Publishing details

Published on 2015-11-18

Changelog

dovecot-antispam (2.0+20150222-1~ubuntu14.04.1) trusty; urgency=medium

  * No-change backport to trusty

dovecot-antispam (2.0+20150222-1) unstable; urgency=medium

  * Use T_BEGIN/T_END since t_push() changed its signature and broke API
    in dovecot 2.2.14, and this is the interface to it that things were
    supposed to switch to some time back.  Closes: #765943

dovecot-antispam (2.0+20130912-2) unstable; urgency=medium

  * Use the correct argc for pipe.ham_args

    This fixes a typo bug, where if the number of arguments set for
    antispam_pipe_program_spam_arg is not the same as what was set
    for antispam_pipe_program_notspam_arg, then we'll either scribble
    past the end of the allocated argv array, or populate it with
    pointers to whatever followed the real ham_args.

    Thanks to Peter Colberg who reported this, including a correct
    patch to fix it, to the security team.  The security implications
    of this seem somewhat limited, since you need to edit a config
    file as root to create the bad situation, and there is no path
    for remote injection of crafted data (whether it overflows or
    underflows) if you do, the argv array will just get some 'random'
    extra pointers to existing internal data.

    However it does pose a potential problem for a legitimate user
    who does legitimately need or want to pass a different number of
    arguments for the spam and ham cases, since that could crash
    dovecot, or confuse the hell out of their pipe program when it
    gets some random extra arguments.  It's probably gone unnoticed
    for this long because most uses will pass the same number of
    arguments for both of them, but that's not a necessary condition
    in the general case.

dovecot-antispam (2.0+20130912-1) unstable; urgency=medium

  * Merge upstreamed patches from the upstream branch,
    no new changes to the Debian package from this.
  * Depend on dovecot ABI rather than a specific Dovecot package version.
    Many thanks to Jelmer Vernooij for both adding support for that to the
    dovecot package and providing a patch for this one to use it.  Now we
    just need dovecot upstream to start bumping ABI less often than version :)
    Closes: #755432

 -- Andi Sherratt <email address hidden>  Wed, 18 Nov 2015 15:40:49 +0000

Available diffs

diff from 2.0+20130822-2build1 (in Ubuntu) to 2.0+20150222-1~ubuntu14.04.1 (4.0 KiB)

Builds

amd64
i386

Built packages

dovecot-antispam Dovecot plugins for training spam filters

Package files

dovecot-antispam_2.0+20150222-1~ubuntu14.04.1.diff.gz (3.9 KiB)
dovecot-antispam_2.0+20150222-1~ubuntu14.04.1.dsc (1.6 KiB)
dovecot-antispam_2.0+20150222-1~ubuntu14.04.1_amd64.deb (20.8 KiB)
dovecot-antispam_2.0+20150222-1~ubuntu14.04.1_i386.deb (20.3 KiB)
dovecot-antispam_2.0+20150222.orig.tar.gz (30.1 KiB)