eu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040907i
X-Spam-Score: 0.0 (/)
Delivered-To: 288918-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
exim4 (4.34-10) unstable; urgency=high
* urgency high because this upload fixes two minor security issues.
* more documentation for dc_localdelivery in update-exim4.conf.8.
* Move slightly more expensive tests in rcpt ACL further down. (This only
changes commented out example code.) (Closes: #267708)
* Fix 62_statvfs to work with older versions of dpatch. (Closes: #286302)
* Version dpatch build-dependency to safeguard against reintroducing this
bug.
* In comment point out that using saslauthd for SMTP AUTH requires giving
exim privileges to use it.
* New patch 66_can2005-0021_can2005-0022.dpatch from
http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050103/msg00028.h
tml
fixing two buffer overflows labeled CAN-2005-0021 and CAN-2005-0022
(mh/am).
-- Andreas Metzler <ametzler@debian.org> Wed, 5 Jan 2005 10:39:03 +0100