exim4: Patch for 296492 introduced remotely exploitable infinite loop (DOS)

Automatically imported from Debian bug report #304174 http://bugs.debian.org/304174

Message-Id: <email address hidden>
Date: Mon, 11 Apr 2005 09:19:14 -0400
From: Marc Sherman <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: exim4: Patch for 296492 introduced remotely exploitable infinite loop (DOS)

Package: exim4
Version: 4.50-5
Severity: grave
Tags: security sid patch
Justification: remote exploitable DOS

The patch for 296492, which is currently in sid's 4.50-5, introduced an
infinite loop which could be triggered by a remote site with
(intentionally?) misconfigured DNS.

It is discussed in:
http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050404/msg00062.html

The patch to fix this is in:
http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050404/msg00152.html

I'm not certain, but I think that this patch _replaces_ the patch
applied to fix 296492, rather than patching it.

I hope I've set the tags and severity for this bug correctly to indicate
that it's an RC bug that should keep 4.50-5 out of sarge, but does not
apply to 4.50-4 which is currently in sarge.

- Marc

Message-ID: <email address hidden>
Date: Mon, 11 Apr 2005 19:31:22 +0200
From: Andreas Metzler <email address hidden>
To: Marc Sherman <email address hidden>, <email address hidden>
Subject: Re: Bug#304174: exim4: Patch for 296492 introduced remotely exploitable infinite loop (DOS)

tags 304174 pending
# fixed in SVN
thanks
On 2005-04-11 Marc Sherman <email address hidden> wrote:
> Package: exim4
> Version: 4.50-5
[...]
> The patch for 296492, which is currently in sid's 4.50-5, introduced an
> infinite loop which could be triggered by a remote site with
> (intentionally?) misconfigured DNS.

> It is discussed in:
> http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050404/msg00062.html
[...]

This is already applied in SVN and there'll probably be an upload on
wednesday, latest.

> I hope I've set the tags and severity for this bug correctly to indicate
> that it's an RC bug that should keep 4.50-5 out of sarge, but does not
> apply to 4.50-4 which is currently in sarge.

I think so.

FWIW there is actually no danger of 4.50-4 propagating to sarge
_automatically_, exim4 is frozen and can only go in if one of the
release managers kicks it. ;-)
             cu andreas
--
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"
                                           http://downhill.aus.cc/

This does not affect Warty and Hoary, we have 4.34. However, since the merge
rave is before us, I leave this bug open as a reminder to _not_ sync exim4
immediately.

Message-ID: <email address hidden>
Date: Mon, 18 Apr 2005 23:25:20 +0200
From: Marc Haber <email address hidden>
To: <email address hidden>
Subject: Re: exim4: Patch for 296492 introduced remotely exploitable infinite loop (DOS)

On Mon, Apr 11, 2005 at 09:19:14AM -0400, Marc Sherman wrote:
> The patch to fix this is in:
> http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050404/msg00152.html

This is applied in 4.50-6. The changelog entry in 4.50-6 was written
before Marc opened this bug, and I forgot to change it. Closing the
bug manually.

Greetings
Marc

--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835

(In reply to comment #3)
> This does not affect Warty and Hoary, we have 4.34. However, since the merge
> rave is before us, I leave this bug open as a reminder to _not_ sync exim4
> immediately.

Breezy has 4.50-6, this version fixes that bug again, so all releases are fine.