Description of problem: Postfix 2.5.1-2 ships with F9. Requesting a bump to fix bugs. Version-Release number of selected component (if applicable): 2.5.1-.FC9 How reproducible: Always Steps to Reproduce: 1. See above Actual results: See above Expected results: See above Additional info: Bumps from 2.5.1 to 2.5.3. No security fixes, just bugs swatted. See http://www.postfix.org and downloads for more information.
Wietse Venema has just released a statement indicating that he found a serious local privilege escalation issue. Furthermore, the statement includes proof-of-concept code to test for yourself. Reference: http://archives.neohapsis.com/archives/postfix/2008-08/0392.html I am bumping this to high priority and adding a security tag. Because this is a public notification, hiding this is not necessary. Now I'm requesting not only a rebase, but a patch to this flaw as well.
Correction: Wietse didn't find the issue, Sebastian Krahmer did (sorry). All other information is valid.
Patch released 8/15/08; update to patchlevel 4. I can't change my original comment to bump 2.5.1 to 2.5.3; it should now say that I want to see 2.5.1 bumped to 2.5.4.
Flaw in 2.4X has been fixed with 2.5.5, just released: ftp://ftp.wl0.org/postfix-release/official/postfix-2.5.5.HISTORY Updated title and history to show new version and bug description via link to change file.
Thank you for the updates on F8 and F9 to 2.5.5-1, all works well on F8. +1 to updates, please.
I should mention that, as of this writing, it is still in Koji. Sorry 'bout that. Anyway, it works well. Thank you again for the update!
postfix-2.5.5-1.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/postfix-2.5.5-1.fc9
postfix-2.5.5-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.