[dspam] [CVE-2007-6418] programming error leading to information disclosure
Bug #195691 reported by
disabled.user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dspam (Debian) |
Fix Released
|
Unknown
|
|||
dspam (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Dapper |
Fix Released
|
Medium
|
Daniel Hahler | ||
Edgy |
Fix Released
|
Medium
|
Daniel Hahler | ||
Feisty |
Fix Released
|
Medium
|
Daniel Hahler | ||
Gutsy |
Fix Released
|
Medium
|
Daniel Hahler |
Bug Description
References:
DSA-1501-1 (http://
Quoting:
"Tobias Gruetzmacher discovered that a Debian-provided CRON script in dspam,
a statistical spam filter, included a database password on the command line
when using the MySQL backend. This allowed a local attacker to read the
contents of the dspam database, such as emails."
CVE References
Changed in dspam: | |
status: | Unknown → Fix Released |
Changed in dspam: | |
assignee: | nobody → blueyed |
importance: | Undecided → High |
status: | New → In Progress |
assignee: | nobody → blueyed |
importance: | Undecided → High |
status: | New → In Progress |
assignee: | nobody → blueyed |
importance: | Undecided → High |
status: | New → In Progress |
assignee: | nobody → blueyed |
importance: | Undecided → High |
status: | New → In Progress |
status: | Triaged → Fix Released |
Changed in dspam: | |
assignee: | blueyed → nobody |
status: | In Progress → Triaged |
assignee: | blueyed → nobody |
status: | In Progress → Triaged |
assignee: | blueyed → nobody |
status: | In Progress → Triaged |
assignee: | blueyed → nobody |
status: | In Progress → Triaged |
importance: | High → Medium |
importance: | High → Medium |
Changed in dspam: | |
importance: | High → Medium |
importance: | High → Medium |
importance: | High → Medium |
Changed in dspam: | |
status: | In Progress → Triaged |
status: | In Progress → Triaged |
status: | In Progress → Triaged |
status: | In Progress → Triaged |
Changed in dspam: | |
status: | Fix Committed → Fix Released |
status: | Fix Committed → Fix Released |
status: | Fix Committed → Fix Released |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
This is fixed in dspam 3.6.8-5.1, therefore Dapper, Edgy, Feisty and Gutsy are affected.