[ubuntu/impish-proposed] exim4 4.94.2-2ubuntu1 (Accepted)
Utkarsh Gupta
utkarsh.gupta at canonical.com
Mon May 17 11:17:12 UTC 2021
exim4 (4.94.2-2ubuntu1) impish; urgency=medium
* Merge with Debian unstable. Remaining changes:
- Show Ubuntu distribution in SMTP banner
+ d/p/fix_smtp_banner.patch: Show Ubuntu distribution in SMTP banner.
+ Build-Depends on lsb-release to detect Distribution.
* Dropped changes:
- debian/patches/sec-202105/*.patch: backport patches from upstream to
correct issues.
[Included in 4.94.2-1]
exim4 (4.94.2-2) unstable; urgency=medium
* Updates from exim-4.94.2+fixes:
+ 73_01-Fix-DANE-SNI-handling-Bug-2265.patch (from +fixes).
Fix broken SNI/DANE handling.
+ 73_02-Fix-ipv6norm.patch: Fix ${ip6norm:} operator. Previously, any
trailing line text was dropped, making it unusable in complex
expressions.
+ 75_27_open_logs_2744.patch Partial fix for nullpointer dereference with
logging to syslog. See 988086.
exim4 (4.94.2-1) unstable; urgency=high
* New upstream security release.
+ Release based on +fixes branch, drop 74_*diff.
+ Unfuzz 75_04-acl.patch.
+ Merge in upstream configuration change rejecting all RCPT commands after
too many (more than five out of the initial ten) bad recipients. Can be
disabled by setting CHECK_RCPT_NO_FAIL_TOO_MANY_BAD_RCPT.
+ Fixes multiple security vulnerabilities reported by Qualys and adds
related robustness improvements. (Special thanks to Heiko)
CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
CVE-2020-28007: Link attack in Exim's log directory
CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
CVE-2020-28012: Missing close-on-exec flag for privileged pipe
CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
CVE-2020-28009: Integer overflow in get_stdinput()
CVE-2020-28015, CVE-28021: New-line injection into spool header file
CVE-2020-28026: Line truncation and injection in spool_read_header()
CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
CVE-2020-28017: Integer overflow in receive_add_recipient()
CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
CVE-2020-28011: Heap buffer overflow in queue_run()
CVE-2020-28010: Heap out-of-bounds write in main()
CVE-2020-28018: Use-after-free in tls-openssl.c
CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
CVE-2020-28014, CVE-2021-27216: PID file handling
CVE-2020-28008: Assorted attacks in Exim's spool directory
CVE-2020-28019: Failure to reset function pointer after BDAT error
* Update debian/upstream/signing-key.asc from
<https://downloads.exim.org/Exim-Maintainers-Keyring.asc>.
exim4 (4.94-19) unstable; urgency=medium
* Further updates from heiko/exim-4.94+fixes+taintwarn:
+ 75_24-Silence-the-compiler.patch
+ 75_26-Disable-taintchecks-for-mkdir-this-isn-t-part-of-4.9.patch
* Upload to unstable.
exim4 (4.94-18) experimental; urgency=medium
* Pull patches to temporarily add an option to turn taint errors into
warnings. (See #987133)
+ 75_01-Introduce-main-config-option-allow_insecure_tainted_.patch
+ 75_02-search.patch
+ 75_03-dbstuff.patch
+ 75_04-acl.patch
+ 75_05-parse.patch
+ 75_06-rda.patch
+ 75_07-appendfile.patch
+ 75_08-autoreply.patch
+ 75_09-pipe.patch
+ 75_10-deliver.patch
+ 75_11-directory.patch
+ 75_12-expand.patch
+ 75_13-lf_sqlperform.patch
+ 75_14-rf_get_transport.patch
+ 75_15-deliver.patch
+ 75_16-smtp_out.patch
+ 75_17-smtp.patch
+ 75_18-update-doc.patch
+ 75_20-Set-mainlog_name-and-rejectlog_name-unconditionally.patch
+ 75_21-tidy-log.c.patch
+ 75_22-Silence-compiler.patch
+ 75_23-Do-not-close-the-main-_log-if-we-do-not-see-a-chance.patch
* Update NEWS.Debian to describe the feature.
exim4 (4.94-17) unstable; urgency=medium
* Let exim4-config Recommend ca-certificates, needed for certificate
verification.
exim4 (4.94-16) unstable; urgency=medium
* README.Debian: Fix typo "tls_verify_certificate" instead of
"tls_verify_certificates".
* General doc improvements in this area. (Thanks, Jö Fahlke) Closes: #985244
* Intensify upgrade warning in NEWS file.
* Enforce certificate verification against the system trust store in the
remote SMTP transport by default by setting
REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = *. Closes: #985344
* Update from exim-4.94+fixes:
+ 74_56-Fix-FreeBSD-13-build.patch
+ 74_57-Fix-weight-calculation-for-spamd_address.-Bug-2694.patch
+ 74_58-Fix-weight-calculation-for-socks_proxy.-Bug-2694.patch
+ 74_59-Fix-build-for-platforms-not-having-ulong.patch
+ 74_60-Fix-list-expansion-for-various-domainlists-having-in.patch
+ 74_61-Bulid-fix-DISABLE_PIPE_CONNECT-build.-Bug-2703.patch
+ 74_62-Docs-fix-description-of-hosts_try_dane.-Bug-2704.patch
Date: Tue, 11 May 2021 18:25:10 +0530
Changed-By: Utkarsh Gupta <utkarsh.gupta at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Robie Basak <robie.basak at canonical.com>
https://launchpad.net/ubuntu/+source/exim4/4.94.2-2ubuntu1
-------------- next part --------------
Format: 1.8
Date: Tue, 11 May 2021 18:25:10 +0530
Source: exim4
Binary: exim4-base exim4-config exim4-daemon-light exim4 exim4-daemon-heavy eximon4 exim4-dev
Architecture: source
Version: 4.94.2-2ubuntu1
Distribution: impish
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Utkarsh Gupta <utkarsh.gupta at canonical.com>
Description:
exim4 - metapackage to ease Exim MTA (v4) installation
exim4-base - support files for all Exim MTA (v4) packages
exim4-config - configuration for the Exim MTA (v4)
exim4-daemon-heavy - Exim MTA (v4) daemon with extended features, including exiscan-ac
exim4-daemon-light - lightweight Exim MTA (v4) daemon
exim4-dev - header files for the Exim MTA (v4) packages
eximon4 - monitor application for the Exim MTA (v4) (X11 interface)
Closes: 985244 985344
Changes:
exim4 (4.94.2-2ubuntu1) impish; urgency=medium
.
* Merge with Debian unstable. Remaining changes:
- Show Ubuntu distribution in SMTP banner
+ d/p/fix_smtp_banner.patch: Show Ubuntu distribution in SMTP banner.
+ Build-Depends on lsb-release to detect Distribution.
* Dropped changes:
- debian/patches/sec-202105/*.patch: backport patches from upstream to
correct issues.
[Included in 4.94.2-1]
.
exim4 (4.94.2-2) unstable; urgency=medium
.
* Updates from exim-4.94.2+fixes:
+ 73_01-Fix-DANE-SNI-handling-Bug-2265.patch (from +fixes).
Fix broken SNI/DANE handling.
+ 73_02-Fix-ipv6norm.patch: Fix ${ip6norm:} operator. Previously, any
trailing line text was dropped, making it unusable in complex
expressions.
+ 75_27_open_logs_2744.patch Partial fix for nullpointer dereference with
logging to syslog. See 988086.
.
exim4 (4.94.2-1) unstable; urgency=high
.
* New upstream security release.
+ Release based on +fixes branch, drop 74_*diff.
+ Unfuzz 75_04-acl.patch.
+ Merge in upstream configuration change rejecting all RCPT commands after
too many (more than five out of the initial ten) bad recipients. Can be
disabled by setting CHECK_RCPT_NO_FAIL_TOO_MANY_BAD_RCPT.
+ Fixes multiple security vulnerabilities reported by Qualys and adds
related robustness improvements. (Special thanks to Heiko)
CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
CVE-2020-28007: Link attack in Exim's log directory
CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
CVE-2020-28012: Missing close-on-exec flag for privileged pipe
CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
CVE-2020-28009: Integer overflow in get_stdinput()
CVE-2020-28015, CVE-28021: New-line injection into spool header file
CVE-2020-28026: Line truncation and injection in spool_read_header()
CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
CVE-2020-28017: Integer overflow in receive_add_recipient()
CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
CVE-2020-28011: Heap buffer overflow in queue_run()
CVE-2020-28010: Heap out-of-bounds write in main()
CVE-2020-28018: Use-after-free in tls-openssl.c
CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
CVE-2020-28014, CVE-2021-27216: PID file handling
CVE-2020-28008: Assorted attacks in Exim's spool directory
CVE-2020-28019: Failure to reset function pointer after BDAT error
* Update debian/upstream/signing-key.asc from
<https://downloads.exim.org/Exim-Maintainers-Keyring.asc>.
.
exim4 (4.94-19) unstable; urgency=medium
.
* Further updates from heiko/exim-4.94+fixes+taintwarn:
+ 75_24-Silence-the-compiler.patch
+ 75_26-Disable-taintchecks-for-mkdir-this-isn-t-part-of-4.9.patch
* Upload to unstable.
.
exim4 (4.94-18) experimental; urgency=medium
.
* Pull patches to temporarily add an option to turn taint errors into
warnings. (See #987133)
+ 75_01-Introduce-main-config-option-allow_insecure_tainted_.patch
+ 75_02-search.patch
+ 75_03-dbstuff.patch
+ 75_04-acl.patch
+ 75_05-parse.patch
+ 75_06-rda.patch
+ 75_07-appendfile.patch
+ 75_08-autoreply.patch
+ 75_09-pipe.patch
+ 75_10-deliver.patch
+ 75_11-directory.patch
+ 75_12-expand.patch
+ 75_13-lf_sqlperform.patch
+ 75_14-rf_get_transport.patch
+ 75_15-deliver.patch
+ 75_16-smtp_out.patch
+ 75_17-smtp.patch
+ 75_18-update-doc.patch
+ 75_20-Set-mainlog_name-and-rejectlog_name-unconditionally.patch
+ 75_21-tidy-log.c.patch
+ 75_22-Silence-compiler.patch
+ 75_23-Do-not-close-the-main-_log-if-we-do-not-see-a-chance.patch
* Update NEWS.Debian to describe the feature.
.
exim4 (4.94-17) unstable; urgency=medium
.
* Let exim4-config Recommend ca-certificates, needed for certificate
verification.
.
exim4 (4.94-16) unstable; urgency=medium
.
* README.Debian: Fix typo "tls_verify_certificate" instead of
"tls_verify_certificates".
* General doc improvements in this area. (Thanks, Jö Fahlke) Closes: #985244
* Intensify upgrade warning in NEWS file.
* Enforce certificate verification against the system trust store in the
remote SMTP transport by default by setting
REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = *. Closes: #985344
* Update from exim-4.94+fixes:
+ 74_56-Fix-FreeBSD-13-build.patch
+ 74_57-Fix-weight-calculation-for-spamd_address.-Bug-2694.patch
+ 74_58-Fix-weight-calculation-for-socks_proxy.-Bug-2694.patch
+ 74_59-Fix-build-for-platforms-not-having-ulong.patch
+ 74_60-Fix-list-expansion-for-various-domainlists-having-in.patch
+ 74_61-Bulid-fix-DISABLE_PIPE_CONNECT-build.-Bug-2703.patch
+ 74_62-Docs-fix-description-of-hosts_try_dane.-Bug-2704.patch
Checksums-Sha1:
818d1146ff089f380c347f1fd51ead1bdcb825fb 2714 exim4_4.94.2-2ubuntu1.dsc
4854541833583d82c6e667d3dde566d41162eec3 1838076 exim4_4.94.2.orig.tar.xz
1d9259854ccb4b57bcffd708d33d6c9327165c38 484596 exim4_4.94.2-2ubuntu1.debian.tar.xz
Checksums-Sha256:
979f4b77886e9bdb87c84f2565ad07ecdc9e9d88caa73e3964037389978c74d9 2714 exim4_4.94.2-2ubuntu1.dsc
051861fc89f06205162f12129fb7ebfe473383bb6194bf8642952bfd50329274 1838076 exim4_4.94.2.orig.tar.xz
0f7d0476f3909cc9d629ee6ff044ac8a6c295f86cce9fc051450656da0ed05cf 484596 exim4_4.94.2-2ubuntu1.debian.tar.xz
Files:
d41f0a43f13b09e6a7d56b563bf04d2b 2714 mail standard exim4_4.94.2-2ubuntu1.dsc
4fbf1ebb36f0f43bb94ed0848eb13256 1838076 mail standard exim4_4.94.2.orig.tar.xz
bfcefd8827170d63b294fde4155b27c1 484596 mail standard exim4_4.94.2-2ubuntu1.debian.tar.xz
Original-Maintainer: Exim4 Maintainers <pkg-exim4-maintainers at lists.alioth.debian.org>
More information about the impish-changes
mailing list