-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.0 Source: dovecot-antispam Binary: dovecot-antispam Architecture: any Version: 2.0+20130912-2 Maintainer: Ron Lee <[email protected]> Homepage: http://johannes.sipsolutions.net/Projects/dovecot-antispam Standards-Version: 3.9.6.0 Vcs-Browser: http://git.debian.org/?p=users/ron/dovecot-antispam.git;a=summary Vcs-Git: git://git.debian.org/users/ron/dovecot-antispam.git Build-Depends: debhelper (>= 5), dovecot-dev (>= 1:2.2.13-4) Package-List: dovecot-antispam deb mail optional arch=any Checksums-Sha1: ffd237902266f8ed57e59658e62bfc547d6ab082 30661 dovecot-antispam_2.0+20130912.orig.tar.gz 776a45f61a6f4f191dcc8832924a8865cf5754e7 3848 dovecot-antispam_2.0+20130912-2.diff.gz Checksums-Sha256: 8e1d24ab1018abe9681da19da1509f0afbcdbe65f5f4ec98d65dbcc2e62df7b2 30661 dovecot-antispam_2.0+20130912.orig.tar.gz 6e93dfcdce0439ac38c539932c4845998381273e6ed22daaeaeb5bf7cd0bcfbf 3848 dovecot-antispam_2.0+20130912-2.diff.gz Files: 38aaad8474c223911c3851a5616e6aa7 30661 dovecot-antispam_2.0+20130912.orig.tar.gz 4eae885cfabb6689dcb5baa7f2d413cb 3848 dovecot-antispam_2.0+20130912-2.diff.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJU6RD/AAoJECSWn9pgwHEsg1EQAJhHIzH2nTuqFyVI43eBXIFL x3bdNu6DvO+O1nYhxkUSiCXuOUfOrSoEKHA9udlqvSbWgQzomLaz/EeVG8f/1b3S h6Mm72vLwe9800wJupeZJhizAy8Z9hX6UcGzHkRy3rkoleWvcjbZMLuhUkfcUJ0h D4Ap0CoRUExTTvZgxgyzMkb7+Dn+3HLxNJxBRyd1/72uUb9QW2J6gowGiTQX0FJw LeZ+BTVqhLkeu7eGnQZFSPITwPSOKAPO1+Qi6ooKyya11/DAnunBohCfkEXCxkDH linaaB/n30oc09XE3J7JZbArrRY2Dm4rhs1METnJfs4EchiLvFjTDLZl3IVPmGpR EX+xJa/r2B+kZMxV7+Ys95P09c57QVa/bGjzm8fbw2XmfyJeKZRpFE9ZGkKpve6D h4KCsw0sFt7R45ZBMpvojQSBgrSCP+VFKldam1mPtwWCPsRBltrUmWdhb1qAwStF J3mCR5FbQqKEJ+cDfPOrD0W7uyVyDBQWEqZLrDwnW6ogdkUpDG4IqqrSxMbuRPhS X1yJfPvhtqxO44Ze4dCiWnGOmBXwVZ+fFyikpwusmby333Tezpx663vk46aWTU9+ E4M4zKE4SNecxOI2guGWAA8a2bYVnlpwz7IqKd3sGdCGzPCjCPhzalWVO0sqpjfD jpPZU67h2kDsA4RUlyou =4+Li -----END PGP SIGNATURE----- Changes: dovecot-antispam (2.0+20130912-2) unstable; urgency=medium * Use the correct argc for pipe.ham_args This fixes a typo bug, where if the number of arguments set for antispam_pipe_program_spam_arg is not the same as what was set for antispam_pipe_program_notspam_arg, then we'll either scribble past the end of the allocated argv array, or populate it with pointers to whatever followed the real ham_args. Thanks to Peter Colberg who reported this, including a correct patch to fix it, to the security team. The security implications of this seem somewhat limited, since you need to edit a config file as root to create the bad situation, and there is no path for remote injection of crafted data (whether it overflows or underflows) if you do, the argv array will just get some 'random' extra pointers to existing internal data. However it does pose a potential problem for a legitimate user who does legitimately need or want to pass a different number of arguments for the spam and ham cases, since that could crash dovecot, or confuse the hell out of their pipe program when it gets some random extra arguments. It's probably gone unnoticed for this long because most uses will pass the same number of arguments for both of them, but that's not a necessary condition in the general case. -- Ron Lee <[email protected]> Sun, 22 Feb 2015 09:27:51 +1030
