Debian Bug report logs - #695139
bogofilter-common: CVE-2012-5468

version graph

Package: bogofilter-common; Maintainer for bogofilter-common is Serafeim Zanikolas <sez@debian.org>; Source for bogofilter-common is src:bogofilter.

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Tue, 4 Dec 2012 15:21:02 UTC

Severity: grave

Tags: security

Found in versions bogofilter/1.2.2-2, bogofilter/1.2.2+dfsg1-1

Fixed in versions bogofilter/1.2.2+dfsg1-2, bogofilter/1.2.2-2+squeeze1

Done: Serafeim Zanikolas <sez@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Serafeim Zanikolas <sez@debian.org>:
Bug#695139; Package bogofilter-common. (Tue, 04 Dec 2012 15:21:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Serafeim Zanikolas <sez@debian.org>. (Tue, 04 Dec 2012 15:21:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: bogofilter-common: CVE-2012-5468
Date: Tue, 04 Dec 2012 16:16:05 +0100
Package: bogofilter-common
Severity: grave
Tags: security
Justification: user security hole

Please see http://bogofilter.sourceforge.net/security/bogofilter-SA-2012-01
for details.

Patch:
http://bogofilter.svn.sourceforge.net/viewvc/bogofilter/trunk/bogofilter/src/iconvert.c?view=patch&r1=6973&r2=6972&pathrev=6973

Please upload an isolated fix to unstable and ask the release managers for
an unblock.

Cheers,
        Moritz



Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#695139; Package bogofilter-common. (Tue, 04 Dec 2012 15:27:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Serafeim Zanikolas <sez@debian.org>:
Extra info received and forwarded to list. (Tue, 04 Dec 2012 15:27:03 GMT) Full text and rfc822 format available.

Message #10 received at 695139@bugs.debian.org (full text, mbox):

From: Serafeim Zanikolas <sez@debian.org>
To: Moritz Muehlenhoff <jmm@inutil.org>, 695139@bugs.debian.org
Subject: Re: Bug#695139: bogofilter-common: CVE-2012-5468
Date: Tue, 4 Dec 2012 16:23:26 +0100
On Tue, Dec 04, 2012 at 04:16:05PM +0100, Moritz Muehlenhoff wrote:
> Package: bogofilter-common
> Severity: grave
> Tags: security
[..]
> Please upload an isolated fix to unstable and ask the release managers for
> an unblock.

I have it in mind for tonight, thanks.

-- 
Every great idea is worthless without someone to do the work. --Neil Williams



Reply sent to Serafeim Zanikolas <sez@debian.org>:
You have taken responsibility. (Tue, 04 Dec 2012 20:51:03 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Tue, 04 Dec 2012 20:51:03 GMT) Full text and rfc822 format available.

Message #15 received at 695139-close@bugs.debian.org (full text, mbox):

From: Serafeim Zanikolas <sez@debian.org>
To: 695139-close@bugs.debian.org
Subject: Bug#695139: fixed in bogofilter 1.2.2+dfsg1-2
Date: Tue, 04 Dec 2012 20:47:52 +0000
Source: bogofilter
Source-Version: 1.2.2+dfsg1-2

We believe that the bug you reported is fixed in the latest version of
bogofilter, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 695139@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Serafeim Zanikolas <sez@debian.org> (supplier of updated bogofilter package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 04 Dec 2012 20:08:50 +0100
Source: bogofilter
Binary: bogofilter bogofilter-bdb bogofilter-sqlite bogofilter-tokyocabinet bogofilter-common
Architecture: source i386 all
Version: 1.2.2+dfsg1-2
Distribution: unstable
Urgency: high
Maintainer: Serafeim Zanikolas <sez@debian.org>
Changed-By: Serafeim Zanikolas <sez@debian.org>
Description: 
 bogofilter - fast Bayesian spam filter (dummy package)
 bogofilter-bdb - fast Bayesian spam filter (Berkeley DB)
 bogofilter-common - fast Bayesian spam filter (common files)
 bogofilter-sqlite - fast Bayesian spam filter (sqlite)
 bogofilter-tokyocabinet - fast Bayesian spam filter (tokyocabinet)
Closes: 695139
Changes: 
 bogofilter (1.2.2+dfsg1-2) unstable; urgency=high
 .
   * Cherry-pick fix and test for CVE-2012-5468 (aka bogofilter-SA-2012-01)
     from upstream release 1.2.3. Setting urgency to high. closes: #695139.
Checksums-Sha1: 
 a3465b99b8f0876bede4de556f3dce1eb90d2b18 2152 bogofilter_1.2.2+dfsg1-2.dsc
 0c368b915f6f16f8fcc33b3a7d53df94340919d1 18785 bogofilter_1.2.2+dfsg1-2.debian.tar.gz
 8f64f40b9fee49f7417b1e5ab81c216fac7d9548 966 bogofilter_1.2.2+dfsg1-2_i386.deb
 41d8b002ac12c81e2279cac96dfa452b157fe92d 266926 bogofilter-bdb_1.2.2+dfsg1-2_i386.deb
 ae06154fa83b53379029359d1195e94e029eba4c 226544 bogofilter-sqlite_1.2.2+dfsg1-2_i386.deb
 dcd1824598b700ac5386617401fd76c531dfe8a1 220360 bogofilter-tokyocabinet_1.2.2+dfsg1-2_i386.deb
 d0dc7cdb8b97d5b5a7955cc1619c9dc282246d76 193898 bogofilter-common_1.2.2+dfsg1-2_all.deb
Checksums-Sha256: 
 66ed4af78bb197dee6a97dfa8e88c609af4ddccdd8e9c7ea698bb632d79c352c 2152 bogofilter_1.2.2+dfsg1-2.dsc
 130b327ef04484dc9b72c60407267fd0f63e49e3c9e5445d74b41192b8511ae6 18785 bogofilter_1.2.2+dfsg1-2.debian.tar.gz
 e0c5fea32286aa8f15793a8737601b96df6f2a93581e288b5f5bcc311d0fb55e 966 bogofilter_1.2.2+dfsg1-2_i386.deb
 d0d99ba8c49ea2af247a97cf42908a80d98baedbceb6ac3e6bde1e8f581ce7bc 266926 bogofilter-bdb_1.2.2+dfsg1-2_i386.deb
 b95af3f6986278b0d06274b93746b17d9138a5db285c0cfcc119f95b0df396d7 226544 bogofilter-sqlite_1.2.2+dfsg1-2_i386.deb
 98c7a00a0daaf74631bcbd9cac5bc63db65b79efe4dc932154243b19b973acd0 220360 bogofilter-tokyocabinet_1.2.2+dfsg1-2_i386.deb
 c8a5f3107d4a91df1986ced74841a4f3e31bd19e3637285e98ea851b0e88756a 193898 bogofilter-common_1.2.2+dfsg1-2_all.deb
Files: 
 f545386e1fed233cad71740a5aca5080 2152 mail optional bogofilter_1.2.2+dfsg1-2.dsc
 f32862936d526c5fbe5109bd8cc8667d 18785 mail optional bogofilter_1.2.2+dfsg1-2.debian.tar.gz
 e7d48999f5819c66c16f6ce6fac36911 966 mail optional bogofilter_1.2.2+dfsg1-2_i386.deb
 ac354d27facc1fc26d6e43868f37cc5f 266926 mail optional bogofilter-bdb_1.2.2+dfsg1-2_i386.deb
 079b2b174fcbb1bea0adac84d7ea313f 226544 mail extra bogofilter-sqlite_1.2.2+dfsg1-2_i386.deb
 32f8f1853d63ee86bd0065d86866df04 220360 mail extra bogofilter-tokyocabinet_1.2.2+dfsg1-2_i386.deb
 675b61ab706ad4c868320edd01645400 193898 mail optional bogofilter-common_1.2.2+dfsg1-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJQvlngAAoJEE+fbVUO1hIq7jkQAJDxwV/EC4W0wNZMW82s4hUk
NdA5EUnOqqk7LoNcrfF8E1QqngqcaV/SJ7wYpUZ1dWIhxdTqwKDDtTtVaTLvNmIb
R9I465ny+94eMGVwugGhsBgmFVn+UoZrIxa1JME9c2cbAMD1wL4CQgXyDyLXx0Se
l2CVb2Olimwj+GVQSiwA51arWEiQpS67AbS1U+bPcRKkyuVf9nCs94S7FiBPJ87a
PK/1BDPEZFoBQwZHK1JdydYUAxFcRLw0OeAaRnyTUCivXUT80+Ks76Rlt0fEGrU9
ZE4K1TV3W0ikZivC8deTewkezxdHSNUXqJjcGmVgCoTBuL1T2GeFQUHE5DLp5nV6
T6cOgQYzkThJ1w4Q4rKkedwLfoWszqUSfnZIxrS/IuiYNlL6sVhHEeP7uxTRfNNm
eDLoO3iAg7c5tDWjL8pO0ZRtFDhzy7d6v3VPHUiVu+LgCghnb/Mo2Luf1c937H9k
4gg7ZPVfOPU4oG9chHXadOsCi0X6raqV/BbTNGkmUCM4761z8sVI6fVdtg/FOnpf
R7MUMIujQZdlnLebvaJH8L2KVZsLBeF6L8WgF1nKws/kIwJTtKkgWUkbThGde3df
BbFrTsOO1wyfY/ONqR/lZXq9w61Bu3uOE/eDYyTUmbuB4odbK/NQtwzRGqBqeHKv
W9cddumUS2qMP7PrtMzz
=Snge
-----END PGP SIGNATURE-----




Marked as found in versions bogofilter/1.2.2+dfsg1-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Wed, 05 Dec 2012 06:51:03 GMT) Full text and rfc822 format available.

Marked as found in versions bogofilter/1.2.2-2. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Wed, 05 Dec 2012 06:51:04 GMT) Full text and rfc822 format available.

Reply sent to Serafeim Zanikolas <sez@debian.org>:
You have taken responsibility. (Thu, 13 Dec 2012 23:51:16 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Thu, 13 Dec 2012 23:51:17 GMT) Full text and rfc822 format available.

Message #24 received at 695139-close@bugs.debian.org (full text, mbox):

From: Serafeim Zanikolas <sez@debian.org>
To: 695139-close@bugs.debian.org
Subject: Bug#695139: fixed in bogofilter 1.2.2-2+squeeze1
Date: Thu, 13 Dec 2012 23:47:04 +0000
Source: bogofilter
Source-Version: 1.2.2-2+squeeze1

We believe that the bug you reported is fixed in the latest version of
bogofilter, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 695139@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Serafeim Zanikolas <sez@debian.org> (supplier of updated bogofilter package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 04 Dec 2012 20:08:50 +0100
Source: bogofilter
Binary: bogofilter bogofilter-bdb bogofilter-sqlite bogofilter-tokyocabinet bogofilter-common
Architecture: source i386 all
Version: 1.2.2-2+squeeze1
Distribution: stable-security
Urgency: high
Maintainer: Serafeim Zanikolas <sez@debian.org>
Changed-By: Serafeim Zanikolas <sez@debian.org>
Description: 
 bogofilter - a fast Bayesian spam filter (dummy package)
 bogofilter-bdb - a fast Bayesian spam filter (Berkeley DB)
 bogofilter-common - a fast Bayesian spam filter (common files)
 bogofilter-sqlite - a fast Bayesian spam filter (sqlite)
 bogofilter-tokyocabinet - a fast Bayesian spam filter (tokyocabinet)
Closes: 695139
Changes: 
 bogofilter (1.2.2-2+squeeze1) stable-security; urgency=high
 .
   * Cherry-pick fix and test for CVE-2012-5468 (aka bogofilter-SA-2012-01)
     from upstream release 1.2.3. Setting urgency to high. closes: #695139.
Checksums-Sha1: 
 06e589efec8016e06d6ee3d3fc167d15ece75274 1828 bogofilter_1.2.2-2+squeeze1.dsc
 936a452a7d2088c8cfdbeb811ff617525ecbc7d7 1053234 bogofilter_1.2.2.orig.tar.gz
 419ba2cada4f9e022d2543d94d083343fee62426 18666 bogofilter_1.2.2-2+squeeze1.debian.tar.gz
 da8b64f729ecd60c67edaa35c1cc20c987dc4770 968 bogofilter_1.2.2-2+squeeze1_i386.deb
 13c78e9f2b1755841a5442cc34b6a34ac00071c7 240968 bogofilter-bdb_1.2.2-2+squeeze1_i386.deb
 fb391b40af2f365e8a6276ad6be54f030c267685 205220 bogofilter-sqlite_1.2.2-2+squeeze1_i386.deb
 a9d5b99a5237f3e6f22fd419235ab0f446df62cf 200032 bogofilter-tokyocabinet_1.2.2-2+squeeze1_i386.deb
 a21b1dd20666baf37cf4b121df4c3f6cc7642735 195564 bogofilter-common_1.2.2-2+squeeze1_all.deb
Checksums-Sha256: 
 c27aa69aa39e1d2f4d9734708180cab6a0a3e6216d47bb9ba14b1c3623230d55 1828 bogofilter_1.2.2-2+squeeze1.dsc
 ddb3a7e66b7b2a58f4393979877c92171de4596d5a57b9123dc4496267246618 1053234 bogofilter_1.2.2.orig.tar.gz
 6bec70b786286be7147cfb474ef45ad5fdc142a365b4e722cd840c01e3ba6c85 18666 bogofilter_1.2.2-2+squeeze1.debian.tar.gz
 402d34c6c58db2b29274482ec02509d6ad3d47179e20ecb19a5873c3c35f5ef2 968 bogofilter_1.2.2-2+squeeze1_i386.deb
 c0f0797148d98b247c71d647da13261e6b7ee9a762ab73acbf302fb46864e9d6 240968 bogofilter-bdb_1.2.2-2+squeeze1_i386.deb
 bc71aaaad912fb6f3cf5850ce13d080b11ec3bbaa7c5820a4b5a3497444fac79 205220 bogofilter-sqlite_1.2.2-2+squeeze1_i386.deb
 0df0a966f5f0c9e3201aa295d77b8827103d5aa2c519b81f135063dac317b433 200032 bogofilter-tokyocabinet_1.2.2-2+squeeze1_i386.deb
 c2150cda6520b960e640d128bcf694eb316d0ffdd812b47d7cc6725a2581381d 195564 bogofilter-common_1.2.2-2+squeeze1_all.deb
Files: 
 74e05a0d9f8df1117322e404ff930a38 1828 mail optional bogofilter_1.2.2-2+squeeze1.dsc
 39d27c13eae8a5064d68e20d585e60de 1053234 mail optional bogofilter_1.2.2.orig.tar.gz
 9a99215a7f9938d3b84ded4afbf4d5c1 18666 mail optional bogofilter_1.2.2-2+squeeze1.debian.tar.gz
 9553bfb444ec5da99c7eb3e425e0b13b 968 mail optional bogofilter_1.2.2-2+squeeze1_i386.deb
 e54b8c4261e419986e9e79d7d78828ca 240968 mail optional bogofilter-bdb_1.2.2-2+squeeze1_i386.deb
 dd2ef7ee3adc1683c521e37d5b6be915 205220 mail extra bogofilter-sqlite_1.2.2-2+squeeze1_i386.deb
 ac2df02162f3bce1a3bb9fa10a345c4a 200032 mail extra bogofilter-tokyocabinet_1.2.2-2+squeeze1_i386.deb
 74a45f195418cabda3f843a78d414e7e 195564 mail optional bogofilter-common_1.2.2-2+squeeze1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJQv1VpAAoJEE+fbVUO1hIqoKcQAM4o9FBFCjyxaROPWrDjI1D7
HO11xmFp2EYDmzsfpC1IFyLXPYTT9mC+6qc8/YhqX+UVM63l831tJCG0pg9ZBUk3
n0iGmFGkAv500DRpCPPh9oFXk077p8Wj6I4UGVjVajL7Xe6sxarASn4ZvYm48AwC
WcHYj4UDqnlgpKWzs9UCyEjWqUNip0lhYBt487mEvDdMyohM84gdjn4u7FNvKli9
g+QHYd/4SizmRDQvpSTNegHZ2VwD9snEy7oOXaOiDAZrP19g+9sGdzCmBUx+96bJ
dZzHWbI7qwMX0/IssbHRSVXc/RD+OHZRzQznzomaOfPq+tcT+6gt1UOQmxSLTbV2
9W3lxolQGo/DThWYLyxzbVQb8GkAT1pove6xORne54YtV6p9HV0eyt4oLA7rpykN
Cp/L+5OVDrVsr9HhZD63XMsF116HPK0uR0XeEbm9l3tu0s7i8VOz0FIsb7L6cR0S
bHhRH+Go8OtMArmqxNIxOXIH5HSbVI0lw4APj9uZ1tFmhf6G8ojTFNUjSKawnhGG
R6SYu3IJallt8AhIC4v+wSaR4BRXFR1hzHGdLBqzq+UA8GDrBS9GOtyTV1KcSABn
/1R2seLfLhd4626o/q679G3pm58MAYETGidKJOINeYVniZJQVvKk+bFrGEftNb9p
CnUNhLNtPGh+LhV0Se6C
=2Un1
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 24 Feb 2013 07:27:16 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 10:57:56 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.