Debian Bug report logs -
#882671
exim4: CVE-2017-16944: handles BDAT data incorrectly and leads to crash
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#882671; Package src:exim4.
(Sat, 25 Nov 2017 14:15:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>.
(Sat, 25 Nov 2017 14:15:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: exim4
Version: 4.89-1
Severity: grave
Tags: security upstream
Forwarded: https://bugs.exim.org/show_bug.cgi?id=2201
Hi
Filling as well the second issue in the Debian BTS to have a Debian
BTS reference, related to
https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
and #882648.
Upstream report: https://bugs.exim.org/show_bug.cgi?id=2201
Regards,
Salvatore
Changed Bug title to 'exim4: CVE-2017-16944: handles BDAT data incorrectly and leads to crash' from 'exim4: handles BDAT data incorrectly and leads to crash'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Sat, 25 Nov 2017 18:21:06 GMT) (full text, mbox, link).
Reply sent
to Andreas Metzler <ametzler@debian.org>:
You have taken responsibility.
(Wed, 29 Nov 2017 19:06:08 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Wed, 29 Nov 2017 19:06:09 GMT) (full text, mbox, link).
Message #12 received at 882671-close@bugs.debian.org (full text, mbox, reply):
Source: exim4
Source-Version: 4.89-13
We believe that the bug you reported is fixed in the latest version of
exim4, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 882671@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Metzler <ametzler@debian.org> (supplier of updated exim4 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 29 Nov 2017 19:30:37 +0100
Source: exim4
Binary: exim4-base exim4-config exim4-daemon-light exim4 exim4-daemon-heavy eximon4 exim4-dev
Architecture: source
Version: 4.89-13
Distribution: unstable
Urgency: high
Maintainer: Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>
Changed-By: Andreas Metzler <ametzler@debian.org>
Closes: 882671
Description:
exim4-base - support files for all Exim MTA (v4) packages
exim4-config - configuration for the Exim MTA (v4)
exim4-daemon-heavy - Exim MTA (v4) daemon with extended features, including exiscan-ac
exim4-daemon-light - lightweight Exim MTA (v4) daemon
exim4-dev - header files for the Exim MTA (v4) packages
exim4 - metapackage to ease Exim MTA (v4) installation
eximon4 - monitor application for the Exim MTA (v4) (X11 interface)
Changes:
exim4 (4.89-13) unstable; urgency=high
.
* 75_fixes_21-Chunking-do-not-treat-the-first-lonely-dot-special.-.patch
from exim-4_89+fixes branch. Closes: #882671 CVE-2017-16944
Checksums-Sha1:
ee0048764d373fd0f55285fccb8375ef2daf4a11 2837 exim4_4.89-13.dsc
549c3ff6cbf22705744816d6ba2905a5e2019784 473100 exim4_4.89-13.debian.tar.xz
Checksums-Sha256:
5bc380b15a39ea7c14a1b09f4f9964f8bc0d82d402931cd155e65691aee76f5f 2837 exim4_4.89-13.dsc
10941079c61bb2fa6aeb500749f7dde8ed208eaccbbfbc0878753915af4196c3 473100 exim4_4.89-13.debian.tar.xz
Files:
beb78a1611f2b1d672468f794e55b123 2837 mail standard exim4_4.89-13.dsc
d6e016f01c3ef10c5c248c6cfdd4b4a1 473100 mail standard exim4_4.89-13.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAloe/ygACgkQpU8BhUOC
FIQf9xAAl9hS4o4mTI4ZwYPa5/zneXLRiogT28QvOhnLn1T3UQ0k3s0A0anFUi/S
Sf0ZG00LxBTsrTDQLVxc9OCstpEYc9iwa/+vVS9q1Uy8P/MmjFg1rg12rvjTH8KM
WlIagXdBkh0vSvJv4BgJvnbY3woKBG9r5LrbB24ewqfRuYQhO5B7qoMWY4Q7IU+c
YhfF4ietBKpsAYYc+lrCiSotg2gw0mXl2MrQD6pWC4iv9ci9CRyAHhwI0PdHya6T
0rpHV97KQPv7K8bLwsy9vBtHCuMs+R2pLiQpYTd7Ymc6Kbevef2eT684JmYTxVL8
EX9CR/ireHOT7BA5kWVAT+VeY4+MyVHOWOTvYmYvs2bzRcKD3QYOgQypPtzWNsO4
+MACGbZBgIMxPR6AAWM7m+46GjxxyNFHO/lD/G0jDjkzAUE0gqGoOTeof3BNtuOF
J6yulxegUSv0BZ+bfv83elIn+y+gIHREiICv79pKwlUf4X65mudxelVIrOS9Fkl0
L74yiRhb/j87XQcbfI1/IEEIXZQIe8n8WMw2BCJmLw3Jkmzs8aMHuIgFf7b7TBpC
8C5FUkTiHJHwIGUkGyQd558cb+YNY8Nkt59K0ROhrokNRh8SECsEStrzt60nTxp9
SePTflF6HpHLO7lBpzz+xMS3upEZQeIaO6WY378shBM7o84VNTw=
=T2te
-----END PGP SIGNATURE-----
Reply sent
to Andreas Metzler <ametzler@debian.org>:
You have taken responsibility.
(Fri, 01 Dec 2017 18:36:06 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Fri, 01 Dec 2017 18:36:06 GMT) (full text, mbox, link).
Message #17 received at 882671-close@bugs.debian.org (full text, mbox, reply):
Source: exim4
Source-Version: 4.90~RC3-1
We believe that the bug you reported is fixed in the latest version of
exim4, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 882671@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Metzler <ametzler@debian.org> (supplier of updated exim4 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 01 Dec 2017 19:14:08 +0100
Source: exim4
Binary: exim4-base exim4-config exim4-daemon-light exim4 exim4-daemon-heavy eximon4 exim4-dev
Architecture: source
Version: 4.90~RC3-1
Distribution: experimental
Urgency: medium
Maintainer: Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>
Changed-By: Andreas Metzler <ametzler@debian.org>
Closes: 882648 882671
Description:
exim4-base - support files for all Exim MTA (v4) packages
exim4-config - configuration for the Exim MTA (v4)
exim4-daemon-heavy - Exim MTA (v4) daemon with extended features, including exiscan-ac
exim4-daemon-light - lightweight Exim MTA (v4) daemon
exim4-dev - header files for the Exim MTA (v4) packages
exim4 - metapackage to ease Exim MTA (v4) installation
eximon4 - monitor application for the Exim MTA (v4) (X11 interface)
Changes:
exim4 (4.90~RC3-1) experimental; urgency=medium
.
* New upstream version.
+ Fix a use-after-free while reading smtp input for header lines.
A crafted sequence of BDAT commands could result in in-use memory
being freed. CVE-2017-16943. Closes: #882648
+ Fix checking for leading-dot on a line during headers reading
from SMTP input. Previously it was always done; now only done for
DATA and not BDAT commands. CVE-2017-16944 Closes: #882671
* Drop 78_Disable-chunking-BDAT-by-default.patch again.
Checksums-Sha1:
680ae709d49dd5ac685fc0f3c973b41114e04530 2873 exim4_4.90~RC3-1.dsc
494411dda22e8e3c1b40c33b1f4a769465242413 1714872 exim4_4.90~RC3.orig.tar.xz
e088699320ded2ec4f0e1d50501eb71e85ee0956 455 exim4_4.90~RC3.orig.tar.xz.asc
26cf3ddb1b110d56530d420d971646b02e9fa605 447176 exim4_4.90~RC3-1.debian.tar.xz
Checksums-Sha256:
f9f0857b5ce76d888085448e060fbceee41685fd3014fbf7f78214b39b4d7b38 2873 exim4_4.90~RC3-1.dsc
cf3066564b1ddff84beb2f25d3c86d6e04c0d5800e6e4b8bff7997fcf5f00d37 1714872 exim4_4.90~RC3.orig.tar.xz
c946c925b6bd304f132a4692d7b5a38de0e0ff091bc06d70d9b9ee21759b0819 455 exim4_4.90~RC3.orig.tar.xz.asc
d9666555628707c4f0b6bb21587064aece1a33beeb1ebf1cca97365b2482b812 447176 exim4_4.90~RC3-1.debian.tar.xz
Files:
4e0187178dee1909fe90c5b50fb04ffd 2873 mail standard exim4_4.90~RC3-1.dsc
aa2faa39328bcf12c87c59cac711873c 1714872 mail standard exim4_4.90~RC3.orig.tar.xz
c8bb028dba04df83920530c713aa77ad 455 mail standard exim4_4.90~RC3.orig.tar.xz.asc
b89f8fed22d29fbec23d5c2c96bc065b 447176 mail standard exim4_4.90~RC3-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAlohncQACgkQpU8BhUOC
FISuCQ/+PboMoF5sXibXpVrF2oMSZreoJZ/+VeFoiA3mxn/OssXNEqfDhh4TI6/9
a0ykdVF9ThDBFmXaPB232b1J5symQQV1YJBXcgFF4PMaLySyNtakqG6GG0WdJssK
DDNqAyYhzboi9NCrRYUp5xVbfMlBIjwuO/TtA/DSKwJEwNGwVDrEUImO5On2P7ZX
qx4kVYyQY0vBTIQAe5FNU16et9W80aOyKPcv4GjYBLuIqWftcnAXljF2udTzWqI5
rXr280LwLjt+XwFRtoVOfmkdqWYmJxGnu76UV3URGcplg3MhKK6lFVEvkWzI2U61
M5j8tJ08aFRzfGAXnk3G8Ke5YltFuZ8HhQLdLjrhmECsXzrSr5U5A2BB2b6GJXuE
veIBwsSIsejl6DdwvFQsN1hKLvBEHTOxwrycxoNPH8waRxlsFGiZF67byfyAty9r
Qz7xMhph+XVWa6EWKb8CBgRYEN/7MHKZDQ4FYrXOBXn0C0Eh/yHjOrZMgGbzjDhi
FiJx7pZcdcFnsRbvOjE++7/U5mKuHRRHss3qee3587MniU6GgFtbS7Qp3T1C3K5x
hFE+mV1F95TE8DZfx5oUYSu/XW7i1NfvD7ybLIfsjasxtlIoCfLKnFipMbyNUewW
t5jf4isB/ulqnDKBvI6dqL4eBUjgEWphwEVI2XKjo/y1B8iAYiA=
=zHLn
-----END PGP SIGNATURE-----
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Sat, 02 Dec 2017 19:33:26 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sat, 02 Dec 2017 19:33:26 GMT) (full text, mbox, link).
Message #22 received at 882671-close@bugs.debian.org (full text, mbox, reply):
Source: exim4
Source-Version: 4.89-2+deb9u2
We believe that the bug you reported is fixed in the latest version of
exim4, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 882671@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated exim4 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 28 Nov 2017 22:58:00 +0100
Source: exim4
Binary: exim4-base exim4-config exim4-daemon-light exim4 exim4-daemon-heavy eximon4 exim4-dbg exim4-daemon-light-dbg exim4-daemon-heavy-dbg exim4-dev
Architecture: source
Version: 4.89-2+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 882648 882671
Description:
exim4 - metapackage to ease Exim MTA (v4) installation
exim4-base - support files for all Exim MTA (v4) packages
exim4-config - configuration for the Exim MTA (v4)
exim4-daemon-heavy - Exim MTA (v4) daemon with extended features, including exiscan-ac
exim4-daemon-heavy-dbg - debugging symbols for the Exim MTA "heavy" daemon
exim4-daemon-light - lightweight Exim MTA (v4) daemon
exim4-daemon-light-dbg - debugging symbols for the Exim MTA "light" daemon
exim4-dbg - debugging symbols for the Exim MTA (utilities)
exim4-dev - header files for the Exim MTA (v4) packages
eximon4 - monitor application for the Exim MTA (v4) (X11 interface)
Changes:
exim4 (4.89-2+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Avoid release of store if there have been later allocations
(CVE-2017-16943) (Closes: #882648)
* Chunking: do not treat the first lonely dot special (CVE-2017-16944)
(Closes: #882671)
Checksums-Sha1:
204634dbf28f510e00fb56926801fd81b64317c1 2973 exim4_4.89-2+deb9u2.dsc
a2acd71e491f5f7329bad6ed99a9f19af2b8195f 449560 exim4_4.89-2+deb9u2.debian.tar.xz
Checksums-Sha256:
2b6bcf331020f22936fb5f77f874b6a4b8bb972a69662be75b9ce0e5a9b004b6 2973 exim4_4.89-2+deb9u2.dsc
4807209496800f2ff4e1106ba96b8d4ea62915c018ec449eb02f909023d351c1 449560 exim4_4.89-2+deb9u2.debian.tar.xz
Files:
6cfac34055291c55d36d46301fadc259 2973 mail standard exim4_4.89-2+deb9u2.dsc
c66cd7c11e08e0cd22899110ed62eb94 449560 mail standard exim4_4.89-2+deb9u2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlod3VdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EOaEP/0BMk1ORcxvy1GdzcnEkTpeVqmlEzFRu
4+3LP295RquXN8EfstrSeK9++gO+BEVR7RyO9ATBWrLpYs7+ltJPDkF8lccCZpHu
FFj9yLgpG0n8trCuZXvzeNiMI5v80OSOkAz+EBhufG9LytPweapUVO/NtgOF8T+8
lJx0OqBwciVNQnV5ZftSGWG3L4GRkziLASEf1h4dLILjCgWvNfWyA+dIJWHjKLgS
EYtJ8UwwpUnofhcDhLfT3rReGoVZ7o0xr60QkDIRQtJ8F/ZC+FQVjisQ19mBlUvm
XpxwPJz3Rr5dIaJZrlV0wk5F41Mwvan8sCaysmBnf6OxB6UvlK3dXvSv3pZ57vw6
TJogs/9XGbn7pex0/ET7AmmAIIT01XkakaVuJ1usLb4u7OyoK7qgik/+fvgFnUlC
yEvv8IDQPWiAXFF/qITMXgAwrHk+033/V/JTN2FnDrnzf+HpXnT0n6xP4jOl7l23
vg0MDmQPPlkRccN3ZOqWAt4UnM2xhVaaYacL0P6KMr7Egxw4QBwbY38pfPajDh4e
Zp6mnYLVcnJ17O2NWIAU92nnRIHoRrvPdnOxiBGcIYeLXHePfFIWlc7k3Xe5t4JC
vX5jqmllHAPTLldNL8xLA0H++r5BKIrUDg+GIgv4+l3u7YHcXnE4yIfQEvD/qTnT
9k4+pghzboqr
=G9Rh
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 31 Dec 2017 07:32:16 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:06:22 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon