[Simon Walter] Bug#506353: mailscanner: many scripts allow
local users to overwrite arbitrary files, and more, via symlink attacks
Brent Addis
brent.addis at spit.gen.nz
Tue Dec 9 20:19:20 GMT 2008
On Tue, 2008-12-09 at 14:46 +0000, Martin Hepworth wrote:
> 2008/12/9 Kai Schaetzl <maillists at conactive.com>:
> > Simon.walter at hp-factory.de wrote on Tue, 9 Dec 2008 11:58:03 -0000 (UTC):
> >
> >> Funny how everybody focuses on this little, unimportant, technical problem
> >> but ignores the real cause of my mail.
> >
> > The trend-updater problem has already been fixed in recent MS. I assume the
> > other scripts will get fixed one by one over time if there really is a need.
> >
> > BTW, there was one sentence in your original quotes I absolutely agree with:
> >
> >> In the current state the package should not be part of
> >> the lenny release.
> >
> > looking at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506353 the
> > MailScanner version in debian-stable is 4.55.10. That should indeed not be
> > used anymore. If I understand this correctly the stable version is what
> > comes with the current Debian 4.0?
> >
> >
> > Kai
> >
> > --
> > Kai Schätzl, Berlin, Germany
>
>
> Well yeah this is a general problem with debian - esp for 'unstable'
> (or rapidily updated) stuff like mailScanner, the long release cycles
> give problems.
>
>
> --
> Martin Hepworth
> Oxford, UK
Why doesn't someone create a deb for release with debian-volatile then?
This generally takes care of constantly updating packages like clam,
MailScanner should be there too.
We run debian-volatile anywhere need stuff up to date (Such as
mailservers). It works very well.
- Brent
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20081210/011ae999/attachment.html
More information about the MailScanner
mailing list