Launchpad has imported 8 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=883358.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2012-12-04T11:59:01+00:00 Jan wrote: A heap-based buffer overflow flaw was found in the way bogolexer component of Bogofilter, fast anti-spam filtering tool by Bayesian statistical analysis, performed decoding of certain base64 strings. A remote attacker could provide a specially-crafted base64 code (decoding to incomplete multibyte characters) that, when processed, would lead to bogolexer executable crash or, potentially, arbitrary code execution with the privileges of the user running the binary. Upstream advisory: [1] http://bogofilter.sourceforge.net/security/bogofilter-SA-2012-01 References: [2] http://www.openwall.com/lists/oss-security/2012/12/03/13 Relevant upstream patch: [3] http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision&revision=6973 Reproducer / regression test: [4] http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision&revision=6975 Reply at: https://bugs.launchpad.net/ubuntu/+source/bogofilter/+bug/1090551/comments/0 ------------------------------------------------------------------------ On 2012-12-04T12:00:51+00:00 Jan wrote: This issue affects the versions of the bogofilter package, as shipped with Fedora release of 16 and 17. Please schedule an update. -- This issue affects the versions of the bogofilter package, as shipped with Fedora EPEL 5 and Fedora EPEL 6. Please schedule an update. Reply at: https://bugs.launchpad.net/ubuntu/+source/bogofilter/+bug/1090551/comments/1 ------------------------------------------------------------------------ On 2012-12-04T12:02:14+00:00 Jan wrote: Created bogofilter tracking bugs for this issue Affects: fedora-all [bug 883359] Affects: epel-all [bug 883360] Reply at: https://bugs.launchpad.net/ubuntu/+source/bogofilter/+bug/1090551/comments/2 ------------------------------------------------------------------------ On 2012-12-13T05:57:14+00:00 Fedora wrote: bogofilter-1.2.3-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/bogofilter/+bug/1090551/comments/3 ------------------------------------------------------------------------ On 2012-12-13T05:58:50+00:00 Fedora wrote: bogofilter-1.2.3-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/bogofilter/+bug/1090551/comments/4 ------------------------------------------------------------------------ On 2012-12-21T00:32:46+00:00 Fedora wrote: bogofilter-1.2.3-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/bogofilter/+bug/1090551/comments/6 ------------------------------------------------------------------------ On 2012-12-21T00:33:58+00:00 Fedora wrote: bogofilter-1.2.3-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/bogofilter/+bug/1090551/comments/7 ------------------------------------------------------------------------ On 2013-01-12T01:12:20+00:00 Fedora wrote: bogofilter-1.2.3-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/bogofilter/+bug/1090551/comments/9 ** Changed in: bogofilter (Fedora) Status: Unknown => Confirmed ** Changed in: bogofilter (Fedora) Importance: Unknown => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1090551 Title: bogofilter heap vulnerabilty CVE-2012-5468 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bogofilter/+bug/1090551/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
