[Bug 779391] Re: CVE-2011-1764: format string vulnerability
** Changed in: exim4 (Debian) Status: Unknown = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to exim4 in Ubuntu. https://bugs.launchpad.net/bugs/779391 Title: CVE-2011-1764: format string vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/exim/+bug/779391/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 779391] Re: CVE-2011-1764: format string vulnerability
This bug was fixed in the package exim4 - 4.76-1ubuntu1 --- exim4 (4.76-1ubuntu1) oneiric; urgency=low * Merge from debian unstable. Remaining changes (LP: #779391): - debian/control: Don't declare a Provides: default-mta; in Ubuntu, we want postfix to be the default. exim4 (4.76-1) unstable; urgency=low * New upstream version. * Drop 80_match_isinlist.diff (included upstream). exim4 (4.76~RC1-3) experimental; urgency=low * 80_match_isinlist.diff pulled from upstream git. exim4 (4.76~RC1-2) experimental; urgency=low * Fix testsuite error. * Disable verification of DKIM signatures if DC_minimaldns or the (newly added) DISABLE_DKIM_VERIFY macro are set. Closes: #609764 * [lintian] Drop useless comments from debian/watch. exim4 (4.76~RC1-1) experimental; urgency=low * New upstream version. * Drop superfluous patches. 80_ldap_require_cert-work.diff 81_negatebool.diff 82_dkimpercent.diff * [Lintian] Fix grammar error in manpage (spelling-error-in-manpage update-exim4defaults.8.gz allows to allows one to). * [debian/minimaltest]: Added. Try to run a minimal functionality test after building exim. (Currently only supported if the build-system has a Debian-exim user.) exim4 (4.75-3) unstable; urgency=high * [debian/rules] Fix dependencies and targets, speeding up package build. Previously everything was compiled twice. * Patches pulled from upstream git: +81_negatebool.diff Negating the $bool expansion condition did not work. +82_dkimpercent.diff dkim sig logged to paniclog. Closes: #624670 (CVE-2011-1764) -- Stephane Graber stgra...@ubuntu.com Mon, 23 May 2011 12:37:30 -0400 ** Changed in: exim4 (Ubuntu Oneiric) Status: In Progress = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to exim4 in Ubuntu. https://bugs.launchpad.net/bugs/779391 Title: CVE-2011-1764: format string vulnerability -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 779391] Re: CVE-2011-1764: format string vulnerability
** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to exim4 in Ubuntu. https://bugs.launchpad.net/bugs/779391 Title: CVE-2011-1764: format string vulnerability -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 779391] Re: CVE-2011-1764: format string vulnerability
This bug was fixed in the package exim4 - 4.74-1ubuntu1.1 --- exim4 (4.74-1ubuntu1.1) natty-security; urgency=low * SECURITY UPDATE: format string vulnerability (LP: #779391) - debian/patches/85_CVE-2011-1764.patch: patch from upstream - CVE-2011-1764 -- Felix Geyer debfx-...@fobos.de Sun, 08 May 2011 15:31:05 +0200 ** Changed in: exim4 (Ubuntu Natty) Status: Fix Committed = Fix Released ** Changed in: exim4 (Ubuntu Maverick) Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to exim4 in Ubuntu. https://bugs.launchpad.net/bugs/779391 Title: CVE-2011-1764: format string vulnerability -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 779391] Re: CVE-2011-1764: format string vulnerability
This bug was fixed in the package exim4 - 4.72-1ubuntu1.2 --- exim4 (4.72-1ubuntu1.2) maverick-security; urgency=low * SECURITY UPDATE: format string vulnerability (LP: #779391) - debian/patches/85_CVE-2011-1764.patch: patch from upstream - CVE-2011-1764 -- Kees Cook k...@ubuntu.com Mon, 09 May 2011 16:51:44 -0700 ** Changed in: exim4 (Ubuntu Lucid) Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to exim4 in Ubuntu. https://bugs.launchpad.net/bugs/779391 Title: CVE-2011-1764: format string vulnerability -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 779391] Re: CVE-2011-1764: format string vulnerability
This bug was fixed in the package exim4 - 4.71-3ubuntu1.2 --- exim4 (4.71-3ubuntu1.2) lucid-security; urgency=low * SECURITY UPDATE: format string vulnerability (LP: #779391) - debian/patches/85_CVE-2011-1764.patch: patch from upstream - CVE-2011-1764 -- Felix Geyer debfx-...@fobos.de Sun, 08 May 2011 15:31:05 +0200 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to exim4 in Ubuntu. https://bugs.launchpad.net/bugs/779391 Title: CVE-2011-1764: format string vulnerability -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 779391] Re: CVE-2011-1764: format string vulnerability
** Branch linked: lp:ubuntu/maverick-security/exim4 ** Branch linked: lp:ubuntu/natty-security/exim4 ** Branch linked: lp:ubuntu/lucid-security/exim4 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to exim4 in Ubuntu. https://bugs.launchpad.net/bugs/779391 Title: CVE-2011-1764: format string vulnerability -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 779391] Re: CVE-2011-1764: format string vulnerability
AAaargh. Who reimplements sprintf!? I am working on hardy and dapper now. Will have this uploaded shortly. Thanks for double-checking and getting the Lucid and Oneiric patches ready! At least full ASLR (PIE[1]) is in place in Lucid and later, so exploiting this is difficult, but not impossible. [1] https://wiki.ubuntu.com/Security/Features#pie -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to exim4 in Ubuntu. https://bugs.launchpad.net/bugs/779391 Title: CVE-2011-1764: format string vulnerability -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 779391] Re: CVE-2011-1764: format string vulnerability
Er, nevermind, DKIM was added after Hardy. ** Also affects: exim4 (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: exim4 (Ubuntu Maverick) Importance: Undecided Status: New ** Also affects: exim4 (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: exim4 (Ubuntu Oneiric) Importance: Undecided Status: Triaged ** Changed in: exim4 (Ubuntu Lucid) Status: New = Fix Committed ** Changed in: exim4 (Ubuntu Maverick) Status: New = Fix Committed ** Changed in: exim4 (Ubuntu Natty) Status: New = Fix Committed ** Changed in: exim4 (Ubuntu Oneiric) Status: Triaged = In Progress ** Changed in: exim4 (Ubuntu Lucid) Importance: Undecided = Medium ** Changed in: exim4 (Ubuntu Maverick) Importance: Undecided = Medium ** Changed in: exim4 (Ubuntu Natty) Importance: Undecided = Medium ** Changed in: exim4 (Ubuntu Oneiric) Importance: Undecided = Medium ** Changed in: exim4 (Ubuntu Lucid) Assignee: (unassigned) = Kees Cook (kees) ** Changed in: exim4 (Ubuntu Maverick) Assignee: (unassigned) = Kees Cook (kees) ** Changed in: exim4 (Ubuntu Natty) Assignee: (unassigned) = Kees Cook (kees) ** Changed in: exim4 (Ubuntu Oneiric) Assignee: (unassigned) = Kees Cook (kees) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to exim4 in Ubuntu. https://bugs.launchpad.net/bugs/779391 Title: CVE-2011-1764: format string vulnerability -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 779391] Re: CVE-2011-1764: format string vulnerability
** Bug watch added: Debian Bug tracker #624670 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624670 ** Also affects: exim4 (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624670 Importance: Unknown Status: Unknown ** Bug watch added: bugs.exim.org/ #1106 http://bugs.exim.org/show_bug.cgi?id=1106 ** Also affects: exim via http://bugs.exim.org/show_bug.cgi?id=1106 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to exim4 in Ubuntu. https://bugs.launchpad.net/bugs/779391 Title: CVE-2011-1764: format string vulnerability -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 779391] Re: CVE-2011-1764: format string vulnerability
** Changed in: exim4 (Ubuntu) Status: New = Triaged -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to exim4 in Ubuntu. https://bugs.launchpad.net/bugs/779391 Title: CVE-2011-1764: format string vulnerability -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 779391] Re: CVE-2011-1764: format string vulnerability
** Changed in: exim Status: Unknown = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to exim4 in Ubuntu. https://bugs.launchpad.net/bugs/779391 Title: CVE-2011-1764: format string vulnerability -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 779391] Re: CVE-2011-1764: format string vulnerability
Affects lucid - oneiric (exim4 = 4.70). -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to exim4 in Ubuntu. https://bugs.launchpad.net/bugs/779391 Title: CVE-2011-1764: format string vulnerability -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 779391] Re: CVE-2011-1764: format string vulnerability
Fix for oneiric by merging 4.75-3 from Debian. ** Patch added: exim4_4.75-3ubuntu1.debdiff https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/779391/+attachment/2119702/+files/exim4_4.75-3ubuntu1.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to exim4 in Ubuntu. https://bugs.launchpad.net/bugs/779391 Title: CVE-2011-1764: format string vulnerability -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 779391] Re: CVE-2011-1764: format string vulnerability
debdiff for lucid ** Patch added: exim4_4.71-3ubuntu1.2.debdiff https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/779391/+attachment/2119726/+files/exim4_4.71-3ubuntu1.2.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to exim4 in Ubuntu. https://bugs.launchpad.net/bugs/779391 Title: CVE-2011-1764: format string vulnerability -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs