[ubuntu/hardy-security] postfix_2.5.1-2ubuntu1.3_lpia_translations.tar.gz, postfix, postfix_2.5.1-2ubuntu1.3_i386_translations.tar.gz, postfix_2.5.1-2ubuntu1.3_powerpc_translations.tar.gz, postfix_2.5.1-2ubuntu1.3_amd64_translations.tar.gz, postfix_2.5.1-2ubuntu1.3_sparc_translations.tar.gz (delayed), postfix_2.5.1-2ubuntu1.3_ia64_translations.tar.gz, postfix_2.5.1-2ubuntu1.3_hppa_translations.tar.gz 2.5.1-2ubuntu1.3 (Accepted)

Ubuntu Installer archive at ubuntu.com
Mon Apr 18 15:04:16 UTC 2011


postfix (2.5.1-2ubuntu1.3) hardy-security; urgency=low

  * SECURITY UPDATE: man-in-the-middle via plaintext command injection
    - src/smtp/smtp_proto.c, src/smtpd/smtpd.c: discard the contents of the
      stream buffer so there is no pending plaintext.
    - Origin: backported from postfix-2.5-patch12.gz
    - CVE-2011-0411
  * SECURITY UPDATE: symlink attack via incorrect pid dir permissions
    - debian/postfix.postinst: create pid dir with appropriate permissions.
    - CVE-2009-2939

Date: Fri, 15 Apr 2011 10:39:15 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/postfix/2.5.1-2ubuntu1.3
-------------- next part --------------
Format: 1.7
Date: Fri, 15 Apr 2011 10:39:15 -0400
Source: postfix
Binary: postfix postfix-ldap postfix-cdb postfix-pcre postfix-mysql postfix-pgsql postfix-dev postfix-doc
Architecture: source
Version: 2.5.1-2ubuntu1.3
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 postfix    - High-performance mail transport agent
 postfix-cdb - CDB map support for Postfix
 postfix-dev - Loadable modules development environment for Postfix
 postfix-doc - Documentation for Postfix
 postfix-ldap - LDAP map support for Postfix
 postfix-mysql - MYSQL map support for Postfix
 postfix-pcre - PCRE map support for Postfix
 postfix-pgsql - PGSQL map support for Postfix
Changes: 
 postfix (2.5.1-2ubuntu1.3) hardy-security; urgency=low
 .
   * SECURITY UPDATE: man-in-the-middle via plaintext command injection
     - src/smtp/smtp_proto.c, src/smtpd/smtpd.c: discard the contents of the
       stream buffer so there is no pending plaintext.
     - Origin: backported from postfix-2.5-patch12.gz
     - CVE-2011-0411
   * SECURITY UPDATE: symlink attack via incorrect pid dir permissions
     - debian/postfix.postinst: create pid dir with appropriate permissions.
     - CVE-2009-2939
Files: 
 0d4a9a8c331a0d47c8cffbc7ea74ba40 1756 mail extra postfix_2.5.1-2ubuntu1.3.dsc
 60e69e882f4906df532516bf2055ee12 219997 mail extra postfix_2.5.1-2ubuntu1.3.diff.gz
Original-Maintainer: LaMont Jones <lamont at debian.org>


More information about the Hardy-changes mailing list