Bug#610879: unblock: exim4/4.72-4

Sun Jan 23 16:56:45 UTC 2011

Package: release.debian.org
Severity: normal
User: release.debian.org at packages.debian.org
Usertags: freeze-exception

Hello,

I have uploaded exim4/4.72-4 to sid yesterday. There are two changes
compared to squeeze:

* A fix for a local security issue. (CVE-2011-0017: the Exim run-time user
can cause root to append content of the attacker's choosing to
arbitrary files.)

* An update to the SPF example code. The Debian exim configuration contains
code to check SPF data by invoking spfquery. The code is disabled by
default but easily enabled through a macro. Due to the removal of
libmail-spf-query-perl from sid and sqeeze the example code is broken
(No message rejection, but non-working.) I have updated the respective
ACL to use spf-tools-perl's spfquery instead.

-------------------------------------------------

There is a further issues I would like to fix for squeeze:

Debian bug #610611: If a non-debug daemon was invoked with a
non-whitelisted macro, then logs from after attempting delivery would
be silently lost, including for successful delivery.  This log-loss
bug was introduced in 4.73 as part of the security lockdown.
http://git.exim.org/exim.git/commitdiff/b7487bcec431809cb7fc3c2b42fcd607e43d37e7

Please either unblock package exim4 or give me a go to upload 4.72-5
with the abovementioned additional fix.

unblock exim4/4.72-4

thanks, cu andreas

-------------- next part --------------
A non-text attachment was scrubbed...
Name: from4.72-3to4.diff
Type: text/x-diff
Size: 10205 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-exim4-maintainers/attachments/20110123/1be70b7b/attachment-0001.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-exim4-maintainers/attachments/20110123/1be70b7b/attachment-0001.pgp>