-   Slackware (
-   -   Odd Email from (

tallship 02-09-2013 10:36 PM

Odd Email from
I received a rather odd email from a couple of hours ago.

What was odd wasn't the content, as it appeared to be an almost standard Slackware security notification regarding OpenSSL, but rather, that the message came from w/no subject line instead of

Here's a snippet of what I got.


Received: from (localhost [])
        by (8.14.3/8.14.3) with ESMTP id r19N3w2a019179
        for <>; Sat, 9 Feb 2013 15:03:58 -0800
Received: from localhost (security@localhost)
        by (8.14.3/8.14.3/Submit) with ESMTP id r19N3wti019176
        for <>; Sat, 9 Feb 2013 15:03:58 -0800
Date: Sat, 9 Feb 2013 15:03:57 -0800 (PST)
From: Slackware Security Team <>
Subject: [slackware-security]  openssl (SSA:2013-040-01)
Message-ID: <>
User-Agent: Alpine 2.02 (LNX 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="960504934-503621985-1360451038=:19166"

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

Content-Type: TEXT/PLAIN; charset=ISO-8859-15
Content-Transfer-Encoding: 8BIT

Hash: SHA1

[slackware-security]  openssl (SSA:2013-040-01)

New openssl packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,
14.0, and -current to fix security issues.

Here are the details from the Slackware 14.0 ChangeLog:
patches/packages/openssl-1.0.1d-i486-1_slack14.0.txz:  Upgraded.
    Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
  This addresses the flaw in CBC record processing discovered by
  Nadhem Alfardan and Kenny Paterson. Details of this attack can be found

Well, regardless, I got it and have therefore almost finished upgrading OpenSSL on most of the Slackware boxes I maintain.

That's the most important part.

I just thought it was odd to receive the notification in such a manner, but you gotta love Pine (er... Alpine I guess LOL)


Lufbery 02-10-2013 12:15 AM

I got it too. I also thought it was odd. Oh well, we've all messed up e-mail subject lines in our time. :)

volkerdi 02-10-2013 12:22 AM

I got it too. ;) After examining it, it looks as if the presence of a few characters with umlauts caused alpine to wrap it as multipart MIME, and after that the mailing list scripts choked on it and mangled it enough that the signature doesn't verify. The one posted on is good in the sense that the GPG sig on that one will verify.

Sorry about that. Perhaps it should be mailed again from something else. I'm pretty sure it would go through correctly.

volkerdi 02-10-2013 12:34 AM

Unfortunately "pretty sure" didn't cut it. I sent it again, this time with mailx. It looks better, but still fails GPG. I'll be looking for a solution (if nothing else, I can avoid non-ASCII characters), but meanwhile if you're not sure this it real you can check the copy posted on

Hmmm, wish I'd said that in the second mail. :/

tallship 02-10-2013 12:39 AM

No Problem here Pat :)

The first thing I do anyway when I get these is run to slackpkg and your changelogs where I decide upon my next course of action ;)

gilead 02-10-2013 04:33 AM

I received both emails - no problem caused since I run a mirror for the boxes I maintain and I wait for the mirror to get the updated software anyway.

FeyFre 02-10-2013 06:05 AM

The second attempt also failed:

Received: from (localhost [])
by (8.14.3/8.14.3) with ESMTP id r1A5Tc54000843
for <>; Sat, 9 Feb 2013 21:29:38 -0800
Received: (from security@localhost)
by (8.14.3/8.14.3/Submit) id r1A5Tcrn000841
for; Sat, 9 Feb 2013 21:29:38 -0800
From: Slackware Security Team <>
Message-Id: <>
Date: Sat, 09 Feb 2013 21:29:38 -0800
Subject: [slackware-security] openssl (SSA:2013-040-01)
User-Agent: Heirloom mailx 12.3 7/15/07
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

Hi folks! The last attempt at mailing this was converted by Alpine when it
saw some ISO-8859 characters, mangling the headers and causing the GPG
signature to fail. Hopefully this try will work.

Hash: SHA1

[slackware-security] openssl (SSA:2013-040-01)

ponce 02-10-2013 06:12 AM

Picky Gmail ლ(ಠ益ಠლ) filtered them to spam here

FeyFre 02-10-2013 06:40 AM

@ponce, yes, here to. It because headers are broken.

kite 02-10-2013 06:51 AM


Originally Posted by ponce (Post 4888195)
Picky Gmail ლ(ಠ益ಠლ) filtered them to spam here

Same here.

willysr 02-10-2013 10:23 AM

I emptied the SPAM just before i read the email LOL

NyteOwl 02-10-2013 04:11 PM

It arrived here without subject line too.

tallship 02-16-2013 08:16 PM


Originally Posted by ponce (Post 4888195)
Picky Gmail ლ(ಠ益ಠლ) filtered them to spam here

Perhaps yet another reason to reconsider the use of DEA providers?

Kindest regards,


All times are GMT -5. The time now is 10:55 AM.