[ubuntu/dapper-security] postfix, postfix (delayed) 2.2.10-1ubuntu0.3 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Mon Apr 18 15:04:37 UTC 2011
postfix (2.2.10-1ubuntu0.3) dapper-security; urgency=low
* SECURITY UPDATE: man-in-the-middle via plaintext command injection
- debian/patches/CVE-2011-0411.dpatch: Discard the contents of the
stream buffer so there is no pending plaintext in
src/smtp/smtp_proto.c, src/smtpd/smtpd.c. Backport vstream_fpurge()
in src/util/vstream.*.
- CVE-2011-0411
* SECURITY UPDATE: symlink attack via incorrect pid dir permissions
- debian/postfix.postinst: create pid dir with appropriate permissions.
- CVE-2009-2939
Date: Fri, 15 Apr 2011 10:55:16 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: LaMont Jones <lamont at debian.org>
https://launchpad.net/ubuntu/dapper/+source/postfix/2.2.10-1ubuntu0.3
-------------- next part --------------
Format: 1.7
Date: Fri, 15 Apr 2011 10:55:16 -0400
Source: postfix
Binary: postfix-doc postfix-pgsql postfix-ldap postfix-dev postfix-pcre postfix postfix-mysql
Architecture: source
Version: 2.2.10-1ubuntu0.3
Distribution: dapper-security
Urgency: low
Maintainer: LaMont Jones <lamont at debian.org>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
postfix - A high-performance mail transport agent
postfix-dev - Postfix loadable modules development environment
postfix-doc - Postfix documentation
postfix-ldap - LDAP map support for Postfix
postfix-mysql - MYSQL map support for Postfix
postfix-pcre - PCRE map support for Postfix
postfix-pgsql - PGSQL map support for Postfix
Changes:
postfix (2.2.10-1ubuntu0.3) dapper-security; urgency=low
.
* SECURITY UPDATE: man-in-the-middle via plaintext command injection
- debian/patches/CVE-2011-0411.dpatch: Discard the contents of the
stream buffer so there is no pending plaintext in
src/smtp/smtp_proto.c, src/smtpd/smtpd.c. Backport vstream_fpurge()
in src/util/vstream.*.
- CVE-2011-0411
* SECURITY UPDATE: symlink attack via incorrect pid dir permissions
- debian/postfix.postinst: create pid dir with appropriate permissions.
- CVE-2009-2939
Files:
f214cde47d490fc2c800520e75936b67 1538 mail extra postfix_2.2.10-1ubuntu0.3.dsc
e6f700cb0c5641a9812c8da60bf34158 157955 mail extra postfix_2.2.10-1ubuntu0.3.diff.gz
More information about the dapper-changes
mailing list