exim4_4.94.2-1~bpo10+1_multi.changes ACCEPTED into buster-backports->backports-policy, buster-backports

Debian FTP Masters ftpmaster at ftp-master.debian.org
Tue May 4 15:32:44 BST 2021



Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 02 May 2021 07:46:24 +0200
Source: exim4
Architecture: source
Version: 4.94.2-1~bpo10+1
Distribution: buster-backports
Urgency: high
Maintainer: Exim4 Maintainers <pkg-exim4-maintainers at lists.alioth.debian.org>
Changed-By: Andreas Metzler <ametzler at debian.org>
Changes:
 exim4 (4.94.2-1~bpo10+1) buster-backports; urgency=high
 .
   * Rebuild for buster-backports.
 .
 exim4 (4.94.2-1) unstable; urgency=high
 .
   * New upstream security release.
     + Release based on +fixes branch, drop 74_*diff.
     + Unfuzz 75_04-acl.patch.
     + Merge in upstream configuration change rejecting all RCPT commands after
       too many (more than five out of the initial ten) bad recipients. Can be
       disabled by setting CHECK_RCPT_NO_FAIL_TOO_MANY_BAD_RCPT.
     + Fixes multiple security vulnerabilities reported by Qualys and adds
       related robustness improvements. (Special thanks to Heiko)
       CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
       CVE-2020-28007: Link attack in Exim's log directory
       CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
       CVE-2020-28012: Missing close-on-exec flag for privileged pipe
       CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
       CVE-2020-28009: Integer overflow in get_stdinput()
       CVE-2020-28015, CVE-28021: New-line injection into spool header file
       CVE-2020-28026: Line truncation and injection in spool_read_header()
       CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
       CVE-2020-28017: Integer overflow in receive_add_recipient()
       CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
       CVE-2020-28011: Heap buffer overflow in queue_run()
       CVE-2020-28010: Heap out-of-bounds write in main()
       CVE-2020-28018: Use-after-free in tls-openssl.c
       CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
       CVE-2020-28014, CVE-2021-27216: PID file handling
       CVE-2020-28008: Assorted attacks in Exim's spool directory
       CVE-2020-28019: Failure to reset function pointer after BDAT error
   * Update debian/upstream/signing-key.asc from
     <https://downloads.exim.org/Exim-Maintainers-Keyring.asc>.
 .
 exim4 (4.94-19) unstable; urgency=medium
 .
   * Further updates from heiko/exim-4.94+fixes+taintwarn:
     + 75_24-Silence-the-compiler.patch
     + 75_26-Disable-taintchecks-for-mkdir-this-isn-t-part-of-4.9.patch
   * Upload to unstable.
 .
 exim4 (4.94-18) experimental; urgency=medium
 .
   * Pull patches to temporarily add an option to turn taint errors into
     warnings. (See #987133)
     + 75_01-Introduce-main-config-option-allow_insecure_tainted_.patch
     + 75_02-search.patch
     + 75_03-dbstuff.patch
     + 75_04-acl.patch
     + 75_05-parse.patch
     + 75_06-rda.patch
     + 75_07-appendfile.patch
     + 75_08-autoreply.patch
     + 75_09-pipe.patch
     + 75_10-deliver.patch
     + 75_11-directory.patch
     + 75_12-expand.patch
     + 75_13-lf_sqlperform.patch
     + 75_14-rf_get_transport.patch
     + 75_15-deliver.patch
     + 75_16-smtp_out.patch
     + 75_17-smtp.patch
     + 75_18-update-doc.patch
     + 75_20-Set-mainlog_name-and-rejectlog_name-unconditionally.patch
     + 75_21-tidy-log.c.patch
     + 75_22-Silence-compiler.patch
     + 75_23-Do-not-close-the-main-_log-if-we-do-not-see-a-chance.patch
   * Update NEWS.Debian to describe the feature.
Checksums-Sha1: 
 89393142fa30aa0cebef8de5f676541ebcf9a40a 2927 exim4_4.94.2-1~bpo10+1.dsc
 5bdf0d70a4aa9f7abd79bf1d891920f3e43c8741 476236 exim4_4.94.2-1~bpo10+1.debian.tar.xz
Checksums-Sha256: 
 efa9ce0c9a87ac8efeabd30335d62d2bb4b0355a952da20ea503cc1f75082670 2927 exim4_4.94.2-1~bpo10+1.dsc
 c16278fe9226c6f24a0bfa096344f46fcd64ce3b03d6fe2a0e8ca29e00b648c6 476236 exim4_4.94.2-1~bpo10+1.debian.tar.xz
Files: 
 1feeb5aa86b51e1fb0b4b3e00c182354 2927 mail standard exim4_4.94.2-1~bpo10+1.dsc
 44b282f99d18065da81ab9fcefb88028 476236 mail standard exim4_4.94.2-1~bpo10+1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmCQTaYACgkQpU8BhUOC
FIT5tw/9FM3ASGxP8ltw4BS3Ul8ZfsBpFTFh22gi2wmdqZJadTsnDpiZSOZ/tz/s
2guggv6ntPed9OoLmyyAU174vu7UvveUcWWvWngPaU11MQJzFWuuBAUgr2qW/l5+
atuuHKvQv57dUCDnbej2CcXbv9ougttPyW7OLhsplKUkoqTizPoAgMnd/H4ESz0I
LnBINaD2Vb/LsYzsOvl/tkC/tY2brj5WiaSfHY73uGp3weKF81RmDywOLEtr4+4O
XXKB/UKf9coXoP9X/6Ss63F1OPHOLMl0dEQq/5l3/PWHTiIPxTpoqEX1jbBo0bAn
Ev7LUkbFyL33QtxAvSn+Hk3dRNz6Z2GF524tI5B63M2bISSoSAGzyrnBQZYs9XaZ
yf24/61fEEzkGlnpbfI2Qdxha0OieRktghnCrOsP0wzpO1Kra1p3cnP3cSUElWX3
wUvS5nJ5yeYm5dExhw2o6Fhtw7vI2Vz72FzuvZE5LvsVrYDJA9AOuCoKq+Mm1xrS
hzJJdlPvYjWkrR1rPH8zD+EBdAXZicH/y2OBymJBVeNFrF1skrodlaIkUFyB3he2
zo+mpWJb42dz4aRr+Qsv4RDG/TxWoj9BFOiVygcIN59TvBgHdANIEj9F5HxYWz7v
OR+Vje0fj5tkVMeU1ueA9U+JEHU6q1hEctzbYI+suSLzopGm5Ms=
=KXlc
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.



More information about the Pkg-exim4-maintainers mailing list