[Pkg-sympa-devel] Bug#712141: sympa: Very long loop while compiling some digest messages
Olivier Tetard
olivier.tetard at miskin.fr
Thu Jun 13 12:45:51 UTC 2013
Package: sympa
Version: 6.1.11~dfsg-5
Severity: important
Tags: patch
Hi,
While compiling the digest for one list, the "sympa" process ran into some kind of infinite loop. This issue is encountered when one of the messages that needs to be digested contains binary attachments that are embedded in text/plain parts.
The problem was fixed in the 6.1.16 release of Sympa and in particular in the changeset 7955[1].
In my case, Sympa was unable to deliver messages to the lists while compiling the digest and thus can be considered as as DoS. Fix delivered in Sympa 6.1.16 solved the problem.
1. https://sourcesup.renater.fr/scm/viewvc.php?view=revision&root=sympa&revision=7955
Kind regards,
Olivier;
-- System Information:
Debian Release: 7.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.8.13-xxxx-std-ipv6-64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages sympa depends on:
ii adduser 3.113+nmu3
ii ca-certificates 20130119
ii dbconfig-common 1.8.47+nmu1
ii debconf [debconf-2.0] 1.5.49
ii dpkg 1.16.10
ii libarchive-zip-perl 1.30-6
ii libc6 2.13-38
ii libcgi-fast-perl 5.14.2-21
ii libcgi-pm-perl 3.61-2
ii libdbd-mysql-perl 4.021-1+b1
ii libdbd-pg-perl 2.19.2-2
ii libdbd-sqlite3-perl 1.37-1
ii libdbd-sybase-perl 1.14-1
ii libdbi-perl 1.622-1
ii libfcgi-perl 0.74-1+b1
ii libfile-copy-recursive-perl 0.38-1
ii libhtml-format-perl 2.10-1
ii libhtml-stripscripts-parser-perl 1.03-1
ii libhtml-tree-perl 5.02-1
ii libintl-perl 1.20-1
ii libio-stringy-perl 2.110-5
ii libmailtools-perl 2.09-1
ii libmime-charset-perl 1.009.2-1
ii libmime-encwords-perl 1.012.4-1
ii libmime-lite-html-perl 1.23-1.1
ii libmime-tools-perl 5.503-1
ii libmsgcat-perl 1.03-5+b2
ii libnet-ldap-perl 1:0.4400-1
ii libnet-netmask-perl 1.9016-1
ii libregexp-common-perl 2011121001-1
ii libtemplate-perl 2.24-1
ii libterm-progressbar-perl 2.13-1
ii libunicode-linebreak-perl 0.0.20120401-1
ii libxml-libxml-perl 2.0001+dfsg-1
ii lsb-base 4.1+Debian8
ii mhonarc 2.6.18-2
ii perl 5.14.2-21
ii perl-modules [libcgi-pm-perl] 5.14.2-21
ii postfix [mail-transport-agent] 2.9.6-2
ii rsyslog [system-log-daemon] 5.8.11-3
ii sqlite3 3.7.13-1+deb7u1
Versions of packages sympa recommends:
ii apache2-suexec-custom [apache2-suexec] 2.2.22-13
ii doc-base 0.10.4
ii libapache2-mod-fcgid 1:2.3.6-1.2
ii libcrypt-ciphersaber-perl 0.61-4
ii libfile-nfslock-perl 1.21-1
ii libio-socket-ssl-perl 1.76-2
ii libmail-dkim-perl 0.39-1
ii libsoap-lite-perl 0.714-1
ii locales 2.13-38
ii logrotate 3.8.1-4
ii mysql-server 5.5.31+dfsg-0+wheezy1
Versions of packages sympa suggests:
ii apache2-mpm-worker [httpd-cgi] 2.2.22-13
pn libauthcas-perl <none>
pn libdbd-oracle-perl <none>
pn libtext-wrap-perl <none>
ii openssl 1.0.1e-2
-- Configuration Files:
/etc/logrotate.d/sympa changed [not included]
/etc/sympa/httpd.conf-cgi [Errno 2] No such file or directory: u'/etc/sympa/httpd.conf-cgi'
/etc/sympa/httpd.conf-fcgi [Errno 2] No such file or directory: u'/etc/sympa/httpd.conf-fcgi'
/etc/sympa/topics.conf changed [not included]
-- debconf information:
* sympa/db_passwd: (password omitted)
sympa/password-confirm: (password omitted)
sympa/pgsql/admin-pass: (password omitted)
sympa/app-password-confirm: (password omitted)
sympa/key_password_again: (password omitted)
* sympa/db_passwd_again: (password omitted)
sympa/key_password: (password omitted)
sympa/pgsql/app-pass: (password omitted)
sympa/mysql/admin-pass: (password omitted)
* sympa/db_adminpasswd: (password omitted)
sympa/mysql/app-pass: (password omitted)
* sympa/dbconfig-install: false
* sympa/listmaster: listmaster at attac-mail.attac.org
* wwsympa/wwsympa_url: http://list.attac.org/wws
* wwsympa/webserver_restart: true
sympa/upgrade-backup: true
sympa/pgsql/changeconf: false
sympa/db_options:
sympa/db_configured: true
sympa/internal/skip-preseed: true
sympa/remote/host:
sympa/db_user: sympa
sympa/internal/reconfiguring: true
sympa/remove-error: abort
* wwsympa/webserver_type: Apache 2
sympa/dbconfig-remove:
sympa/mysql/method: unix socket
sympa/wwsympa_configured: false
* sympa/language: fr
sympa/pgsql/method: unix socket
sympa/db_removeonpurge: false
sympa/install-error: abort
sympa/pgsql/no-empty-passwords:
sympa/pgsql/authmethod-admin: ident
sympa/passwords-do-not-match:
sympa/missing-db-package-error: abort
sympa/remove_spool: false
sympa/remote/newhost:
sympa/pgsql/manualconf:
sympa/remote/port:
* sympa/hostname: attac-mail.attac.org
sympa/pgsql/authmethod-user: password
* sympa/db_hostname: localhost
sympa/dbconfig-upgrade: true
sympa/use_db: true
* sympa/use_soap: false
sympa/db/dbname: sympa
sympa/database-type: mysql
sympa/db/basepath:
* wwsympa/fastcgi: true
sympa/db/app-user: sympa
sympa/purge: false
sympa/db_authtype: Ident-based
sympa/db_port:
sympa/mysql/admin-user: root
sympa/db_name: sympa
* sympa/dbconfig-reinstall: false
* sympa/db_type: MySQL
sympa/pgsql/admin-user: postgres
sympa/upgrade-error: abort
* wwsympa/remove_spool: false
sympa/use_wwsympa: false
sympa/smime_support: false
More information about the Pkg-sympa-devel
mailing list