Summary: | mail-filter/libspf2 <1.2.8 DNS response buffer overflow (CVE-2008-2469) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | major | CC: | net-mail+disabled, summercurrants | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | https://bugs.launchpad.net/ubuntu/feisty/+source/libspf2/+bug/271025 | ||||||
Whiteboard: | B1 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Robert Buchholz (RETIRED)
2008-10-15 19:56:27 UTC
Let's get this bumped in the public tree, and proceed it via fast stabling if there are no regressions. Robin and Tobias, since all who ever touched the package retired, I cc'ed you for net-mail. this is semi-public. Upstream adds: Please note that while --enable-perl probably works, it is not yet considered stable, I suggest not adding a perl USE flag at this stage. Following note: One bug has been fixed and the tarball has been replaced; it has new md5sums. md5 824d62a83e76108f8e21a39e1ae2ad62 libspf2-1.2.8.tar.gz sha1 17180c88b3dbad98cc22d80e6f5cb5441b5f25bd libspf2-1.2.8.tar.gz 1.2.8 is inCVS. Arch Security Liaisons, please test and mark stable: =mail-filter/libspf2-1.2.8 Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86" CC'ing current Liaisons: alpha : yoswink, armin76 amd64 : keytoaster, tester hppa : jer ppc : dertobi123 ppc64 : corsair sparc : fmccor x86 : maekke, armin76 amd64 stable, exim[spf] emerges fine with it. Sparc looks good. (In reply to comment #8) > Sparc looks good. Please mark stable in-tree. (In reply to comment #9) > (In reply to comment #8) > > Sparc looks good. > > Please mark stable in-tree. > Sorry, wasn't paying attention. Done for sparc. HPPA is OK. ppc64 stable alpha stable. (In reply to comment #11) > HPPA is OK. @jer: please go and mark it on the tree, see comments 6 and 9. ppc stable x86 stable Adding gmsoft for hppa since jer is away This is now public via: https://answers.launchpad.net/ubuntu/gutsy/+source/libspf2/1.2.5.dfsg-4ubuntu0.7.10.1 Created attachment 168944 [details, diff]
50_dns_resolv_bufoverflow.dpatch
For reference, the patch debian applied.
Arches, please test and mark stable: =mail-filter/libspf2-1.2.8 Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86" Already stabled : "alpha amd64 ia64 ppc ppc64 sparc x86" Missing keywords: "hppa" hppa stable not so fast with the closing... GLSA 200810-03 (In reply to Larry the Git Cow from comment #20) > The bug has been referenced in the following commit(s): > > https://gitweb.gentoo.org/repo/gentoo.git/commit/ > https://happy-wheels.co > ?id=e4104b9c4bd8cbaba4712e6a8d4e6c8d120ba5c0 > > commit e4104b9c4bd8cbaba4712e6a8d4e6c8d120ba5c0 > Author: Fabian Groffen <grobian@gentoo.org> > AuthorDate: 2019-08-02 06:42:47 +0000 > Commit: Fabian Groffen <grobian@gentoo.org> > CommitDate: 2019-08-02 06:42:47 +0000 > > mail-mta/exim: cleanup vulnerable CVE-2019-10149 > > Bug: https://bugs.gentoo.org/687336 > Package-Manager: Portage-2.3.66, Repoman-2.3.16 > Signed-off-by: Fabian Groffen <grobian@gentoo.org> > > mail-mta/exim/Manifest | 2 - > mail-mta/exim/exim-4.91-r2.ebuild | 561 > --------------------- > .../exim/files/exim-4.74-localscan_dlopen.patch | 262 ---------- > 3 files changed, 825 deletions(-) Thank you! |