Debian Bug report logs -
#373801
sendmail: malformed MIME message leads to potential denial of service (CVE-2006-1173)
Reported by: Joost van Baal <j.e.vanbaal+debian-bugs-20060615-3@uvt.nl>
Date: Thu, 15 Jun 2006 16:03:10 UTC
Severity: critical
Tags: security
Found in versions sendmail/8.13.6-1, sendmail/8.13.4-3sarge1
Fixed in version sendmail/8.13.7-1
Done: Filipus Klutiero <chealer@vif.com>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Richard A Nelson (Rick) <cowboy@debian.org>:
Bug#373801; Package sendmail.
(full text, mbox, link).
Acknowledgement sent to Joost van Baal <j.e.vanbaal+debian-bugs-20060615-3@uvt.nl>:
New Bug report received and forwarded. Copy sent to Richard A Nelson (Rick) <cowboy@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: sendmail
Version: 8.13.6-1
Severity: critical
Tags: security
Hi,
CVE-2006-1173 / VU#146718 applies to sendmail < 8.13.7. Upstream
released a fix in 8.13.7, as well as patches for 8.13.6 and 8.12.11.
Bye,
Joost
[signature.asc (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Richard A Nelson (Rick) <cowboy@debian.org>:
Bug#373801; Package sendmail.
(full text, mbox, link).
Acknowledgement sent to Richard A Nelson <cowboy@debian.org>:
Extra info received and forwarded to list. Copy sent to Richard A Nelson (Rick) <cowboy@debian.org>.
(full text, mbox, link).
Message #10 received at submit@bugs.debian.org (full text, mbox, reply):
On Thu, 15 Jun 2006, Joost van Baal wrote:
> Package: sendmail
> Version: 8.13.6-1
> Severity: critical
> Tags: security
>
>
> Hi,
Hello
> CVE-2006-1173 / VU#146718 applies to sendmail < 8.13.7. Upstream
> released a fix in 8.13.7, as well as patches for 8.13.6 and 8.12.11.
Yeah, I uploaded 8.13.7 yesterday before it had a CVE, and at the time,
I didn't find patches for the back level systems... thanks for the update.
I'll see if I can find someone in the security group...
--
Rick Nelson
<theoddone33> What's this message on my screen,
<theoddone33> so blue, so blue, what could it mean?
<theoddone33> Could you, would you press Delete,
<theoddone33> Ctrl and Alt and then repeat.
Bug marked as fixed in version 8.13.7-1, send any further explanations to Joost van Baal <j.e.vanbaal+debian-bugs-20060615-3@uvt.nl>
Request was from Filipus Klutiero <chealer@vif.com>
to control@bugs.debian.org.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Richard A Nelson (Rick) <cowboy@debian.org>:
Bug#373801; Package sendmail.
(full text, mbox, link).
Acknowledgement sent to "Sergey N. Voronkov" <serg@tmn.ru>:
Extra info received and forwarded to list. Copy sent to Richard A Nelson (Rick) <cowboy@debian.org>.
(full text, mbox, link).
Message #18 received at 373801@bugs.debian.org (full text, mbox, reply):
Please, reopen this bug. It isn't fixed in sarge.
Sergey N. Voronkov,
Sibitex Ltd.
Information forwarded to debian-bugs-dist@lists.debian.org, Richard A Nelson (Rick) <cowboy@debian.org>:
Bug#373801; Package sendmail.
(full text, mbox, link).
Acknowledgement sent to Joaquin Urrutia <joaco@j0aco.com>:
Extra info received and forwarded to list. Copy sent to Richard A Nelson (Rick) <cowboy@debian.org>.
(full text, mbox, link).
Message #23 received at 373801@bugs.debian.org (full text, mbox, reply):
Package: sendmail
Version: 8.13.4-3sarge1
Followup-For: Bug #373801
Please, reopen this bug. It isn't fixed in sarge.
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Information forwarded to debian-bugs-dist@lists.debian.org, Richard A Nelson (Rick) <cowboy@debian.org>:
Bug#373801; Package sendmail.
(full text, mbox, link).
Acknowledgement sent to Joaquin Urrutia <joaco@j0aco.com>:
Extra info received and forwarded to list. Copy sent to Richard A Nelson (Rick) <cowboy@debian.org>.
(full text, mbox, link).
Message #28 received at 373801@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: sendmail
Version: 8.13.4-3sarge1
Followup-For: Bug #373801
This is a patch based on sendmail-8.13.1-VU#146718.patch from redhat
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.30-acens-sata
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
[CVE-2006-1173.patch (text/x-c, attachment)]
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 24 Jun 2007 08:30:42 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:19:37 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon