[ubuntu/noble-proposed] exim4 4.97-3ubuntu1 (Accepted)

Bryce Harrington bryce at canonical.com
Sat Jan 6 14:28:10 UTC 2024 

exim4 (4.97-3ubuntu1) noble; urgency=medium

  * Merge with Debian unstable (LP: #2040379). Remaining changes:
    - Show Ubuntu distribution in SMTP banner
      + d/p/fix_smtp_banner.patch: Show Ubuntu distribution
        in SMTP banner.
      + d/control: Build-Depends on lsb-release to detect Distribution.
     - Disable external SPF support to avoid Build-Depends on libspf2-dev
       (only available in universe). SPF can still be implemented via
       spf-tools-perl, as documented in exim4.conf.template. This reverts
       Vcs-Git commit 494f1fe, first released in 4.95~RC0-1.
       (LP #1952738)
       + d/control: drop Build-Depends on libspf2-dev.
       + d/EDITME.exim4-heavy.diff: disable support for libspf2.
       + d/d/c/a/30_exim4-config_check_rcpt: restore SPF logic based
         on spfquery.mail-spf-perl from spf-tools-perl, but without
         the previously supported helo detection.
  * Dropped:
    - information disclosure
      + d/p/CVE-2023-42114.patch: fix possible OOB read in
        SPA authenticator
      [Included in 4.97~RC1-2]
    - remote code execution
      + d/p/CVE-2023-42115.patch: fix possible OOB write in
        external authenticator
      [Included in 4.97~RC1-2]
    - remote code execution
      + d/p/CVE-2023-42116.patch: fix possible OOB write in
        SPA authenticator
      [Included in 4.97~RC1-2]
    - d/p/CVE-2023-42114_15_16.patch:
      + use uschar more in spa authenticator
      [Included in 4.97~RC1-2]
    - remote code execution
      + d/p/CVE-2023-42117.patch: fixed string_is_ip_address()
        in string.c
    - information disclosure
      + d/p/CVE-2023-42119.patch: hardened dnsdb.c against
        crafted DNS responses.
      [Included in upstream release 4.97]

Date: Wed, 03 Jan 2024 12:58:30 -0800
Changed-By: Bryce Harrington <bryce at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/exim4/4.97-3ubuntu1
-------------- next part --------------
Format: 1.8
Date: Wed, 03 Jan 2024 12:58:30 -0800
Source: exim4
Built-For-Profiles: noudeb
Architecture: source
Version: 4.97-3ubuntu1
Distribution: noble
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Bryce Harrington <bryce at canonical.com>
Launchpad-Bugs-Fixed: 2040379
Changes:
 exim4 (4.97-3ubuntu1) noble; urgency=medium
 .
   * Merge with Debian unstable (LP: #2040379). Remaining changes:
     - Show Ubuntu distribution in SMTP banner
       + d/p/fix_smtp_banner.patch: Show Ubuntu distribution
         in SMTP banner.
       + d/control: Build-Depends on lsb-release to detect Distribution.
      - Disable external SPF support to avoid Build-Depends on libspf2-dev
        (only available in universe). SPF can still be implemented via
        spf-tools-perl, as documented in exim4.conf.template. This reverts
        Vcs-Git commit 494f1fe, first released in 4.95~RC0-1.
        (LP #1952738)
        + d/control: drop Build-Depends on libspf2-dev.
        + d/EDITME.exim4-heavy.diff: disable support for libspf2.
        + d/d/c/a/30_exim4-config_check_rcpt: restore SPF logic based
          on spfquery.mail-spf-perl from spf-tools-perl, but without
          the previously supported helo detection.
   * Dropped:
     - information disclosure
       + d/p/CVE-2023-42114.patch: fix possible OOB read in
         SPA authenticator
       [Included in 4.97~RC1-2]
     - remote code execution
       + d/p/CVE-2023-42115.patch: fix possible OOB write in
         external authenticator
       [Included in 4.97~RC1-2]
     - remote code execution
       + d/p/CVE-2023-42116.patch: fix possible OOB write in
         SPA authenticator
       [Included in 4.97~RC1-2]
     - d/p/CVE-2023-42114_15_16.patch:
       + use uschar more in spa authenticator
       [Included in 4.97~RC1-2]
     - remote code execution
       + d/p/CVE-2023-42117.patch: fixed string_is_ip_address()
         in string.c
     - information disclosure
       + d/p/CVE-2023-42119.patch: hardened dnsdb.c against
         crafted DNS responses.
       [Included in upstream release 4.97]
Checksums-Sha1:
 fe8f80e5c7109e419c6f91643abad77027ffacf3 2783 exim4_4.97-3ubuntu1.dsc
 6af4c20a5af9448c08413597ea31807585ebd499 1909536 exim4_4.97.orig.tar.xz
 c49b443ebc84e21837c092984d940bbbcc768094 479524 exim4_4.97-3ubuntu1.debian.tar.xz
 8e60aa2e193fc883816846970d09a758705111d3 9116 exim4_4.97-3ubuntu1_source.buildinfo
Checksums-Sha256:
 4c890c7bc50eeee921eb87d605d7de2537c6999e785a1c3c0d0a23489c044e7a 2783 exim4_4.97-3ubuntu1.dsc
 428150e67c494fa14fe5195d81b972c1b23e651ee4f9f2ff1788250266d31e9c 1909536 exim4_4.97.orig.tar.xz
 b0f4d36380262b650917123b08ca79ea9c94d74cc8cf5dcacab169c477618563 479524 exim4_4.97-3ubuntu1.debian.tar.xz
 43ace232aea3e37b1830d353ef1be6acf5d1f900ba2a95e3d9f5501b748633cb 9116 exim4_4.97-3ubuntu1_source.buildinfo
Files:
 1ce7327d0ed1f2c12b5ffd0703ec3aa0 2783 mail standard exim4_4.97-3ubuntu1.dsc
 dba384773ac0b7423927051bf3a6dad8 1909536 mail standard exim4_4.97.orig.tar.xz
 7265c9db9b87e08281932c4191a50f33 479524 mail standard exim4_4.97-3ubuntu1.debian.tar.xz
 5ced0452fbe276da245089ea5299ad52 9116 mail standard exim4_4.97-3ubuntu1_source.buildinfo
Original-Maintainer: Exim4 Maintainers <pkg-exim4-maintainers at lists.alioth.debian.org>
Vcs-Git: https://git.launchpad.net/~bryce/ubuntu/+source/exim4
Vcs-Git-Commit: 8495161f9927c1af9c2b75353592baa167213ddb
Vcs-Git-Ref: refs/heads/merge-v4.97-3-noble

More information about the noble-changes mailing list