Your message dated Wed, 17 Sep 2008 23:17:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#495789: fixed in milter-greylist 3.0-3.1
has caused the Debian Bug report #495789,
regarding milter-greylist has rpath to insecure location (yes/lib)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
495789: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495789
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: milter-greylist
Version: 3.0-3+b1
Severity: serious
Tags: security
Hello Cord,
milter-greylist includes a binary /usr/sbin/milter-greylist with a rpath
pointing to yes/lib.
chrpath /usr/sbin/milter-greylist
/usr/sbin/milter-greylist: RPATH=yes/lib
This allows an attacker with write access to the current working
directory where /usr/sbin/milter-greylist is started to create a
directory yes/lib and add modified libraries which will be loaded when
someone else run milter-greylist.
Cheers,
--
Bill. <[EMAIL PROTECTED]>
Imagine a large red swirl here.
--- End Message ---
--- Begin Message ---
Source: milter-greylist
Source-Version: 3.0-3.1
We believe that the bug you reported is fixed in the latest version of
milter-greylist, which is due to be installed in the Debian FTP archive:
milter-greylist_3.0-3.1.diff.gz
to pool/main/m/milter-greylist/milter-greylist_3.0-3.1.diff.gz
milter-greylist_3.0-3.1.dsc
to pool/main/m/milter-greylist/milter-greylist_3.0-3.1.dsc
milter-greylist_3.0-3.1_i386.deb
to pool/main/m/milter-greylist/milter-greylist_3.0-3.1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Frank Lichtenheld <[EMAIL PROTECTED]> (supplier of updated milter-greylist
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 14 Sep 2008 00:51:28 +0200
Source: milter-greylist
Binary: milter-greylist
Architecture: source i386
Version: 3.0-3.1
Distribution: unstable
Urgency: high
Maintainer: Cord Beermann <[EMAIL PROTECTED]>
Changed-By: Frank Lichtenheld <[EMAIL PROTECTED]>
Description:
milter-greylist - GreyList milter for sendmail
Closes: 495789
Changes:
milter-greylist (3.0-3.1) unstable; urgency=high
.
* Non-maintainer upload.
* Fix configure call so that no unsafe rpath is added to the
binaries (closes: #495789)
Checksums-Sha1:
f4e05034b1d61c13e99c8dd3f0d304c83e4adf37 1056 milter-greylist_3.0-3.1.dsc
b3ee339ca1e0a22556c5935742e3191cb2162030 34008 milter-greylist_3.0-3.1.diff.gz
82403b94f93bffe055e3b4bea5af7a3c8f8a4cb9 86274 milter-greylist_3.0-3.1_i386.deb
Checksums-Sha256:
d53578b8368acc9a1fa53589c3d077749e5cd2d50fadf5fa09994e47dd0f3848 1056
milter-greylist_3.0-3.1.dsc
518069d8fe1245cec29d108c75d3fb2a5c68863ef65853643009df26d5c27d8b 34008
milter-greylist_3.0-3.1.diff.gz
5657d2d7146c30441c5c8fbee2740cff509c57d67528a0f6094396fa80c19725 86274
milter-greylist_3.0-3.1_i386.deb
Files:
2ed11b2b377ad3195201e58bef53a92b 1056 mail extra milter-greylist_3.0-3.1.dsc
283a9c0f2e40318d336f35b114f73924 34008 mail extra
milter-greylist_3.0-3.1.diff.gz
44600513db3ec4a4af57540b91301af4 86274 mail extra
milter-greylist_3.0-3.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkjRjBwACgkQQbn06FtxPfD4yACeLL5HraSuCpkminUEUnkW9zGG
gGMAoPQZqPywaIDdb7O0sdicOCBxOOvl
=A1Ux
-----END PGP SIGNATURE-----
--- End Message ---
