It's CVE-2008-2936, and fixed in: 2.2.10-1ubuntu0.2 (dapper) 2.3.8-2ubuntu0.1 (feisty) 2.4.5-3ubuntu1.1 (gutsy) 2.5.1-2ubuntu1 (hardy) 2.5.4-1 (intrepid)
None of these have hit the archive, see also https://bugs.edge.launchpad.net/ubuntu/+source/postfix/+bug/257893 I'd expect to see the -security stuff shortly.
CVE-2008-2937 was also assigned for the issue that was fixed in 2.5.3, which applies if you have a mode 1777 /var/mail. That should not be confused with any sane configuration of mail.
lamont
It's CVE-2008-2936, and fixed in:
2.2.10-1ubuntu0.2 (dapper)
2.3.8-2ubuntu0.1 (feisty)
2.4.5-3ubuntu1.1 (gutsy)
2.5.1-2ubuntu1 (hardy)
2.5.4-1 (intrepid)
None of these have hit the archive, see also https:/ /bugs.edge. launchpad. net/ubuntu/ +source/ postfix/ +bug/257893
I'd expect to see the -security stuff shortly.
CVE-2008-2937 was also assigned for the issue that was fixed in 2.5.3, which applies if you have a mode 1777 /var/mail.
That should not be confused with any sane configuration of mail.
lamont