Bug#1049899: bookworm-pu: package exim4/4.96-15+deb12u3

Andreas Metzler ametzler at bebt.de
Wed Nov 1 10:46:56 GMT 2023 

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org at packages.debian.org
Usertags: pu
Control: affects -1 + src:exim4

Hello,

I would like to push another round of cherry-picked upstream fixes to
bookworm, including the update to 4.96.2 to fix two non-DSA minor
security issues.

The changes are included in the new upstream (4.97 rc) uploads to sid which are present in sid and testing.


* Multiple bugfixes from upstream GIT master:
  + 75_74-Cancel-early-pipe-on-an-observed-advertising-change.patch
  + 75_76-Expansions-disallow-UTF-16-surrogates-from-utf8clean.patch
    (Upstream bug 2998)
  + 75_77-GnuTLS-fix-crash-with-tls_dhparam-none.patch
  + 75_79-Fix-recipients-expansion-when-used-within-run.-.-Bug.patch
    (Upstream bug 3013)
----> ${run expansion breakage, similar to #1025420.
  + 75_82-GnuTLS-fix-autogen-cert-expiry-date.-Bug-3014.patch: Fix on-demand
    TLS cert expiry date. Closes: #1043233
    (Upstream bug 3014)
----> This is major hickup, bordering on RC.

  + 75_83-Re-fix-live-variable-value-free.-The-inital-fix-resu.patch
----> Another patch for ${run} expansion breakage.
  + 76-10-Fix-tr.-and-empty-strings.-Bug-3023.patch ((Upstream bug 3023)
  + 76-12-DNS-more-hardening-against-crafted-responses.patch
* tests/basic: Add isolation-container restriction (needs a running
  exim daemon).
* Add ${run } expansion test to tests/basic.
* Update code to 4.96.2, fixing issues with the proxy protocol
  (CVE-2023-42117) and the `dnsdb` lookup subsystem (CVE-2023-42219). It
  also includes additional hardening for spf lookups, however CVE-2023-42218
  was diagnosed as a vulnerability in the libspf2 library and needs to be
  addressed there. Closes: #1053310

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
-------------- next part --------------
A non-text attachment was scrubbed...
Name: u3.deb.diff
Type: text/x-diff
Size: 64906 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-exim4-maintainers/attachments/20231101/40c9bd8f/attachment-0001.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-exim4-maintainers/attachments/20231101/40c9bd8f/attachment-0001.sig>

More information about the Pkg-exim4-maintainers mailing list