** Please note that this issue is confidential and no information should be disclosed until it is made public, see "Whiteboard" for a date ** libspf2 upstream informed us about an undisclosed vulnerability in versions previous to 1.2.8: Unpublished CVE-2008-2469 will be released this week concerning libspf2. Please update the version of libspf2 in the Gentoo Linux distribution to 1.2.8 as soon as reasonably possible. If you require a minimal patch for security maintenance of previous versions, please let me know. md5 19d82e62e4f70056a1d0f194d94906f3 libspf2-1.2.8.tar.gz sha1 81be05cb435c9d92e0fba4b59bdf204eab4ac6ec libspf2-1.2.8.tar.gz
Let's get this bumped in the public tree, and proceed it via fast stabling if there are no regressions. Robin and Tobias, since all who ever touched the package retired, I cc'ed you for net-mail.
this is semi-public.
Upstream adds: Please note that while --enable-perl probably works, it is not yet considered stable, I suggest not adding a perl USE flag at this stage.
Following note: One bug has been fixed and the tarball has been replaced; it has new md5sums. md5 824d62a83e76108f8e21a39e1ae2ad62 libspf2-1.2.8.tar.gz sha1 17180c88b3dbad98cc22d80e6f5cb5441b5f25bd libspf2-1.2.8.tar.gz
1.2.8 is inCVS.
Arch Security Liaisons, please test and mark stable: =mail-filter/libspf2-1.2.8 Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86" CC'ing current Liaisons: alpha : yoswink, armin76 amd64 : keytoaster, tester hppa : jer ppc : dertobi123 ppc64 : corsair sparc : fmccor x86 : maekke, armin76
amd64 stable, exim[spf] emerges fine with it.
Sparc looks good.
(In reply to comment #8) > Sparc looks good. Please mark stable in-tree.
(In reply to comment #9) > (In reply to comment #8) > > Sparc looks good. > > Please mark stable in-tree. > Sorry, wasn't paying attention. Done for sparc.
HPPA is OK.
ppc64 stable
alpha stable. (In reply to comment #11) > HPPA is OK. @jer: please go and mark it on the tree, see comments 6 and 9.
ppc stable
x86 stable
Adding gmsoft for hppa since jer is away
This is now public via: https://answers.launchpad.net/ubuntu/gutsy/+source/libspf2/1.2.5.dfsg-4ubuntu0.7.10.1
Created attachment 168944 [details, diff] 50_dns_resolv_bufoverflow.dpatch For reference, the patch debian applied.
Arches, please test and mark stable: =mail-filter/libspf2-1.2.8 Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86" Already stabled : "alpha amd64 ia64 ppc ppc64 sparc x86" Missing keywords: "hppa"
hppa stable
not so fast with the closing...
GLSA 200810-03