Debian Bug report logs -
#339526
spamassassin: CVE-2005-3351: Bus Error Spam Detection Bypass Vulnerability
Reported by: Geoff Crompton <geoff.crompton@strategicdata.com.au>
Date: Wed, 16 Nov 2005 22:48:02 UTC
Severity: grave
Tags: fixed-upstream, patch, sarge, security
Found in versions spamassassin/3.0.3-1, spamassassin/3.0.3-2
Fixed in version 3.1.0a-1
Done: Pierre HABOUZIT <madcoder@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Duncan Findlay <duncf@debian.org>:
Bug#339526; Package spamassassin.
(full text, mbox, link).
Acknowledgement sent to Geoff Crompton <geoff.crompton@strategicdata.com.au>:
New Bug report received and forwarded. Copy sent to Duncan Findlay <duncf@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: spamassassin
Version: 3.0.3-1
Severity: grave
File: spamassassin
Security Focus is reporting a problem with spamassassin:
http://www.securityfocus.com/bid/15373
In short, there is a perl regexp that crashes if spamassassin tries to
pass an email with thousands of addressess in it.
They refer to the spamassassin bugzilla:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4570
In that bugzilla entry someone suggested this patch:
http://issues.apache.org/SpamAssassin/attachment.cgi?id=3121
And the end of the bugzilla report it says that the fix was committed with 331942.
--
Geoff Crompton
Tags added: security
Request was from Moritz Muehlenhoff <jmm@inutil.org>
to control@bugs.debian.org.
(full text, mbox, link).
Bug marked as not found in version 3.1.0a-1.
Request was from Jonas Smedegaard <dr@jones.dk>
to control@bugs.debian.org.
(full text, mbox, link).
Bug marked as not found in version 3.1.0a-2.
Request was from Jonas Smedegaard <dr@jones.dk>
to control@bugs.debian.org.
(full text, mbox, link).
Tags added: fixed-upstream, sarge
Request was from Jonas Smedegaard <dr@jones.dk>
to control@bugs.debian.org.
(full text, mbox, link).
Bug marked as fixed in version 3.1.0a-1, send any further explanations to Geoff Crompton <geoff.crompton@strategicdata.com.au>
Request was from Jonas Smedegaard <dr@jones.dk>
to control@bugs.debian.org.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Duncan Findlay <duncf@debian.org>:
Bug#339526; Package spamassassin.
(full text, mbox, link).
Acknowledgement sent to Jonas Smedegaard <dr@jones.dk>:
Extra info received and forwarded to list. Copy sent to Duncan Findlay <duncf@debian.org>.
(full text, mbox, link).
Message #20 received at 339526@bugs.debian.org (full text, mbox, reply):
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
As subject says (but some BTS interfaces don't show subject so I
repeat here), this bug has been fixed in later releases packaged for
Etch and Sid.
So I have marked this bug as sarge, fixed-upstream and closed in
3.1.0a-1.
- Jonas
- --
* Jonas Smedegaard - idealist og Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
- Enden er nær: http://www.shibumi.org/eoti.htm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDrOSln7DbMsAkQLgRAoKFAJ4hbh9/oUtKb6LU1fQb5nUh9+z0MgCfTrFb
wMSmkXJ+w15SkLGFCKFcURE=
=VcS7
-----END PGP SIGNATURE-----
Message sent on to Geoff Crompton <geoff.crompton@strategicdata.com.au>:
Bug#339526.
(full text, mbox, link).
Bug reopened, originator not changed.
Request was from Duncan Findlay <duncf@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Bug marked as found in version 3.0.3-2.
Request was from Duncan Findlay <duncf@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Bug marked as not found in version 3.1.0a-1.
Request was from Duncan Findlay <duncf@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Duncan Findlay <duncf@debian.org>:
Bug#339526; Package spamassassin.
(full text, mbox, link).
Acknowledgement sent to Don Armstrong <don@debian.org>:
Extra info received and forwarded to list. Copy sent to Duncan Findlay <duncf@debian.org>.
(full text, mbox, link).
Message #34 received at 339526@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
tag 339526 patch
thanks
spamassassin (3.0.3-2sarge0) stable-security; urgency=high
* Fix a potential bypass of spam detection when insanely large To:
headers are encountered. (CVE-2005-3351) (Closes: #339526)
-- Don Armstrong <don@debian.org> Tue, 3 Jan 2006 07:01:02 -0800
svn diff -r261908:279666 http://svn.apache.org/repos/asf/spamassassin/trunk/lib/Mail/SpamAssassin/Message.pm
has the exact diff from upstream; patch attached.
Don Armstrong
--
We were at a chinese resturant.
He was yelling at the waitress because there was a typo in his fortune
cookie.
-- hugh macleod http://www.gapingvoid.com/batch41.php
http://www.donarmstrong.com http://rzlab.ucr.edu
[security_339562.diff (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]
Tags added: patch
Request was from Don Armstrong <don@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#339526; Package spamassassin.
(full text, mbox, link).
Acknowledgement sent to Duncan Findlay <duncf@debian.org>:
Extra info received and forwarded to list.
(full text, mbox, link).
Message #41 received at 339526@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
I sent a fixed package to the security team yesterday. As far as
"security" bugs go, the impact of this one is as minimal as
possible. Sure, it's a segfault, but we don't believe it's
exploitable, it can't really be used to launch a DoS. Spammers can use
it to force one message through, but not take down spamd, AFAIK.
--
Duncan Findlay
[signature.asc (application/pgp-signature, inline)]
Reply sent to Pierre HABOUZIT <madcoder@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Geoff Crompton <geoff.crompton@strategicdata.com.au>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #46 received at 339526-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Version: 3.1.0a-1
this bug does not concern etch/sid. closing bug for those versions.
--
·O· Pierre Habouzit
··O madcoder@debian.org
OOO http://www.madism.org
[signature.asc (application/pgp-signature, inline)]
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 24 Jun 2007 23:45:18 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:50:39 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon