Package: postfix
Version: 2.5.5-1.1
Severity: important
CVE-2009-2939 is still affecting postfix in lenny.
There is a patch available at
http://www.openwall.com/lists/oss-security/2009/09/18/6
(quote of the patch from that page).
--
Jamie Strandboge | http://www.canonical.com
diff -u postfix-2.5.5/debian/postfix.postinst
postfix-2.5.5/debian/postfix.postinst
--- postfix-2.5.5/debian/postfix.postinst
+++ postfix-2.5.5/debian/postfix.postinst
@@ -211,9 +211,8 @@
fi
fi
-for dir in pid public; do
-makedir ${dir} postfix:root 755
-done
+makedir pid root:root 755
+makedir public postfix:root 755
for dir in incoming active bounce defer deferred flush saved corrupt; do
makedir ${dir} postfix:root 700
if [ -n $chat ]; then
-- System Information:
Debian Release: 5.0.3
APT prefers stable
APT policy: (900, 'stable'), (600, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.30-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages postfix depends on:
ii adduser 3.110 add and remove users and groups
ii debconf [debconf- 1.5.24 Debian configuration management sy
ii dpkg 1.14.25Debian package management system
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libdb4.6 4.6.21-11 Berkeley v4.6 Database Libraries [
ii libsasl2-22.1.22.dfsg1-23+lenny1 Cyrus SASL - authentication abstra
ii libssl0.9.8 0.9.8g-15+lenny5 SSL shared libraries
ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip
ii netbase 4.34 Basic TCP/IP networking system
ii ssl-cert 1.0.23 simple debconf wrapper for OpenSSL
postfix recommends no packages.
Versions of packages postfix suggests:
ii libsasl2-modules 2.1.22.dfsg1-23+lenny1 Cyrus SASL - pluggable authenticat
ii mutt [mail-reader 1.5.18-6 text-based mailreader supporting M
pn postfix-cdb none (no description available)
pn postfix-ldap none (no description available)
pn postfix-mysql none (no description available)
pn postfix-pcre none (no description available)
pn postfix-pgsql none (no description available)
ii procmail 3.22-16Versatile e-mail processor
pn resolvconfnone (no description available)
pn sasl2-bin none (no description available)
pn ufw none (no description available)
-- debconf information excluded
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org