[Secure-testing-team] Re: Bug#332259: spampd fails with 'Error in
process_request': Modification of read-only variable in Syslog.pm
Martin Schulze
joey at infodrom.org
Fri Oct 7 04:17:44 UTC 2005
Sven Mueller wrote:
> I created a fixed package (actually two: one for sid/etch and one for
> sarge), available at https://mail.incase.de/spampd/sarge-security/
> respectively at https://mail.incase.de/spampd/sid/ (until my sponsor
> finds the time to upload the latter to sid). Personally, I'm indifferent
> wether this fix should be uploaded to the testing-security archive,
> since the fixed version should propagate quickly from sid.
>
> Security-Team: What else do I need to do to get the fixed version into
> sarge/security?
How does this represent a security bug?
It's not a denial of service unless spampd crashes and is unavailable
after misprocessing this mail. According to the bug report, the daemon
is reporting an error but continuing to work.
Hence, it's rather "one mail falls through" or something. Doesn't sound
security-relevant to me.
Regards,
Joey
--
Everybody talks about it, but nobody does anything about it! -- Mark Twain
Please always Cc to me when replying to me on the lists.
More information about the Secure-testing-team
mailing list