Bug#624670: marked as done (exim4 dkim plugin - % in dkim signature logged to paniclog)

Debian Bug Tracking System Sat, 07 May 2011 14:30:24 -0700

Your message dated Sat, 07 May 2011 21:27:08 +0000
with message-id <[email protected]>
and subject line Bug#624670: fixed in exim4 4.72-6+squeeze1
has caused the Debian Bug report #624670,
regarding exim4 dkim plugin - % in dkim signature logged to paniclog
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
624670: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624670
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: exim4
Version: 4.72-6
Severity: normal

Exim wrongly interprets % in a dkim sig, and logs to the paniclog

This issue has been reported upstream to the exim maintainers and a fix pushed

http://bugs.exim.org/show_bug.cgi?id=1106

thanks
--srs


-- Package-specific info:
Exim version 4.72 #1 built 31-Jan-2011 19:18:08
Copyright (c) University of Cambridge, 1995 - 2007
Berkeley DB: Berkeley DB 4.8.30: (April  9, 2010)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS 
move_frozen_messages Content_Scanning DKIM Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch 
ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
GnuTLS compile-time version: 2.8.6
GnuTLS runtime version: 2.8.6
Configuration file is /etc/exim4/exim4.conf
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
#
# Please note that this is _not_ a dpkg-conffile and that automatic changes
# to this file might happen. The code handling this will honor your local
# changes, so this is usually fine, but will break local schemes that mess
# around with multiple versions of the file.
#
# update-exim4.conf uses this file to determine variable values to replace
# the DEBCONFsomethingDEBCONF strings in the configuration template files.
#
# Most settings found in here do have corresponding questions in the
# Debconf configuration, but not all of them.
#
# This is a Debian specific file

dc_eximconfig_configtype='none'
dc_other_hostnames='frodo.hserus.net'
dc_local_interfaces=''
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname=''
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'
mailname:frodo.hserus.net

-- System Information:
Debian Release: 6.0.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.utf8)
Shell: /bin/sh linked to /bin/dash

Versions of packages exim4 depends on:
ii  debconf [debconf-2.0]         1.5.36.1   Debian configuration management sy
ii  exim4-base                    4.72-6     support files for all Exim MTA (v4
ii  exim4-daemon-heavy            4.72-6     Exim MTA (v4) daemon with extended

exim4 recommends no packages.

exim4 suggests no packages.

-- debconf information:
  exim4/drec:

--- End Message ---

--- Begin Message ---

Source: exim4
Source-Version: 4.72-6+squeeze1

We believe that the bug you reported is fixed in the latest version of
exim4, which is due to be installed in the Debian FTP archive:

exim4-base_4.72-6+squeeze1_i386.deb
  to main/e/exim4/exim4-base_4.72-6+squeeze1_i386.deb
exim4-config_4.72-6+squeeze1_all.deb
  to main/e/exim4/exim4-config_4.72-6+squeeze1_all.deb
exim4-daemon-heavy-dbg_4.72-6+squeeze1_i386.deb
  to main/e/exim4/exim4-daemon-heavy-dbg_4.72-6+squeeze1_i386.deb
exim4-daemon-heavy_4.72-6+squeeze1_i386.deb
  to main/e/exim4/exim4-daemon-heavy_4.72-6+squeeze1_i386.deb
exim4-daemon-light-dbg_4.72-6+squeeze1_i386.deb
  to main/e/exim4/exim4-daemon-light-dbg_4.72-6+squeeze1_i386.deb
exim4-daemon-light_4.72-6+squeeze1_i386.deb
  to main/e/exim4/exim4-daemon-light_4.72-6+squeeze1_i386.deb
exim4-dbg_4.72-6+squeeze1_i386.deb
  to main/e/exim4/exim4-dbg_4.72-6+squeeze1_i386.deb
exim4-dev_4.72-6+squeeze1_i386.deb
  to main/e/exim4/exim4-dev_4.72-6+squeeze1_i386.deb
exim4_4.72-6+squeeze1.debian.tar.gz
  to main/e/exim4/exim4_4.72-6+squeeze1.debian.tar.gz
exim4_4.72-6+squeeze1.dsc
  to main/e/exim4/exim4_4.72-6+squeeze1.dsc
exim4_4.72-6+squeeze1_all.deb
  to main/e/exim4/exim4_4.72-6+squeeze1_all.deb
eximon4_4.72-6+squeeze1_i386.deb
  to main/e/exim4/eximon4_4.72-6+squeeze1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Metzler <[email protected]> (supplier of updated exim4 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Format: 1.8
Date: Thu, 05 May 2011 19:11:00 +0200
Source: exim4
Binary: exim4-base exim4-config exim4-daemon-light exim4 exim4-daemon-heavy 
exim4-daemon-custom eximon4 exim4-dbg exim4-daemon-light-dbg 
exim4-daemon-heavy-dbg exim4-daemon-custom-dbg exim4-dev
Architecture: source i386 all
Version: 4.72-6+squeeze1
Distribution: stable-security
Urgency: high
Maintainer: Exim4 Maintainers <[email protected]>
Changed-By: Andreas Metzler <[email protected]>
Description: 
 exim4      - metapackage to ease Exim MTA (v4) installation
 exim4-base - support files for all Exim MTA (v4) packages
 exim4-config - configuration for the Exim MTA (v4)
 exim4-daemon-custom - custom Exim MTA (v4) daemon with locally set features
 exim4-daemon-custom-dbg - debugging symbols for the Exim MTA (v4) packages
 exim4-daemon-heavy - Exim MTA (v4) daemon with extended features, including 
exiscan-ac
 exim4-daemon-heavy-dbg - debugging symbols for the Exim MTA (v4) packages
 exim4-daemon-light - lightweight Exim MTA (v4) daemon
 exim4-daemon-light-dbg - debugging symbols for the Exim MTA (v4) packages
 exim4-dbg  - debugging symbols for the Exim MTA (v4) packages
 exim4-dev  - header files for the Exim MTA (v4) packages
 eximon4    - monitor application for the Exim MTA (v4) (X11 interface)
Closes: 624670
Changes: 
 exim4 (4.72-6+squeeze1) stable-security; urgency=high
 .
   * [82_dkimpercent.diff] Pulled from upstream git. Don't pass DKIM compound
     log line as format string. CVE-2011-1764. Closes: #624670
Checksums-Sha1: 
 fde07e3632e89ae3e000ccf4d083ff166c245846 1635 exim4_4.72-6+squeeze1.dsc
 261c02c95b4d3aada73840b01f836e6874841c44 2009776 exim4_4.72.orig.tar.gz
 10de66fbd3fff8e28239c1618e4841b522e4c08a 593095 
exim4_4.72-6+squeeze1.debian.tar.gz
 58fed0fe866539232fe96ae4968e76cfea97f7dd 1008962 
exim4-base_4.72-6+squeeze1_i386.deb
 dca8211464e50e2c3886a065ef696dda3281d2c1 188468 
eximon4_4.72-6+squeeze1_i386.deb
 5b0bb330b581db51b262dd29975a2dd51e6b9ba7 549226 
exim4-daemon-light_4.72-6+squeeze1_i386.deb
 76c77df80195acd53a1cfd390fc7b115ba81ed38 598418 
exim4-daemon-heavy_4.72-6+squeeze1_i386.deb
 69b681164db9905ca77cba105f5ffc08a25ae790 809608 
exim4-daemon-light-dbg_4.72-6+squeeze1_i386.deb
 ee43fe143f82ce3e4d47bab945cbd7567c821d03 896858 
exim4-daemon-heavy-dbg_4.72-6+squeeze1_i386.deb
 11799cdb4a7e0875e715fa96eb50139cdd6d896b 354968 
exim4-dbg_4.72-6+squeeze1_i386.deb
 02e3705913f534b2f8c7b3998dac2693b145c333 160676 
exim4-dev_4.72-6+squeeze1_i386.deb
 322a56c39d3828b607b231f5726263ff4ea9c23d 464114 
exim4-config_4.72-6+squeeze1_all.deb
 459affb499c0cd391cda7fd0916116f3a1b6319a 7802 exim4_4.72-6+squeeze1_all.deb
Checksums-Sha256: 
 7e45607e32af4a6aab2d8350cc790b69dafa1907c916f16b399c0f20372de765 1635 
exim4_4.72-6+squeeze1.dsc
 029c7e78417c6b991c8a505e329854ced4c153b03c51c15748e5b023e691bfcb 2009776 
exim4_4.72.orig.tar.gz
 f9bdd1cb51968cf63af3a67be18f48b425ab4e17530267d9620c4ca3023dbc87 593095 
exim4_4.72-6+squeeze1.debian.tar.gz
 4bdcfb03d784d897ea4790b4f34fb9a4d4fc944ae05be6477cf8652c4f580de9 1008962 
exim4-base_4.72-6+squeeze1_i386.deb
 ce84ef90bf5bf0ce18a558b0d695de4243dff2532fdb076976ef35636b07e25a 188468 
eximon4_4.72-6+squeeze1_i386.deb
 a5fb55c19bf7f0e9d65663a85ec0d89cefa13d0b970066f0b8ddb02a2a0ab448 549226 
exim4-daemon-light_4.72-6+squeeze1_i386.deb
 9758c9113b692f1bade881486b36cf9c8c672158a08b59cc8e99b440a9098a14 598418 
exim4-daemon-heavy_4.72-6+squeeze1_i386.deb
 0929d3c92a935674c513e1f4fb1c4097027f0e51f57ab7667d9db8fe98e5a40b 809608 
exim4-daemon-light-dbg_4.72-6+squeeze1_i386.deb
 bc26e2b216680db48a83eba1f4d88a178a3a2c52224299f9ff21394402da065a 896858 
exim4-daemon-heavy-dbg_4.72-6+squeeze1_i386.deb
 42136564dd66fdc4f5835c19eddbc54f38da98a5fd076382ff592813c0b4c5f2 354968 
exim4-dbg_4.72-6+squeeze1_i386.deb
 705f1c47f32511f45bd6785e85c6ecbb6ba8be89180ad28a0d28417f1510409e 160676 
exim4-dev_4.72-6+squeeze1_i386.deb
 786ca6d8d22e46fbaa4b783185eee2881220661d7c78d6e2a191b99b1490d60b 464114 
exim4-config_4.72-6+squeeze1_all.deb
 88965f561d9d7f3482c06b31eb11298d1db56db699c5fa0c4fc510b42bdba586 7802 
exim4_4.72-6+squeeze1_all.deb
Files: 
 5c784ba7cc4f50a0a86276fb449fb3b6 1635 mail standard exim4_4.72-6+squeeze1.dsc
 ef5f78399eb75b84ea453e8f8722e2d2 2009776 mail standard exim4_4.72.orig.tar.gz
 8c07ddc7b0e1b80fab494046f9695726 593095 mail standard 
exim4_4.72-6+squeeze1.debian.tar.gz
 2cd73f246e871d08f2b6cab1d6b752df 1008962 mail standard 
exim4-base_4.72-6+squeeze1_i386.deb
 40b91c2e2862db2be1c5af1e4ca57813 188468 mail optional 
eximon4_4.72-6+squeeze1_i386.deb
 f69e67983be8f68401e8c0d94153fb7a 549226 mail standard 
exim4-daemon-light_4.72-6+squeeze1_i386.deb
 85090c661830075b3ef1eead71b99f07 598418 mail optional 
exim4-daemon-heavy_4.72-6+squeeze1_i386.deb
 e67c7bb3ed3f20a412664ada0096b532 809608 debug extra 
exim4-daemon-light-dbg_4.72-6+squeeze1_i386.deb
 e7498f70d30054d4aeb16d07cac06193 896858 debug extra 
exim4-daemon-heavy-dbg_4.72-6+squeeze1_i386.deb
 0675c0295f83cfa42861c4cf08495396 354968 debug extra 
exim4-dbg_4.72-6+squeeze1_i386.deb
 d4b5d1dc599b13db46bf9967da5ddcb6 160676 mail extra 
exim4-dev_4.72-6+squeeze1_i386.deb
 c3afb08f83b468b79ea85f7af6a01327 464114 mail standard 
exim4-config_4.72-6+squeeze1_all.deb
 f54e9f36be1c1407c71f800b6d5edab1 7802 mail standard 
exim4_4.72-6+squeeze1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEAREDAAYFAk3C5BIACgkQHTOcZYuNdmMWVgCeKy/hlJl+QALRQhhi4YBggkSR
8UMAnRH/mEaGeyLO/AAA0Rz155d3+0j8
=iPAo
-----END PGP SIGNATURE-----

--- End Message ---

Bug#624670: marked as done (exim4 dkim plugin - % in dkim signature logged to paniclog)

Reply via email to