Bug#551307: CVE-2009-2939 is still affecting postfix in lenny.

2010-07-19 Thread LaMont Jones 
On Thu, Jul 15, 2010 at 07:32:03PM +0200, Raoul Bhatia [IPAX] wrote:
 what about applying this patch?

Given how postfix does things internally, the exposure from this bug
is minimal to nonexistant: I doubt that it warrants a security release
for lenny.

Which would be why I haven't bothered to do anything about it.

lamont



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#551307: CVE-2009-2939 is still affecting postfix in lenny.

2010-07-15 Thread Raoul Bhatia [IPAX] 
what about applying this patch?

thanks,
raoul



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#551307: CVE-2009-2939 is still affecting postfix in lenny.

2009-10-16 Thread david b 
Package: postfix
Version: 2.5.5-1.1
Severity: important

CVE-2009-2939 is still affecting postfix in lenny.
There is a patch available at 
http://www.openwall.com/lists/oss-security/2009/09/18/6
(quote of the patch from that page).




-- 
Jamie Strandboge | http://www.canonical.com

diff -u postfix-2.5.5/debian/postfix.postinst 
postfix-2.5.5/debian/postfix.postinst
--- postfix-2.5.5/debian/postfix.postinst
+++ postfix-2.5.5/debian/postfix.postinst
@@ -211,9 +211,8 @@
 fi
  fi
   
   -for dir in pid public; do
   -makedir ${dir} postfix:root 755
   -done
   +makedir pid root:root 755
   +makedir public postfix:root 755
for dir in incoming active bounce defer deferred flush saved corrupt; do
 makedir ${dir} postfix:root 700
  if [ -n $chat ]; then


-- System Information:
Debian Release: 5.0.3
  APT prefers stable
  APT policy: (900, 'stable'), (600, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.30-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages postfix depends on:
ii  adduser   3.110  add and remove users and groups
ii  debconf [debconf- 1.5.24 Debian configuration management sy
ii  dpkg  1.14.25Debian package management system
ii  libc6 2.7-18 GNU C Library: Shared libraries
ii  libdb4.6  4.6.21-11  Berkeley v4.6 Database Libraries [
ii  libsasl2-22.1.22.dfsg1-23+lenny1 Cyrus SASL - authentication abstra
ii  libssl0.9.8   0.9.8g-15+lenny5   SSL shared libraries
ii  lsb-base  3.2-20 Linux Standard Base 3.2 init scrip
ii  netbase   4.34   Basic TCP/IP networking system
ii  ssl-cert  1.0.23 simple debconf wrapper for OpenSSL

postfix recommends no packages.

Versions of packages postfix suggests:
ii  libsasl2-modules  2.1.22.dfsg1-23+lenny1 Cyrus SASL - pluggable authenticat
ii  mutt [mail-reader 1.5.18-6   text-based mailreader supporting M
pn  postfix-cdb   none (no description available)
pn  postfix-ldap  none (no description available)
pn  postfix-mysql none (no description available)
pn  postfix-pcre  none (no description available)
pn  postfix-pgsql none (no description available)
ii  procmail  3.22-16Versatile e-mail processor
pn  resolvconfnone (no description available)
pn  sasl2-bin none (no description available)
pn  ufw   none (no description available)

-- debconf information excluded



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org