The default, non-masked version of bogofilter has a security vulnerability and needs to be updated in portage so it is not installed by default. A non-vulnerable version, 1.0.1, exists in portage but it is masked for all arch's. Here is the info on this from SecurityFocus (http://www.securityfocus.com/bid/16171/info): Bogofilter Multiple Remote Buffer Overflow Vulnerabilities Bugtraq ID: 16171 Class: Boundary Condition Error CVE: CVE-2005-4591 CVE-2005-4592 Remote: Yes Local: No Published: Jan 09 2006 12:00AM Updated: Jun 15 2006 04:46PM Credit: David Relson and Clint Adams are credited with the discovery of these vulnerabilities. Vulnerable: Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 Conectiva Linux 10.0 Bogofilter Email Filter 0.96.2 Bogofilter Email Filter 0.95.2 Bogofilter Email Filter 0.94.14 Bogofilter Email Filter 0.94.12 Bogofilter Email Filter 0.93.5 Not Vulnerable: Bogofilter Email Filter 1.0.1 Bogofilter Email Filter 1.0 .0 Bogofilter Email Filter 0.96.6 Bogofilter Email Filter 0.96.3
Bah, stupid fingers (sorry for the bugspam). net-mail please advise.
Is this a dup of bug #118414? What does the line "Updated: Jun 15 2006 04:46PM" mean? What was updated? 118414 states that | bogofilter 0.96.2 | CVS between 2005-09-08T02:49Z and 2005-10-23T15:16Z and | bogofilter 0.96.2 | bogofilter 0.95.2 | bogofilter 0.94.14 | bogofilter 0.94.12 | all "current" versions from 0.93.5 to 0.96.2 inclusively | CVS between 2005-01-09T17:32Z and 2005-10-22T00:51Z | CVS between 2005-12-31T10:22Z and 2005-12-31T12:45Z are affected. So we are not affected (release 0.92.8). Sorry, i haven't seen this bugreport earlier.
Indeed seems like a dupe. Versions got us tricked again I guess. *** This bug has been marked as a duplicate of 118414 ***
