Your message dated Mon, 27 Jun 2005 22:53:51 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#314433: fixed in razor 2.720-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 16 Jun 2005 08:40:58 +0000
>From [EMAIL PROTECTED] Thu Jun 16 01:40:58 2005
Return-path: <[EMAIL PROTECTED]>
Received: from spamkiller.syso.ch [213.188.32.179]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Dipvm-0008KZ-00; Thu, 16 Jun 2005 01:40:58 -0700
Received: from spamkiller.syso.ch (localhost [127.0.0.1])
by spamkiller.syso.ch (8.13.4/8.13.4/ScoutNet-Spam-Virus-Wall) with
ESMTP id j5G8ejwO009717
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
for <[EMAIL PROTECTED]>; Thu, 16 Jun 2005 10:40:48 +0200
Received: (from [EMAIL PROTECTED])
by spamkiller.syso.ch (8.13.4/8.13.4/Submit) id j5G8ejq5009716;
Thu, 16 Jun 2005 10:40:45 +0200
Message-Id: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Benoit Panizzon <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: crafted emails get razor to segfault
X-Mailer: reportbug 3.8
Date: Thu, 16 Jun 2005 10:40:44 +0200
X-SNCH-Virus-Status: NO, scantime="0.0053 seconds"
X-Spam-Checksum: aecbba154787dec947ad7291a180c487
X-SNCH-SpamassassinHits: -0.199
X-SNCH-SpamTests: BAYES_50,SPF_HELO_PASS,SPF_PASS
X-SNCH-Scantime: "7.3224 seconds"
X-SNCH-Report: ---- Start der SNCH-SpamAssassin Auswertung
-0.1 SPF_HELO_PASS SPF: HELO matches SPF record
-0.1 SPF_PASS SPF: sender matches SPF record
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.5000]
---- Ende der SNCH-SpamAssassin Auswertung
X-Scanned-By: MIMEDefang 2.51 on 213.188.32.179
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: razor
Version: 2.670-1
Severity: grave
Tags: patch
Justification: causes non-serious data loss
Hi Razor Maintainer
Special crafted emails can be used to DOS razor.
Some examples of such emails can be found on:
http://sourceforge.net/mailarchive/forum.php?thread_id=7244345&forum_id=10149
The Problem has been fixed in Razor 2.71:
http://razor.sourceforge.net/
Regards
-Benoit-
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages razor depends on:
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libdigest-hmac-perl 1.01-3 create standard message integrity
pn libdigest-md5-perl Not found.
ii libdigest-nilsimsa-perl 0.06-2 Nilsimsa message digest algorithm
ii libdigest-sha1-perl 2.10-1 NIST SHA-1 message digest algorith
pn libmime-base64-perl Not found.
ii libnet-dns-perl 0.48-1 Perform DNS queries from a Perl sc
ii liburi-perl 1.35-1 Manipulates and accesses URI strin
ii perl [libtime-hires-perl] 5.8.4-8 Larry Wall's Practical Extraction
ii perl-modules [libtest-simpl 5.8.4-8 Core Perl modules
-- no debconf information
---------------------------------------
Received: (at 314433-close) by bugs.debian.org; 28 Jun 2005 03:09:59 +0000
>From [EMAIL PROTECTED] Mon Jun 27 20:09:59 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Dn6U3-0008Oo-00; Mon, 27 Jun 2005 20:09:59 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1Dn6ER-0008J6-00; Mon, 27 Jun 2005 22:53:51 -0400
From: Corrin Lakeland <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#314433: fixed in razor 2.720-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Mon, 27 Jun 2005 22:53:51 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: razor
Source-Version: 2.720-1
We believe that the bug you reported is fixed in the latest version of
razor, which is due to be installed in the Debian FTP archive:
razor_2.720-1.diff.gz
to pool/main/r/razor/razor_2.720-1.diff.gz
razor_2.720-1.dsc
to pool/main/r/razor/razor_2.720-1.dsc
razor_2.720-1_powerpc.deb
to pool/main/r/razor/razor_2.720-1_powerpc.deb
razor_2.720.orig.tar.gz
to pool/main/r/razor/razor_2.720.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Corrin Lakeland <[EMAIL PROTECTED]> (supplier of updated razor package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 24 Jun 2005 10:21:35 +1200
Source: razor
Binary: razor
Architecture: source powerpc
Version: 2.720-1
Distribution: unstable
Urgency: medium
Maintainer: Corrin Lakeland <[EMAIL PROTECTED]>
Changed-By: Corrin Lakeland <[EMAIL PROTECTED]>
Description:
razor - spam-catcher using a collaborative filtering network
Closes: 314433
Changes:
razor (2.720-1) unstable; urgency=medium
.
* New upstream
* Fix to corrupted emails crashing razor (Closes: #314433)
This fix is a hack (from freeBSD). Hopefully the next version will fix
the issue correctly. The version of razor released with stable (2.67) is
not vulnerable to the particular emails that crash 2.7, but it is believed
to be possible to create an email that would crash 2.67.
* Sys-syslog logging (Bug: #295727) is still broken in this release.
I wanted to get this release out quickly to avoid the potential DOS attack.
Files:
2d85f90c3f9d1cbacae14725a031335e 644 mail optional razor_2.720-1.dsc
cf118fd9d7e5357a2f9b9c8d90fb7096 88479 mail optional razor_2.720.orig.tar.gz
4a1697f87937b68dc621e8b3c67ad82d 10741 mail optional razor_2.720-1.diff.gz
59400a0d40fffd2fd1dafcdbfe1fd4be 117218 mail optional razor_2.720-1_powerpc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCuzyki5A0ZsG8x8cRAty/AJ9tutAzpYmxgbqOGo5HyJzLOJMmPwCfaDMf
GdBFSowBkkFIwDuU/fuT1CM=
=3qP1
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
