Your message dated Sun, 15 May 2005 13:17:04 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#308031: fixed in mailutils 1:0.6.1-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 7 May 2005 12:56:11 +0000
>From [EMAIL PROTECTED] Sat May 07 05:56:10 2005
Return-path: <[EMAIL PROTECTED]>
Received: from master.debian.org [146.82.138.7]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DUOqo-0007LW-00; Sat, 07 May 2005 05:56:10 -0700
Received: from bsn-77-143-219.dsl.siol.net [193.77.143.219]
by master.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DUOqn-00018f-00; Sat, 07 May 2005 07:56:09 -0500
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Primoz Bratanic <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: mailutils: sql injection vulnerability in sql authentication module
X-Mailer: reportbug 3.11
Date: Sat, 07 May 2005 14:56:21 +0200
X-Debbugs-Cc: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-9.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
OUR_MTA_MSGID,X_DEBBUGS_CC autolearn=ham
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: mailutils
Severity: grave
Tags: security
Justification: user security hole
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In /auth/sql.c there is a function sql_escape_string (...) which does
escaping of "bad" characters before feding them to DB. The problem is that
function only escapes characters ' and " (strchr ("'\"", *p)), but not \ .
Which results in problems like ... username = foo\' something being
"escaped" to username = foo \\' something which makes \ character literal
but allows escape and subsequent injection.
Solution: add \ to list of characters to be escaped.
Primoz Bratanic
- -- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-1-686-smp
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCfLr1HOuqnSwJthERAtZ7AJ4smJo9XKnoerYg0kpbhE/m6hig/QCg7TMl
5QeXbrluYR7K/r0bS4+zYnk=
=RcZc
-----END PGP SIGNATURE-----
---------------------------------------
Received: (at 308031-close) by bugs.debian.org; 15 May 2005 17:23:36 +0000
>From [EMAIL PROTECTED] Sun May 15 10:23:36 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DXMq0-0005x4-00; Sun, 15 May 2005 10:23:36 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DXMjg-00050M-00; Sun, 15 May 2005 13:17:04 -0400
From: Jordi Mallach <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#308031: fixed in mailutils 1:0.6.1-2
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sun, 15 May 2005 13:17:04 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 3
Source: mailutils
Source-Version: 1:0.6.1-2
We believe that the bug you reported is fixed in the latest version of
mailutils, which is due to be installed in the Debian FTP archive:
libmailutils0-dev_0.6.1-2_i386.deb
to pool/main/m/mailutils/libmailutils0-dev_0.6.1-2_i386.deb
libmailutils0_0.6.1-2_i386.deb
to pool/main/m/mailutils/libmailutils0_0.6.1-2_i386.deb
mailutils-comsatd_0.6.1-2_i386.deb
to pool/main/m/mailutils/mailutils-comsatd_0.6.1-2_i386.deb
mailutils-doc_0.6.1-2_all.deb
to pool/main/m/mailutils/mailutils-doc_0.6.1-2_all.deb
mailutils-imap4d_0.6.1-2_i386.deb
to pool/main/m/mailutils/mailutils-imap4d_0.6.1-2_i386.deb
mailutils-mh_0.6.1-2_i386.deb
to pool/main/m/mailutils/mailutils-mh_0.6.1-2_i386.deb
mailutils-pop3d_0.6.1-2_i386.deb
to pool/main/m/mailutils/mailutils-pop3d_0.6.1-2_i386.deb
mailutils_0.6.1-2.diff.gz
to pool/main/m/mailutils/mailutils_0.6.1-2.diff.gz
mailutils_0.6.1-2.dsc
to pool/main/m/mailutils/mailutils_0.6.1-2.dsc
mailutils_0.6.1-2_i386.deb
to pool/main/m/mailutils/mailutils_0.6.1-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jordi Mallach <[EMAIL PROTECTED]> (supplier of updated mailutils package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 15 May 2005 17:35:58 +0200
Source: mailutils
Binary: mailutils-mh mailutils-imap4d mailutils-comsatd mailutils
libmailutils0-dev libmailutils0 mailutils-pop3d mailutils-doc
Architecture: source i386 all
Version: 1:0.6.1-2
Distribution: unstable
Urgency: high
Maintainer: Jordi Mallach <[EMAIL PROTECTED]>
Changed-By: Jordi Mallach <[EMAIL PROTECTED]>
Description:
libmailutils0 - GNU Mail abstraction library
libmailutils0-dev - Development files for GNU mailutils
mailutils - GNU mailutils utilities for handling mail
mailutils-comsatd - GNU mailutils-based comsatd daemon
mailutils-doc - Documentation for GNU mailutils
mailutils-imap4d - GNU mailutils-based IMAP4 Daemon
mailutils-mh - GNU mailutils-based MH utilities
mailutils-pop3d - GNU mailutils-based POP3 Daemon
Closes: 265490 300869 308031
Changes:
mailutils (1:0.6.1-2) unstable; urgency=HIGH
.
* debian/patches/01_mail_metamail.patch: patch from CVS to allow decoding
of mail without interpreting MIME parts if "metamail" is unset. Sergey
thinks that this is the cause for the random testsuite failures
(closes: #265490).
* [SECURITY] debian/patches/02_sql_injection.patch: add "\" to the list
of escaped characters, to fix a sql injection vulnerability in the
SQL authentication module (thanks, Primoz Bratanic; closes: #308031).
* debian/patches/03_imap4d_gcc4_ftbfs.patch: patch from Andreas Jochens to
fix a FTBFS on amd64/gcc-4.0 (closes: #300869).
Files:
df6f0e7a8dfdd01571c9723eb80497da 1093 libs optional mailutils_0.6.1-2.dsc
05d1fd3d877a0d697c87166cbef9cfd2 26522 libs optional mailutils_0.6.1-2.diff.gz
6c1022b1d8eea60296220ed2201a9754 284986 doc optional
mailutils-doc_0.6.1-2_all.deb
d6498509b7799798cbf9aab636e475ae 546082 libs optional
libmailutils0_0.6.1-2_i386.deb
3d2b799e83a5c6cffabaecb7887ae6d5 367898 libdevel optional
libmailutils0-dev_0.6.1-2_i386.deb
029c10fd6d4ad5b1f6202b3d7542f8a6 143196 mail optional
mailutils_0.6.1-2_i386.deb
1a5d95cda66e00acd7c872b71ac72898 74478 net optional
mailutils-imap4d_0.6.1-2_i386.deb
821280b478529a3403ff1c202c943e44 60122 net optional
mailutils-pop3d_0.6.1-2_i386.deb
d25f6c517d4ae139d0bf6bb5fbd58f8a 46222 net optional
mailutils-comsatd_0.6.1-2_i386.deb
c43075f68861b53849de547e9193e058 647820 mail optional
mailutils-mh_0.6.1-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCh38SJYSUupF6Il4RApb5AJ9+qGP1g3CBdQXzlxadBgWbNusrywCghkq4
RzlyeY+GjbqoHB4ElCFQaEs=
=AguP
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
