Re: [bitfolk] Proving that you are you

Top Page
This message is part of the following thread:
M--+-+--+++\the complete thread tree sorted by date
M-\M\M+\MMMMDmitriy Kazimirov at <-
M\MMMMMMM.MMAndy Smith at ->

Reply to this message
Author: G. Miliotis
Date:  
Subject: Re: [bitfolk] Proving that you are you
@mail.gmail.com>
To: users@???
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQmziGhgw6kjsAXsjf7YMtz0B+eaHFcEGikXtNY9c7miUM95KYjVmwyBjXHhJc6aVi5STUwE
X-Virus-Scanner: Scanned by ClamAV on mail.bitfolk.com at Fri,
    26 Oct 2012 13:03:01 +0000
X-SA-Exim-Connect-IP: 209.85.220.48
X-SA-Exim-Mail-From: alan@???
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
    spamd3.lon.bitfolk.com
X-Spam-Level: 
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Status: No, score=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW
    shortcircuit=no autolearn=disabled version=3.3.1
X-Spam-Report: * -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at
    http://www.dnswl.org/, low *      trust
    *      [209.85.220.48 listed in list.dnswl.org]
X-SA-Exim-Version: 4.2.1 (built Mon, 22 Mar 2010 06:51:10 +0000)
X-SA-Exim-Scanned: Yes (on mail.bitfolk.com)
Subject: Re: [bitfolk] Another Exim remote code execution exploit
X-BeenThere: users@???
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Users of BitFolk hosting <users.lists.bitfolk.com>
List-Unsubscribe: <https://lists.bitfolk.com/mailman/options/users>,
    <mailto:users-request@lists.bitfolk.com?subject=unsubscribe>
List-Archive: <http://lists.bitfolk.com/lurker/list/users.html>
List-Post: <mailto:users@lists.bitfolk.com>
List-Help: <mailto:users-request@lists.bitfolk.com?subject=help>
List-Subscribe: <https://lists.bitfolk.com/mailman/listinfo/users>,
    <mailto:users-request@lists.bitfolk.com?subject=subscribe>
X-List-Received-Date: Fri, 26 Oct 2012 13:03:01 -0000


On 26 October 2012 14:54, Andy Smith <andy@???> wrote:
> Hi,
>
> On Fri, Oct 26, 2012 at 12:49:21PM +0000, Andy Smith wrote:
>> It's time to check if you need to update Exim:
>>
>>     https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.ht=
ml
>>
>> If you run Debian and Exim=97which I know is lots of you=97then you do n=
eed to.
>
> On Debian, package version 4.72-6+squeeze3 has the fix:
>
>     exim4 (4.72-6+squeeze3) stable-security; urgency=3Dhigh

>
>       * Non-maintainer upload by the Security Team.
>       * CVE-2012-5671: Fix heap-based buffer overflow in DKIM handling.

>
>      -- Nico Golde <nion@???>  Thu, 25 Oct 2012 08:43:03 +0000

>

.. and in Ubuntu http://www.ubuntu.com/usn/usn-1618-1/

e.g.

exim4 (4.71-3ubuntu1.4) lucid-security; urgency=3Dlow 

  * SECURITY UPDATE: arbitrary code execution via dns decode logic
    - debian/patches/CVE-2012-5671.patch: adjust max length and validate
      against it in src/pdkim/pdkim.h, src/dkim.c.
    - CVE-2012-5671


-- Marc Deslauriers <marc.deslauriers@???> Thu, 25 Oct 2012
08:48:31 -0400

Cheers,
Al. 


From andyjpb@??? Fri Oct 26 13:23:06 2012
Received: from pavilion.ashurst.eu.org ([85.119.82.45])
    by mail.bitfolk.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
    (Exim 4.72) (envelope-from <andyjpb@???>)
    id 1TRjsQ-0006wk-Nl
    for users@???; Fri, 26 Oct 2012 13:23:06 +0000
Received: from [74.125.61.190] (helo=[192.168.146.63])
    by pavilion.ashurst.eu.org with esmtpsa
    (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.72)
    (envelope-from <andyjpb@???>) id 1TRjsP-0001ok-GP
    for users@???; Fri, 26 Oct 2012 14:23:05 +0100
Message-ID: <508A8EB7.4030705@???>
Date: Fri, 26 Oct 2012 14:23:03 +0100
From: Andy Bennett <andyjpb@???>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
    rv:10.0.7) Gecko/20120922 Icedove/10.0.7
MIME-Version: 1.0
To: users@???
References: <20121026124921.GA19412@???>
In-Reply-To: <20121026124921.GA19412@???>
X-Enigmail-Version: 1.4.1
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
    spamd0.lon.bitfolk.com
X-Spam-Level: 
X-Spam-ASN: 
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,SHORTCIRCUIT
    shortcircuit=ham autolearn=disabled version=3.3.1
X-Spam-Report: * -0.0 SHORTCIRCUIT Not all rules were run,
    due to a shortcircuited rule
    * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
X-Virus-Scanner: Scanned by ClamAV on mail.bitfolk.com at Fri,
    26 Oct 2012 13:23:06 +0000
X-SA-Exim-Connect-IP: 85.119.82.45
X-SA-Exim-Mail-From: andyjpb@???
X-SA-Exim-Scanned: No (on mail.bitfolk.com); SAEximRunCond expanded to false
Subject: Re: [bitfolk] Another Exim remote code execution exploit
X-BeenThere: users@???
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Users of BitFolk hosting <users.lists.bitfolk.com>
List-Unsubscribe: <https://lists.bitfolk.com/mailman/options/users>,
    <mailto:users-request@lists.bitfolk.com?subject=unsubscribe>
List-Archive: <http://lists.bitfolk.com/lurker/list/users.html>
List-Post: <mailto:users@lists.bitfolk.com>
List-Help: <mailto:users-request@lists.bitfolk.com?subject=help>
List-Subscribe: <https://lists.bitfolk.com/mailman/listinfo/users>,
    <mailto:users-request@lists.bitfolk.com?subject=subscribe>
X-List-Received-Date: Fri, 26 Oct 2012 13:23:06 -0000


Hi,

> It's time to check if you need to update Exim:
> 
>     https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html

>
> If you run Debian and Exim—which I know is lots of you—then you do need to.

It seems that people everywhere called Andy Smith are getting security
right:

http://dropsafe.crypticide.com/article/9024


;-)




Regards,
@ndy

--
andyjpb@???
http://www.ashurst.eu.org/
0x7EBA75FF 



From andy@??? Mon Nov 05 01:57:43 2012
Received: from andy by mail.bitfolk.com with local (Exim 4.72)
    (envelope-from <andy@???>) id 1TVBwc-0001ud-Fl
    for users@???; Mon, 05 Nov 2012 01:57:43 +0000
Date: Mon, 5 Nov 2012 01:57:42 +0000
From: Andy Smith <andy@???>
To: users@???
Message-ID: <20121105015742.GP3867@???>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-ripemd160;
    protocol="application/pgp-signature"; boundary="cuu5vHNojawdHCgB"
Content-Disposition: inline
OpenPGP: id=BF15490B; url=http://strugglers.net/~andy/pubkey.asc
X-URL: http://strugglers.net/wiki/User:Andy
User-Agent: Mutt/1.5.20 (2009-06-14)
X-Virus-Scanner: Scanned by ClamAV on mail.bitfolk.com at Mon,
    05 Nov 2012 01:57:42 +0000
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: andy@???
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
    spamd2.lon.bitfolk.com
X-Spam-Level: 
X-Spam-ASN: 
X-Spam-Status: No, score=-0.0 required=5.0 tests=NO_RELAYS shortcircuit=no
    autolearn=disabled version=3.3.1
X-Spam-Report: * -0.0 NO_RELAYS Informational: message was not relayed via SMTP
X-SA-Exim-Version: 4.2.1 (built Mon, 22 Mar 2010 06:51:10 +0000)
X-SA-Exim-
This message was posted to the following mailing lists:
users
Mailing List Info | Nearby Messages		<-Re: [bitfolk] Proving that you are youRe: [bitfolk] users Digest, Vol 45, Issue 2->
Bitfolk Mailing List Archive administrated by List AdminLurker (version 2.3)