[ubuntu/dapper-security] postfix, postfix (delayed) 2.2.10-1ubuntu0.3 (Accepted)

Ubuntu Installer archive at ubuntu.com
Mon Apr 18 15:04:37 UTC 2011 

postfix (2.2.10-1ubuntu0.3) dapper-security; urgency=low

  * SECURITY UPDATE: man-in-the-middle via plaintext command injection
    - debian/patches/CVE-2011-0411.dpatch: Discard the contents of the
      stream buffer so there is no pending plaintext in
      src/smtp/smtp_proto.c, src/smtpd/smtpd.c. Backport vstream_fpurge()
      in src/util/vstream.*.
    - CVE-2011-0411
  * SECURITY UPDATE: symlink attack via incorrect pid dir permissions
    - debian/postfix.postinst: create pid dir with appropriate permissions.
    - CVE-2009-2939

Date: Fri, 15 Apr 2011 10:55:16 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: LaMont Jones <lamont at debian.org>
https://launchpad.net/ubuntu/dapper/+source/postfix/2.2.10-1ubuntu0.3
-------------- next part --------------
Format: 1.7
Date: Fri, 15 Apr 2011 10:55:16 -0400
Source: postfix
Binary: postfix-doc postfix-pgsql postfix-ldap postfix-dev postfix-pcre postfix postfix-mysql
Architecture: source
Version: 2.2.10-1ubuntu0.3
Distribution: dapper-security
Urgency: low
Maintainer: LaMont Jones <lamont at debian.org>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 postfix    - A high-performance mail transport agent
 postfix-dev - Postfix loadable modules development environment
 postfix-doc - Postfix documentation
 postfix-ldap - LDAP map support for Postfix
 postfix-mysql - MYSQL map support for Postfix
 postfix-pcre - PCRE map support for Postfix
 postfix-pgsql - PGSQL map support for Postfix
Changes: 
 postfix (2.2.10-1ubuntu0.3) dapper-security; urgency=low
 .
   * SECURITY UPDATE: man-in-the-middle via plaintext command injection
     - debian/patches/CVE-2011-0411.dpatch: Discard the contents of the
       stream buffer so there is no pending plaintext in
       src/smtp/smtp_proto.c, src/smtpd/smtpd.c. Backport vstream_fpurge()
       in src/util/vstream.*.
     - CVE-2011-0411
   * SECURITY UPDATE: symlink attack via incorrect pid dir permissions
     - debian/postfix.postinst: create pid dir with appropriate permissions.
     - CVE-2009-2939
Files: 
 f214cde47d490fc2c800520e75936b67 1538 mail extra postfix_2.2.10-1ubuntu0.3.dsc
 e6f700cb0c5641a9812c8da60bf34158 157955 mail extra postfix_2.2.10-1ubuntu0.3.diff.gz

More information about the dapper-changes mailing list