Debian Bug report logs -
#385054
CVE-2006-4434: sendmail 8.13.8 fixes remote DoS vulnerability
Reported by: Stefan Fritsch <sf@sfritsch.de>
Date: Mon, 28 Aug 2006 18:48:07 UTC
Severity: serious
Tags: security
Found in version 8.13.7-2
Fixed in version sendmail/8.13.8-1
Done: Richard A Nelson (Rick) <cowboy@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Richard A Nelson (Rick) <cowboy@debian.org>:
Bug#385054; Package sendmail.
(full text, mbox, link).
Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Richard A Nelson (Rick) <cowboy@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: sendmail
Severity: grave
Tags: security
Justification: user security hole
According to [1], one of the problems fixed in 8.13.8 can be
used for a remote denial of service attack.
[1] http://secunia.com/advisories/21637/
AFAICS there is no CVE-id yet.
Severity set to `serious' from `grave'
Request was from Filipus Klutiero <ido@vif.ca>
to control@bugs.debian.org.
(full text, mbox, link).
Bug marked as found in version 8.13.7-2.
Request was from Filipus Klutiero <ido@vif.ca>
to control@bugs.debian.org.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Richard A Nelson (Rick) <cowboy@debian.org>:
Bug#385054; Package sendmail.
(full text, mbox, link).
Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>:
Extra info received and forwarded to list. Copy sent to Richard A Nelson (Rick) <cowboy@debian.org>.
(full text, mbox, link).
Message #14 received at 385054@bugs.debian.org (full text, mbox, reply):
retitle 385054 CVE-2006-4434: sendmail 8.13.8 fixes remote DoS vulnerability
thanks
CVE-2006-4434 has been assigned to this issue.
Changed Bug title.
Request was from Stefan Fritsch <sf@sfritsch.de>
to control@bugs.debian.org.
(full text, mbox, link).
Reply sent to Richard A Nelson (Rick) <cowboy@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Stefan Fritsch <sf@sfritsch.de>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #21 received at 385054-close@bugs.debian.org (full text, mbox, reply):
Source: sendmail
Source-Version: 8.13.8-1
We believe that the bug you reported is fixed in the latest version of
sendmail, which is due to be installed in the Debian FTP archive:
libmilter-dev_8.13.8-1_i386.deb
to pool/main/s/sendmail/libmilter-dev_8.13.8-1_i386.deb
libmilter0-dbg_8.13.8-1_i386.deb
to pool/main/s/sendmail/libmilter0-dbg_8.13.8-1_i386.deb
libmilter0_8.13.8-1_i386.deb
to pool/main/s/sendmail/libmilter0_8.13.8-1_i386.deb
rmail_8.13.8-1_i386.deb
to pool/main/s/sendmail/rmail_8.13.8-1_i386.deb
sendmail-base_8.13.8-1_all.deb
to pool/main/s/sendmail/sendmail-base_8.13.8-1_all.deb
sendmail-bin_8.13.8-1_i386.deb
to pool/main/s/sendmail/sendmail-bin_8.13.8-1_i386.deb
sendmail-cf_8.13.8-1_all.deb
to pool/main/s/sendmail/sendmail-cf_8.13.8-1_all.deb
sendmail-doc_8.13.8-1_all.deb
to pool/main/s/sendmail/sendmail-doc_8.13.8-1_all.deb
sendmail_8.13.8-1.diff.gz
to pool/main/s/sendmail/sendmail_8.13.8-1.diff.gz
sendmail_8.13.8-1.dsc
to pool/main/s/sendmail/sendmail_8.13.8-1.dsc
sendmail_8.13.8-1_all.deb
to pool/main/s/sendmail/sendmail_8.13.8-1_all.deb
sendmail_8.13.8.orig.tar.gz
to pool/main/s/sendmail/sendmail_8.13.8.orig.tar.gz
sensible-mda_8.13.8-1_i386.deb
to pool/main/s/sendmail/sensible-mda_8.13.8-1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 385054@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Richard A Nelson (Rick) <cowboy@debian.org> (supplier of updated sendmail package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Format: 1.7
Date: Tue, 29 Aug 2006 14:00:00 -0000
Source: sendmail
Binary: libmilter-dev rmail sendmail sendmail-doc libmilter0 sendmail-cf sensible-mda libmilter0-dbg sendmail-base sendmail-bin
Architecture: source all i386
Version: 8.13.8-1
Distribution: unstable
Urgency: high
Maintainer: Richard A Nelson (Rick) <cowboy@debian.org>
Changed-By: Richard A Nelson (Rick) <cowboy@debian.org>
Description:
libmilter-dev - Sendmail Mail Filter API (Milter)
libmilter0 - Sendmail Mail Filter API (Milter)
libmilter0-dbg - Sendmail Mail Filter API (Milter)
rmail - MTA->UUCP remote mail handler
sendmail - powerful, efficient, and scalable Mail Transport Agent
sendmail-base - powerful, efficient, and scalable Mail Transport Agent
sendmail-bin - powerful, efficient, and scalable Mail Transport Agent
sendmail-cf - powerful, efficient, and scalable Mail Transport Agent
sendmail-doc - powerful, efficient, and scalable Mail Transport Agent
sensible-mda - Mail Delivery Agent wrapper
Closes: 385054
Changes:
sendmail (8.13.8-1) unstable; urgency=high
.
* CVE-2006-4434: sendmail 8.13.8 fixes remote DoS vulnerability
use-after-free vulnerability in Sendmail before 8.13.8
closes: #385054
.
* I hadn't released this earlier because I had the 8.13.7 errata
patches in 8.13.7-2, so it didn't look like a big deal.
Files:
4e3012239cfd66c96113e686a01fef14 1021 mail extra sendmail_8.13.8-1.dsc
bcdd005ae02fdb0ecef2d6b21ac44e5d 1995868 mail extra sendmail_8.13.8.orig.tar.gz
1e885ae4bfc1d0be42f47b9f2a66ebef 376575 mail extra sendmail_8.13.8-1.diff.gz
d9c3ffc45b9aea466c33536b3bdba424 821158 doc extra sendmail-doc_8.13.8-1_all.deb
eb704edbed172f070a6e0f54bdda6653 197676 mail extra sendmail_8.13.8-1_all.deb
b9ad31d1455643e6394d987b14027116 345222 mail extra sendmail-base_8.13.8-1_all.deb
9695d3f668df09f3a7275d404e44756e 283982 mail extra sendmail-cf_8.13.8-1_all.deb
5d0d72203065c8ac2946ca32324f7c01 830758 mail extra sendmail-bin_8.13.8-1_i386.deb
ac5bb0e603fb600dcac201fcb8852228 228190 mail extra rmail_8.13.8-1_i386.deb
48ed416df51e08cbdcceeb955adf07d7 202888 mail extra sensible-mda_8.13.8-1_i386.deb
c9100df2407532ad2d0787bd31f4e397 257670 libs extra libmilter0_8.13.8-1_i386.deb
44db80f2a1d4b7671922c9417f975a3e 197266 libs extra libmilter0-dbg_8.13.8-1_i386.deb
ae88d25a4d945627205fbf93d8220027 292910 libdevel extra libmilter-dev_8.13.8-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQCVAwUBRPSyA6VTksHk9ElFAQHNywP/ZCxGNV4F4jW7F9zVDBhzmjTOJjDVZtQ+
26FRbDd0Y9xZ/hOCX3NusbxlsEL27dzUD9ZMeUI0giWN6zBTi365jIkQyJFpNlwV
drkrkxKpLLWFn9zef4qXIq0M+Kvo9l+O6a6ncHmtzq+XixXgSTS5+Tdn4dztbHp3
81jQTCuZ0TU=
=3zDF
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 25 Jun 2007 22:22:25 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:09:19 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon