On Sun, 28 Aug 2005 13:00:19 +0200
Martin Schulze <[EMAIL PROTECTED]> wrote:
> Andres Salomon wrote:
> > On Sat, 2005-08-27 at 11:42 +0100, Steve Kemp wrote:
> > > On Sat, Aug 27, 2005 at 12:27:51PM +0200, Martin Schulze wrote:
> > >
> > > > Thanks a lot for the report. This is CAN-2005-2655.
> > > >
> > > > > The bug affects 1.5.3-1.1 sarge/etch/sid and 1.8.1-2 in experimental,
> > > > > and should be easy to fix: Just add setgid(getgid()) before the
> > > > > execvp(). I tested the attached patch briefly and verified that it
> > > > > builds and prevents this bug.
> > > >
> > > > Steve, could you take care of sid and experimental packages if Joy
> > > > is too busy?
> > >
> > > Certainly. Once the advisory is out I can make an upload if Joy
> > > hasn't already made one.
> > >
> >
> > I can also do an upload; Joy already said I should comaintain, I've just
>
> Please go ahead.
>
> > been waiting for racke to do a new courier upload so that I can actually
> > use maildrop (I have new maildrop packages in experimental that're just
> > rotting away, waiting).
> >
> > Speaking of racke, has anyone checked whether courier-maildrop needs the
> > same patch?
>
> Not before your mail. However, it seems that the code is in the source
> package, but there is no lockmail binary exposed by courier, hence, no
> need to patch it as well.
There is a lockmail in courier-mta, but it is not setuid in the sarge version.
Bye
Racke
--
LinuXia Systems => http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP => http://www.icdevgroup.org/
Interchange Development Team
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
