Debian
dovecot-antispam package

Name Status Last Modified Last Commit
lp:debian/dovecot-antispam 1 Development 2015-07-04 04:17:23 UTC
16. Use T_BEGIN/T_END since t_push() chan...

Author: Ron Lee
Revision Date: 2015-07-04 10:30:53 UTC

Use T_BEGIN/T_END since t_push() changed its signature and broke API
in dovecot 2.2.14, and this is the interface to it that things were
supposed to switch to some time back. Closes: #765943
lp:debian/stretch/dovecot-antispam 1 Development 2015-07-04 04:17:23 UTC
16. Use T_BEGIN/T_END since t_push() chan...

Author: Ron Lee
Revision Date: 2015-07-04 10:30:53 UTC

Use T_BEGIN/T_END since t_push() changed its signature and broke API
in dovecot 2.2.14, and this is the interface to it that things were
supposed to switch to some time back. Closes: #765943
lp:debian/jessie/dovecot-antispam 1 Development 2015-02-22 04:17:48 UTC
15. Use the correct argc for pipe.ham_arg...

Author: Ron Lee
Revision Date: 2015-02-22 09:27:51 UTC

Use the correct argc for pipe.ham_args

This fixes a typo bug, where if the number of arguments set for
antispam_pipe_program_spam_arg is not the same as what was set
for antispam_pipe_program_notspam_arg, then we'll either scribble
past the end of the allocated argv array, or populate it with
pointers to whatever followed the real ham_args.

Thanks to Peter Colberg who reported this, including a correct
patch to fix it, to the security team. The security implications
of this seem somewhat limited, since you need to edit a config
file as root to create the bad situation, and there is no path
for remote injection of crafted data (whether it overflows or
underflows) if you do, the argv array will just get some 'random'
extra pointers to existing internal data.

However it does pose a potential problem for a legitimate user
who does legitimately need or want to pass a different number of
arguments for the spam and ham cases, since that could crash
dovecot, or confuse the hell out of their pipe program when it
gets some random extra arguments. It's probably gone unnoticed
for this long because most uses will pass the same number of
arguments for both of them, but that's not a necessary condition
in the general case.
lp:debian/wheezy/dovecot-antispam 1 Development 2012-06-19 22:26:17 UTC
11. Apply patch from Johannes for dovecot...

Author: Ron Lee
Revision Date: 2012-06-20 01:55:54 UTC

Apply patch from Johannes for dovecot 2.1 Closes: #676007
lp:debian/squeeze/dovecot-antispam 1 Development 2009-07-25 04:45:14 UTC
4. * Adopt this one officially now with ...

Author: Ron Lee
Revision Date: 2009-07-25 04:45:14 UTC

* Adopt this one officially now with the maintainer's blessing. Thanks Jonny!
* Update the Vcs-* URLs to point at the repo this was prepared from.
15 of 5 results FirstPreviousNextLast