[ubuntu/wily-updates] exim4 4.86-3ubuntu1.1 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Tue Mar 15 12:58:31 UTC 2016


exim4 (4.86-3ubuntu1.1) wily-security; urgency=medium

  * SECURITY UPDATE: privilege escalation when used with perl_startup
    - debian/patches/CVE-2016-1531.patch: add new add_environment and
      keep_environment configuration options. 
    - debian/patches/CVE-2016-1531-2.patch: don't issue env warning if env
      is empty.
    - debian/patches/CVE-2016-1531-3.patch: store the initial working
      directory, expand $initial_cwd.
    - debian/patches/CVE-2016-1531-4.patch: delay chdir(/) until we opened
      the main config.
    - Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the
      new options. Set "keep_environment =" by default to avoid a runtime
      warning.
    - Bump exim4-config Breaks to exim4-daemon-* (<< 4.86-3ubuntu1.1).
    - debian/exim4-config.NEWS: Add entry to warn of potential breakage.
    - CVE-2016-1531
  * WARNING: This update may break existing installations.

Date: 2016-03-14 18:17:13.308948+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/exim4/4.86-3ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Wily-changes mailing list