Debian Bug report logs -
#564581
CVE-2009-4565: does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate
Reported by: Giuseppe Iuculano <iuculano@debian.org>
Date: Sun, 10 Jan 2010 13:18:01 UTC
Severity: grave
Tags: security
Found in versions sendmail/8.14.3-9, sendmail/8.13.8-3, sendmail/8.14.3-5
Fixed in versions sendmail/8.14.3-9.1, sendmail/8.14.3-5+lenny1, sendmail/8.13.8-3+etch4
Done: Giuseppe Iuculano <iuculano@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Richard A Nelson (Rick) <cowboy@debian.org>:
Bug#564581; Package sendmail.
(Sun, 10 Jan 2010 13:18:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Giuseppe Iuculano <iuculano@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Richard A Nelson (Rick) <cowboy@debian.org>.
(Sun, 10 Jan 2010 13:18:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: sendmail
Severity: grave
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for sendmail.
CVE-2009-4565[0]:
| sendmail before 8.14.4 does not properly handle a '\0' character in a
| Common Name (CN) field of an X.509 certificate, which (1) allows
| man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers
| via a crafted server certificate issued by a legitimate Certification
| Authority, and (2) allows remote attackers to bypass intended access
| restrictions via a crafted client certificate issued by a legitimate
| Certification Authority, a related issue to CVE-2009-2408.
Please coordinate with the security team (team@security.debian.org) to
prepare packages for the stable and oldstable releases.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4565
http://security-tracker.debian.org/tracker/CVE-2009-4565
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAktJ0v8ACgkQNxpp46476arSPQCggai2b9hxDmyUNjQC57+13y9H
TcgAoIsxCtp300SC4dBed2rvBNziY1sy
=Ob7s
-----END PGP SIGNATURE-----
Bug Marked as found in versions sendmail/8.13.8-3.
Request was from Holger Levsen <holger@layer-acht.org>
to control@bugs.debian.org.
(Mon, 11 Jan 2010 11:21:09 GMT) (full text, mbox, link).
Bug Marked as found in versions sendmail/8.14.3-5.
Request was from Holger Levsen <holger@layer-acht.org>
to control@bugs.debian.org.
(Mon, 11 Jan 2010 11:21:10 GMT) (full text, mbox, link).
Bug Marked as found in versions sendmail/8.14.3-9.
Request was from Holger Levsen <holger@layer-acht.org>
to control@bugs.debian.org.
(Mon, 11 Jan 2010 11:21:11 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Richard A Nelson (Rick) <cowboy@debian.org>:
Bug#564581; Package sendmail.
(Fri, 29 Jan 2010 13:30:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Giuseppe Iuculano <iuculano@debian.org>:
Extra info received and forwarded to list. Copy sent to Richard A Nelson (Rick) <cowboy@debian.org>.
(Fri, 29 Jan 2010 13:30:03 GMT) (full text, mbox, link).
Message #16 received at 564581@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
Attached is a debdiff of the changes I made for 8.14.3-9.1 0-day NMU.
Cheers,
Giuseppe
[signature.asc (application/pgp-signature, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Richard A Nelson (Rick) <cowboy@debian.org>:
Bug#564581; Package sendmail.
(Fri, 29 Jan 2010 13:36:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Giuseppe Iuculano <iuculano@debian.org>:
Extra info received and forwarded to list. Copy sent to Richard A Nelson (Rick) <cowboy@debian.org>.
(Fri, 29 Jan 2010 13:36:03 GMT) (full text, mbox, link).
Message #21 received at 564581@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
Attached is a debdiff of the changes I made for 8.14.3-9.1 0-day NMU.
Cheers,
Giuseppe
[sendmail_8.14.3-9.1.debdiff (text/plain, attachment)]
[signature.asc (application/pgp-signature, attachment)]
Reply sent
to Giuseppe Iuculano <iuculano@debian.org>:
You have taken responsibility.
(Fri, 29 Jan 2010 13:51:11 GMT) (full text, mbox, link).
Notification sent
to Giuseppe Iuculano <iuculano@debian.org>:
Bug acknowledged by developer.
(Fri, 29 Jan 2010 13:51:11 GMT) (full text, mbox, link).
Message #26 received at 564581-close@bugs.debian.org (full text, mbox, reply):
Source: sendmail
Source-Version: 8.14.3-9.1
We believe that the bug you reported is fixed in the latest version of
sendmail, which is due to be installed in the Debian FTP archive:
libmilter-dev_8.14.3-9.1_i386.deb
to main/s/sendmail/libmilter-dev_8.14.3-9.1_i386.deb
libmilter1.0.1-dbg_8.14.3-9.1_i386.deb
to main/s/sendmail/libmilter1.0.1-dbg_8.14.3-9.1_i386.deb
libmilter1.0.1_8.14.3-9.1_i386.deb
to main/s/sendmail/libmilter1.0.1_8.14.3-9.1_i386.deb
rmail_8.14.3-9.1_i386.deb
to main/s/sendmail/rmail_8.14.3-9.1_i386.deb
sendmail-base_8.14.3-9.1_all.deb
to main/s/sendmail/sendmail-base_8.14.3-9.1_all.deb
sendmail-bin_8.14.3-9.1_i386.deb
to main/s/sendmail/sendmail-bin_8.14.3-9.1_i386.deb
sendmail-cf_8.14.3-9.1_all.deb
to main/s/sendmail/sendmail-cf_8.14.3-9.1_all.deb
sendmail-doc_8.14.3-9.1_all.deb
to main/s/sendmail/sendmail-doc_8.14.3-9.1_all.deb
sendmail_8.14.3-9.1.diff.gz
to main/s/sendmail/sendmail_8.14.3-9.1.diff.gz
sendmail_8.14.3-9.1.dsc
to main/s/sendmail/sendmail_8.14.3-9.1.dsc
sendmail_8.14.3-9.1_all.deb
to main/s/sendmail/sendmail_8.14.3-9.1_all.deb
sensible-mda_8.14.3-9.1_i386.deb
to main/s/sendmail/sensible-mda_8.14.3-9.1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 564581@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <iuculano@debian.org> (supplier of updated sendmail package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 29 Jan 2010 14:16:07 +0100
Source: sendmail
Binary: sendmail-bin rmail sensible-mda libmilter1.0.1 libmilter1.0.1-dbg libmilter-dev sendmail-doc sendmail sendmail-base sendmail-cf
Architecture: source all i386
Version: 8.14.3-9.1
Distribution: unstable
Urgency: high
Maintainer: Richard A Nelson (Rick) <cowboy@debian.org>
Changed-By: Giuseppe Iuculano <iuculano@debian.org>
Description:
libmilter-dev - Sendmail Mail Filter API (Milter)
libmilter1.0.1 - Sendmail Mail Filter API (Milter)
libmilter1.0.1-dbg - Sendmail Mail Filter API (Milter)
rmail - MTA->UUCP remote mail handler
sendmail - powerful, efficient, and scalable Mail Transport Agent
sendmail-base - powerful, efficient, and scalable Mail Transport Agent
sendmail-bin - powerful, efficient, and scalable Mail Transport Agent
sendmail-cf - powerful, efficient, and scalable Mail Transport Agent
sendmail-doc - powerful, efficient, and scalable Mail Transport Agent
sensible-mda - Mail Delivery Agent wrapper
Closes: 564581
Changes:
sendmail (8.14.3-9.1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fixed CVE-2009-4565: incorrect verification of SSL certificate with NUL in
name (Closes: #564581)
Checksums-Sha1:
d44676a5a7c561d6f8c45e64affa7b607c986517 1491 sendmail_8.14.3-9.1.dsc
aec5e725c856e1dc0056d59756b23bd893d862b4 470567 sendmail_8.14.3-9.1.diff.gz
2d3541e0a39190cd07c3d0583120948f601bdf99 834020 sendmail-doc_8.14.3-9.1_all.deb
e7d4d6638e375bb3634fcab7eb9e09c5ba72a422 206780 sendmail_8.14.3-9.1_all.deb
f637ef289c81d22854de9c0641fcdb18799c2722 359116 sendmail-base_8.14.3-9.1_all.deb
de36515cc94c5047dcd22879135c2f5cbbba7748 295718 sendmail-cf_8.14.3-9.1_all.deb
cbfb02fa1914cba963f2b56af2f595d3521692cb 928230 sendmail-bin_8.14.3-9.1_i386.deb
7a7dc682dae60ca490b90ac9176e327d7d5e7f72 243756 rmail_8.14.3-9.1_i386.deb
1bc9750b403b00a217fd6c484b914727c665ff10 214914 sensible-mda_8.14.3-9.1_i386.deb
ce1e3ad64eb5b7477d8aef3d4ddcea6eb115e794 236018 libmilter1.0.1_8.14.3-9.1_i386.deb
3cd016cc8f32bcf6a1b63acc6d5331ec11f0b247 253254 libmilter1.0.1-dbg_8.14.3-9.1_i386.deb
29087b4012a7c4df38c63e15ceaa862b933649be 319152 libmilter-dev_8.14.3-9.1_i386.deb
Checksums-Sha256:
f838ede91cc09ea58b92756964b9eae302be4d869bc94ee916f7beb506bc8685 1491 sendmail_8.14.3-9.1.dsc
fc2cce31b481175d458e461d189a51227b4f39c0b1830f8959fbda30114ec5cc 470567 sendmail_8.14.3-9.1.diff.gz
e9c104c19db05642fe7e41882b882b2b8bc218e43badf2e813dbf0ffa48ba45b 834020 sendmail-doc_8.14.3-9.1_all.deb
2b1f866d2d37b49239bccfbdd12b57f7be0203a75ba6642a6642faa0a0035b51 206780 sendmail_8.14.3-9.1_all.deb
8e9ac2fc81616d68030482c917d7f2b78fb8daa763be1cec274b7a23af3b2c90 359116 sendmail-base_8.14.3-9.1_all.deb
f4b3b04f69622e7346386c063288e13d4c6b3db3ed1dd065e445978cf8c04390 295718 sendmail-cf_8.14.3-9.1_all.deb
7c9785d98b7f05534e736fa56f9286ef533102b0c83e741589edebd125e787e5 928230 sendmail-bin_8.14.3-9.1_i386.deb
b62036aa259285a462817365b3a0c3cda37bea856f469ce033f6d4c392f536d9 243756 rmail_8.14.3-9.1_i386.deb
407a8c70059a632981c9d6d0cf949310262b9dc8287ff3ee6f4afe5d6a51081b 214914 sensible-mda_8.14.3-9.1_i386.deb
1dcb654ea320ff513194867b7a466c63293d57afdcbe8c44bed1d4b883e31405 236018 libmilter1.0.1_8.14.3-9.1_i386.deb
cde83067d9f6f326bc4432d7d2f17cd491e455c6f73f17cfefb02e1d9209886b 253254 libmilter1.0.1-dbg_8.14.3-9.1_i386.deb
f0e4f9b754c8fb21e785a0dab623867c646059fcd4b581b14d673d9f84792a24 319152 libmilter-dev_8.14.3-9.1_i386.deb
Files:
152f8d906528afa27654ced49ec3fef1 1491 mail extra sendmail_8.14.3-9.1.dsc
4ac32b7b84963e9ce376df496f3ecf3c 470567 mail extra sendmail_8.14.3-9.1.diff.gz
de42f34e0e0558fe8219dee5373fa8c0 834020 doc extra sendmail-doc_8.14.3-9.1_all.deb
ee8b98d9e459a56e740123a2fcb45737 206780 mail extra sendmail_8.14.3-9.1_all.deb
90d7ded128227fd847bbff43d1419a6d 359116 mail extra sendmail-base_8.14.3-9.1_all.deb
474cfe95387b6a79fadae50e50ffe65c 295718 mail extra sendmail-cf_8.14.3-9.1_all.deb
121d8080b9205cc5ed4dcf612b97f2a7 928230 mail extra sendmail-bin_8.14.3-9.1_i386.deb
2fc1b40c43d0100889c91ec2caf201c3 243756 mail extra rmail_8.14.3-9.1_i386.deb
223b2a571c373fe8e618462e8d9caf4d 214914 mail extra sensible-mda_8.14.3-9.1_i386.deb
2023bcaab629adefcdad1cb5993e6029 236018 libs extra libmilter1.0.1_8.14.3-9.1_i386.deb
d441835273160200070b0d29a50e37b3 253254 libs extra libmilter1.0.1-dbg_8.14.3-9.1_i386.deb
125df087a17596ee8c905a0240157f5f 319152 libdevel extra libmilter-dev_8.14.3-9.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkti4oYACgkQNxpp46476apRnwCfSsR+9cqyEHZJotKH995ya/MJ
loQAnRzGpU0gNX8jA/RBvjaIkU0emSL2
=LYJ7
-----END PGP SIGNATURE-----
Reply sent
to Giuseppe Iuculano <iuculano@debian.org>:
You have taken responsibility.
(Sun, 31 Jan 2010 20:00:15 GMT) (full text, mbox, link).
Notification sent
to Giuseppe Iuculano <iuculano@debian.org>:
Bug acknowledged by developer.
(Sun, 31 Jan 2010 20:00:15 GMT) (full text, mbox, link).
Message #31 received at 564581-close@bugs.debian.org (full text, mbox, reply):
Source: sendmail
Source-Version: 8.14.3-5+lenny1
We believe that the bug you reported is fixed in the latest version of
sendmail, which is due to be installed in the Debian FTP archive:
libmilter-dev_8.14.3-5+lenny1_i386.deb
to main/s/sendmail/libmilter-dev_8.14.3-5+lenny1_i386.deb
libmilter1.0.1-dbg_8.14.3-5+lenny1_i386.deb
to main/s/sendmail/libmilter1.0.1-dbg_8.14.3-5+lenny1_i386.deb
libmilter1.0.1_8.14.3-5+lenny1_i386.deb
to main/s/sendmail/libmilter1.0.1_8.14.3-5+lenny1_i386.deb
rmail_8.14.3-5+lenny1_i386.deb
to main/s/sendmail/rmail_8.14.3-5+lenny1_i386.deb
sendmail-base_8.14.3-5+lenny1_all.deb
to main/s/sendmail/sendmail-base_8.14.3-5+lenny1_all.deb
sendmail-bin_8.14.3-5+lenny1_i386.deb
to main/s/sendmail/sendmail-bin_8.14.3-5+lenny1_i386.deb
sendmail-cf_8.14.3-5+lenny1_all.deb
to main/s/sendmail/sendmail-cf_8.14.3-5+lenny1_all.deb
sendmail-doc_8.14.3-5+lenny1_all.deb
to main/s/sendmail/sendmail-doc_8.14.3-5+lenny1_all.deb
sendmail_8.14.3-5+lenny1.diff.gz
to main/s/sendmail/sendmail_8.14.3-5+lenny1.diff.gz
sendmail_8.14.3-5+lenny1.dsc
to main/s/sendmail/sendmail_8.14.3-5+lenny1.dsc
sendmail_8.14.3-5+lenny1_all.deb
to main/s/sendmail/sendmail_8.14.3-5+lenny1_all.deb
sensible-mda_8.14.3-5+lenny1_i386.deb
to main/s/sendmail/sensible-mda_8.14.3-5+lenny1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 564581@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <iuculano@debian.org> (supplier of updated sendmail package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 29 Jan 2010 14:52:12 +0100
Source: sendmail
Binary: sendmail-bin rmail sensible-mda libmilter1.0.1 libmilter1.0.1-dbg libmilter-dev sendmail-doc sendmail sendmail-base sendmail-cf
Architecture: source all i386
Version: 8.14.3-5+lenny1
Distribution: stable-security
Urgency: high
Maintainer: Richard A Nelson (Rick) <cowboy@debian.org>
Changed-By: Giuseppe Iuculano <iuculano@debian.org>
Description:
libmilter-dev - Sendmail Mail Filter API (Milter)
libmilter1.0.1 - Sendmail Mail Filter API (Milter)
libmilter1.0.1-dbg - Sendmail Mail Filter API (Milter)
rmail - MTA->UUCP remote mail handler
sendmail - powerful, efficient, and scalable Mail Transport Agent
sendmail-base - powerful, efficient, and scalable Mail Transport Agent
sendmail-bin - powerful, efficient, and scalable Mail Transport Agent
sendmail-cf - powerful, efficient, and scalable Mail Transport Agent
sendmail-doc - powerful, efficient, and scalable Mail Transport Agent
sensible-mda - Mail Delivery Agent wrapper
Closes: 564581
Changes:
sendmail (8.14.3-5+lenny1) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fixed CVE-2009-4565: incorrect verification of SSL certificate with NUL in
name (Closes: #564581)
Checksums-Sha1:
37d78e26be850e8be6c60804b0ad207edaf92a64 1504 sendmail_8.14.3-5+lenny1.dsc
89baf7d1512ee9e8d60d69f19501c23b46711f98 2060171 sendmail_8.14.3.orig.tar.gz
71fe99cbc21385348afaf46ab62ceb7eb3e34062 362573 sendmail_8.14.3-5+lenny1.diff.gz
1309f96608d6bcbf014f9c928e032a94b2be19d4 833618 sendmail-doc_8.14.3-5+lenny1_all.deb
d0e61b0c5a0162429d5d37a011d5c6aa1cf396c3 206546 sendmail_8.14.3-5+lenny1_all.deb
2e2cab94f727e81fef7d7f53334f6a7dbbdfbec4 358922 sendmail-base_8.14.3-5+lenny1_all.deb
1f3ca25b9f2a289b7ce9a73fb8193422beb7e4d1 295472 sendmail-cf_8.14.3-5+lenny1_all.deb
402c91361df6d8b3e227b81a0d9d236e78437eac 927790 sendmail-bin_8.14.3-5+lenny1_i386.deb
a1f7eb266a7fe4038790590d8c15657b4bea4f4e 243262 rmail_8.14.3-5+lenny1_i386.deb
01e1eead19a35b35fd41b27ecb7a9bfd59e5aae3 214498 sensible-mda_8.14.3-5+lenny1_i386.deb
4ca15d2812826667ceb7314ea960c40889cf053e 235632 libmilter1.0.1_8.14.3-5+lenny1_i386.deb
e5dbe96ed12398b49b4b04ab47a3561a830790aa 253198 libmilter1.0.1-dbg_8.14.3-5+lenny1_i386.deb
0830c2675e2bb569dedd1035b9d45d1c4ac396d4 318478 libmilter-dev_8.14.3-5+lenny1_i386.deb
Checksums-Sha256:
87a50d10ebe1b991f7b9df348612b9b18a0755c40ea3ee01a3f7389db77b60e9 1504 sendmail_8.14.3-5+lenny1.dsc
c3f4110a647186e74243c9ca390b11d323aecaa21b8cde642e3c965c31db80c5 2060171 sendmail_8.14.3.orig.tar.gz
d6cf8a1d1fb3149f52b5778d547e4c5c5d78c4d0529e157da5a95d94d3b9b460 362573 sendmail_8.14.3-5+lenny1.diff.gz
543cfe09ebe72cea64190a7900f53219805d8dc4f7d6c06234475e1e6527ecc7 833618 sendmail-doc_8.14.3-5+lenny1_all.deb
fd7cda3ebf7380ff35f6b5d89c32afe425439d480880f79439fda298cfcaded3 206546 sendmail_8.14.3-5+lenny1_all.deb
f7a748a12a0d49fe3fc644797e61670e70656fcab520f002d2ea397c8e53531a 358922 sendmail-base_8.14.3-5+lenny1_all.deb
25505dedcb89fd6addab87c7529abcfe82a8b557f374b1dd549a91f14d65cb38 295472 sendmail-cf_8.14.3-5+lenny1_all.deb
dee26aa66a4f9d053697208d918d1ee2c3f51488a8ae2a835ed2cf55bdf3fd4d 927790 sendmail-bin_8.14.3-5+lenny1_i386.deb
867992920d6387598c56b43c5d2fda75accb9e06c96e70a6ca2e39a5fcb26b9e 243262 rmail_8.14.3-5+lenny1_i386.deb
5d706cc3d6b0a7061bbb0219e20c31ce343d97080c69c6d85c6bdd17c6a7a80a 214498 sensible-mda_8.14.3-5+lenny1_i386.deb
ec4f7793bb40a8bf8ee9c050af96838c137dd68bd5b38f0f68e5c090c68ef01c 235632 libmilter1.0.1_8.14.3-5+lenny1_i386.deb
351e436ad85040e22c0d1b288b436533891bc460e75ee22373f6341b1566bee6 253198 libmilter1.0.1-dbg_8.14.3-5+lenny1_i386.deb
d809441ab5fbee971e04fbb7d92dfd1ebc8a90c609663741d94ca741f1fd366d 318478 libmilter-dev_8.14.3-5+lenny1_i386.deb
Files:
39619f499cdbace73edd78894b931e43 1504 mail extra sendmail_8.14.3-5+lenny1.dsc
3476e9655ba95842bee96753c992b99b 2060171 mail extra sendmail_8.14.3.orig.tar.gz
483a8842d3d1f16362dc88f46316ae06 362573 mail extra sendmail_8.14.3-5+lenny1.diff.gz
1e86303b48590dfbc200e4ccfc9a1dc9 833618 doc extra sendmail-doc_8.14.3-5+lenny1_all.deb
d40fde3590704b097ca683e70ec3227f 206546 mail extra sendmail_8.14.3-5+lenny1_all.deb
b444f7633b213d8cbbb68d6f88bb116c 358922 mail extra sendmail-base_8.14.3-5+lenny1_all.deb
a881efa0de975702900734bceab7ffb6 295472 mail extra sendmail-cf_8.14.3-5+lenny1_all.deb
e673ebdb9bb42f7af22eabd26cd47314 927790 mail extra sendmail-bin_8.14.3-5+lenny1_i386.deb
39e5329ec1fc4e0daabbf06c6934c038 243262 mail extra rmail_8.14.3-5+lenny1_i386.deb
35567466e98b5cd66540915448e11cf3 214498 mail extra sensible-mda_8.14.3-5+lenny1_i386.deb
f7facff44a046aca0fda6b71634af2c1 235632 libs extra libmilter1.0.1_8.14.3-5+lenny1_i386.deb
62916ef56fb537fe01a74549dccce69f 253198 libs extra libmilter1.0.1-dbg_8.14.3-5+lenny1_i386.deb
4d8db5fbb1babd56b13773d657aeecdb 318478 libdevel extra libmilter-dev_8.14.3-5+lenny1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkti608ACgkQNxpp46476aoVawCaAjusCeDYhbTGt38YaVpiZJLW
/okAnRFI02X2dkUkCs5euV7IVCU9D3Rj
=vjML
-----END PGP SIGNATURE-----
Reply sent
to Giuseppe Iuculano <iuculano@debian.org>:
You have taken responsibility.
(Thu, 18 Feb 2010 08:06:07 GMT) (full text, mbox, link).
Notification sent
to Giuseppe Iuculano <iuculano@debian.org>:
Bug acknowledged by developer.
(Thu, 18 Feb 2010 08:06:07 GMT) (full text, mbox, link).
Message #36 received at 564581-close@bugs.debian.org (full text, mbox, reply):
Source: sendmail
Source-Version: 8.13.8-3+etch4
We believe that the bug you reported is fixed in the latest version of
sendmail, which is due to be installed in the Debian FTP archive:
libmilter-dev_8.13.8-3+etch4_i386.deb
to main/s/sendmail/libmilter-dev_8.13.8-3+etch4_i386.deb
libmilter0-dbg_8.13.8-3+etch4_i386.deb
to main/s/sendmail/libmilter0-dbg_8.13.8-3+etch4_i386.deb
libmilter0_8.13.8-3+etch4_i386.deb
to main/s/sendmail/libmilter0_8.13.8-3+etch4_i386.deb
rmail_8.13.8-3+etch4_i386.deb
to main/s/sendmail/rmail_8.13.8-3+etch4_i386.deb
sendmail-base_8.13.8-3+etch4_all.deb
to main/s/sendmail/sendmail-base_8.13.8-3+etch4_all.deb
sendmail-bin_8.13.8-3+etch4_i386.deb
to main/s/sendmail/sendmail-bin_8.13.8-3+etch4_i386.deb
sendmail-cf_8.13.8-3+etch4_all.deb
to main/s/sendmail/sendmail-cf_8.13.8-3+etch4_all.deb
sendmail-doc_8.13.8-3+etch4_all.deb
to main/s/sendmail/sendmail-doc_8.13.8-3+etch4_all.deb
sendmail_8.13.8-3+etch4.diff.gz
to main/s/sendmail/sendmail_8.13.8-3+etch4.diff.gz
sendmail_8.13.8-3+etch4.dsc
to main/s/sendmail/sendmail_8.13.8-3+etch4.dsc
sendmail_8.13.8-3+etch4_all.deb
to main/s/sendmail/sendmail_8.13.8-3+etch4_all.deb
sensible-mda_8.13.8-3+etch4_i386.deb
to main/s/sendmail/sensible-mda_8.13.8-3+etch4_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 564581@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <iuculano@debian.org> (supplier of updated sendmail package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 30 Jan 2010 18:10:23 +0100
Source: sendmail
Binary: libmilter-dev rmail sendmail sendmail-doc libmilter0 sendmail-cf sensible-mda libmilter0-dbg sendmail-base sendmail-bin
Architecture: source all i386
Version: 8.13.8-3+etch4
Distribution: oldstable-security
Urgency: high
Maintainer: Richard A Nelson (Rick) <cowboy@debian.org>
Changed-By: Giuseppe Iuculano <iuculano@debian.org>
Description:
libmilter-dev - Sendmail Mail Filter API (Milter)
libmilter0 - Sendmail Mail Filter API (Milter)
libmilter0-dbg - Sendmail Mail Filter API (Milter)
rmail - MTA->UUCP remote mail handler
sendmail - powerful, efficient, and scalable Mail Transport Agent
sendmail-base - powerful, efficient, and scalable Mail Transport Agent
sendmail-bin - powerful, efficient, and scalable Mail Transport Agent
sendmail-cf - powerful, efficient, and scalable Mail Transport Agent
sendmail-doc - powerful, efficient, and scalable Mail Transport Agent
sensible-mda - Mail Delivery Agent wrapper
Closes: 564581
Changes:
sendmail (8.13.8-3+etch4) oldstable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fixed CVE-2009-4565: incorrect verification of SSL certificate with NUL in
name (Closes: #564581)
Files:
5252fa5d6c477d90f9474f999035f959 949 mail extra sendmail_8.13.8-3+etch4.dsc
bcdd005ae02fdb0ecef2d6b21ac44e5d 1995868 mail extra sendmail_8.13.8.orig.tar.gz
db03c2498a360f4da02be0e44facca57 369120 mail extra sendmail_8.13.8-3+etch4.diff.gz
466aaa8a9cf452943549a3403f869df9 698342 doc extra sendmail-doc_8.13.8-3+etch4_all.deb
2557652c4c66c3db1f1467272b1c0dfc 196848 mail extra sendmail_8.13.8-3+etch4_all.deb
8636e42323c07d63fd145cd5329d09b1 345118 mail extra sendmail-base_8.13.8-3+etch4_all.deb
65ef6467d6c85ef90f8e1bb9a0ce3eef 284068 mail extra sendmail-cf_8.13.8-3+etch4_all.deb
d0e8b06dbfe54a312dce8c49c35fccbb 830184 mail extra sendmail-bin_8.13.8-3+etch4_i386.deb
8f497b7372c3d0138326869aac7f6092 227812 mail extra rmail_8.13.8-3+etch4_i386.deb
3cb4995e95000339fa091cdff80a8571 202390 mail extra sensible-mda_8.13.8-3+etch4_i386.deb
405f1653150b3779525faaedf5e483c3 258810 libs extra libmilter0_8.13.8-3+etch4_i386.deb
25962ad5d0475e05ef61daf754c43492 196358 libs extra libmilter0-dbg_8.13.8-3+etch4_i386.deb
b2304bc7e4180865d044c98e021c055f 292662 libdevel extra libmilter-dev_8.13.8-3+etch4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAktkai8ACgkQNxpp46476arFdQCeKMKeVpZqOktTu8aOQgl1pWyW
GOMAoJEaFdbyMMruXWDz9XTI6nWF7vMs
=7opB
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 27 Jun 2010 07:41:56 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:40:48 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon