Received: (at 579-done) by bugs.devuan.org; 10 May 2021 17:40:04 +0000 Return-Path: <[email protected]> Delivered-To: [email protected] Received: from tupac3.dyne.org [195.169.149.119] by doc.devuan.org with IMAP (fetchmail-6.4.0.beta4) for <debbugs@localhost> (single-drop); Mon, 10 May 2021 17:40:04 +0000 (UTC) Received: from mx.hindley.org.uk (193-36-131-86.cfwn.uk [193.36.131.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by vm6.ganeti.dyne.org (Postfix) with ESMTPS id 8AEFBF609FF for <[email protected]>; Mon, 10 May 2021 19:31:18 +0200 (CEST) Received: from apollo.hindleynet ([192.168.1.3] helo=hindley.org.uk) by mx.hindley.org.uk with smtp (Exim 4.84_2) (envelope-from <[email protected]>) id 1lg9kT-0006ig-Lb for [email protected]; Mon, 10 May 2021 18:31:17 +0100 Received: (nullmailer pid 11203 invoked by uid 1000); Mon, 10 May 2021 17:31:17 -0000 Date: Mon, 10 May 2021 18:31:17 +0100 From: Mark Hindley <[email protected]> To: [email protected] Subject: Re: bug#579: Security: Please update exim on beowulf Message-ID: <[email protected]> References: <[email protected]> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <[email protected]> X-Debbugs-No-Ack: No Thanks X-Spam-Status: No, score=0.4 required=5.0 tests=RDNS_DYNAMIC,SPF_PASS autolearn=disabled version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tupac3.dyne.org On Sun, May 09, 2021 at 09:59:55AM +0200, Klaus Ethgen wrote: > Package: exim4 > Version: 4.92-8+deb10u5 > Severity: critical > Tags: security > > Please update exim4 to 4.92-8+deb10u6 on beowulf as already in debian. Bad amprolla merge is now fixed (thanks rrq) and the updated exim4 packages are available in the archive. Closing. Mark
Klaus Ethgen <[email protected]>:Mark Hindley <[email protected]>:Mark Hindley <[email protected]>
to [email protected].
Full text available.Mark Hindley <[email protected]>
to [email protected].
Full text available.Received: (at 579) by bugs.devuan.org; 10 May 2021 17:30:03 +0000 Return-Path: <[email protected]> Delivered-To: [email protected] Received: from tupac3.dyne.org [195.169.149.119] by doc.devuan.org with IMAP (fetchmail-6.4.0.beta4) for <debbugs@localhost> (single-drop); Mon, 10 May 2021 17:30:03 +0000 (UTC) Received: from mx.hindley.org.uk (193-36-131-86.cfwn.uk [193.36.131.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by vm6.ganeti.dyne.org (Postfix) with ESMTPS id 9E3A2F60932 for <[email protected]>; Mon, 10 May 2021 19:16:09 +0200 (CEST) Received: from apollo.hindleynet ([192.168.1.3] helo=hindley.org.uk) by mx.hindley.org.uk with smtp (Exim 4.84_2) (envelope-from <[email protected]>) id 1lg9Vn-0006dZ-Hl; Mon, 10 May 2021 18:16:07 +0100 Received: (nullmailer pid 10713 invoked by uid 1000); Mon, 10 May 2021 17:16:07 -0000 Date: Mon, 10 May 2021 18:16:06 +0100 From: Mark Hindley <[email protected]> To: Klaus Ethgen <[email protected]>, [email protected] Subject: Re: bug#579: Security: Please update exim on beowulf Message-ID: <[email protected]> References: <[email protected]> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <[email protected]> X-Debbugs-No-Ack: No Thanks X-Spam-Status: No, score=0.4 required=5.0 tests=RDNS_DYNAMIC,SPF_PASS autolearn=disabled version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tupac3.dyne.org Control: reassign -1 amprolla This is an amprolla issue. Reassigning. Mark
[email protected], [email protected]:bug#579; Package exim4.
Full text available.Received: (at submit) by bugs.devuan.org; 9 May 2021 08:10:03 +0000 Return-Path: <[email protected]> Delivered-To: [email protected] Received: from tupac3.dyne.org [195.169.149.119] by doc.devuan.org with IMAP (fetchmail-6.4.0.beta4) for <debbugs@localhost> (single-drop); Sun, 09 May 2021 08:10:03 +0000 (UTC) Received: from tschil.ethgen.ch (tschil.ethgen.ch [5.9.7.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by vm6.ganeti.dyne.org (Postfix) with ESMTPS id 3F01AF6089B for <[email protected]>; Sun, 9 May 2021 10:00:00 +0200 (CEST) Authentication-Results: vm6.ganeti.dyne.org; dkim=pass (4096-bit key; unprotected) header.d=ethgen.de [email protected] header.b="jYvDYZtF"; dkim-atps=neutral DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ethgen.de; s=mail; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date:Sender: Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=ud5duopMPRwgsqoiPACAAEPA0rI88WfSr044atcI2VU=; b=jYvDYZtFY3NOzN5nL7vVCGxAOP ViocDFZy0TFedKw40yxdRDBZUHYG2x8Fw4qwtR9cDZ+e4b2R22QEwnUMfZTVWXp/z+OFS7qUgT3e9 rQrYRWpkb3eIqj9MI2sRixEp9TYDXzh5pkK2SDeHEfezqxRZjVNPE5BErYGdcX6hTCE8nnDawNpFh oA31PZgAtmusACIL+hSwbwLORITI+Hy1v7m6NgBas4P/J2ZCRUxPuhTqZkViiOW5dNECmW9TBhrTo Rsaodqx9m1JJ/cl1i/k9OY3q50ptFjTcA7RLtYBiECzBnbFLJfuSYzl+t9pbOCOM3A80zkLyZ6ef0 uaUpiFeH5CLmhhG6zO9ItuR+b4oLm3Ro/W5Hin0cD7i6xrDRF8GUp4BiNScPQiaUBLXfVrouqjpZa WKTYo61XaAxuRMKPp/16plL3ZbmbumxXlPNcCmPobscz8NrfnJwMp0Ly7F1qDu+a8Yr22ieF3wXau iLmTMuHlgKu+I400zCP9JOU8ssKalaE2lSl/iA1pNGfgrW4eHr1kczeKpQ/TSxXiOovUOK/crdKuv iuYbt9bAcuy80sh8M3ND6PDQkN0We8S5dRfRiQAK6IUwzvXM2h9Jd6pCK6WF1QK19Prslktd0XTof /I82IIt/NLHI/FL7xfBuz7talPPnAH42BJp++HS28=; Received: from [192.168.17.4] (helo=ikki.ket) by tschil.ethgen.ch with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <[email protected]>) id 1lfeM0-00045i-2f; Sun, 09 May 2021 07:59:56 +0000 Received: from klaus by ikki.ket with local (Exim 4.94.2) (envelope-from <[email protected]>) id 1lfeLz-000664-Le; Sun, 09 May 2021 09:59:55 +0200 Date: Sun, 9 May 2021 09:59:55 +0200 From: Klaus Ethgen <[email protected]> To: Devuan Bug Tracking System <[email protected]> Subject: Security: Please update exim on beowulf Message-ID: <[email protected]> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="iM97bDwsOuKEyQUo" Content-Disposition: inline X-Reportbug-Version: 7.10.3+devuan1 OpenPGP: id=79D0B06F4E20AF1C; url=http://www.ethgen.ch/~klaus/79D0B06F4E20AF1C.txt; preference=signencrypt X-Spam-Status: No, score=-2.5 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_PASS autolearn=disabled version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tupac3.dyne.org --iM97bDwsOuKEyQUo Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Package: exim4 Version: 4.92-8+deb10u5 Severity: critical Tags: security Please update exim4 to 4.92-8+deb10u6 on beowulf as already in debian. Version 4.92-8+deb10u5 has several sever security bugs which are fixed in 4.92-8+deb10u6. * CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash() * CVE-2020-28018: Use-after-free in tls-openssl.c * CVE-2020-28023: Out-of-bounds read in smtp_setup_msg() * CVE-2020-28010: Heap out-of-bounds write in main() * CVE-2020-28011: Heap buffer overflow in queue_run() * CVE-2020-28013: Heap buffer overflow in parse_fix_phrase() * CVE-2020-28017: Integer overflow in receive_add_recipient() * CVE-2020-28022: Heap out-of-bounds read and write in extract_option() * CVE-2020-28026: Line truncation and injection in spool_read_header() * CVE-2020-28015 and CVE-2020-28021: New-line injection into spool header f= ile. * CVE-2020-28009: Integer overflow in get_stdinput() * CVE-2020-28024: Heap buffer underflow in smtp_ungetc() * CVE-2020-28012: Missing close-on-exec flag for privileged pipe * CVE-2020-28019: Failure to reset function pointer after BDAT error * CVE-2020-28007: Link attack in Exim's log directory * CVE-2020-28008: Assorted attacks in Exim's spool directory * CVE-2020-28014, CVE-2021-27216: Arbitrary PID file creation, clobbering, = and deletion. -- System Information: Distributor ID: Devuan Description: Devuan GNU/Linux 3 (beowulf) Codename: beowulf Architecture: x86_64 Gru=DF Klaus --=20 Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <[email protected]> Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C --iM97bDwsOuKEyQUo Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Charset: ISO-8859-1 iQGzBAABCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAmCXlnsACgkQpnwKsYAZ 9qysfgv9Fen8TH0CfI5R9ubH/AcgSNLDZ1Aa+AT3Dteyjuo+9fEokPyci1jweM6C vQvhzTd+MMfeB3jI3HAWWGR59c7UCOHAAeJ2vjCbNGJ1DGxKFhdaEC9oZ84gCwfc jnYQEayDsY6mZlH94RLBSGQUo0JyinEpzF6VaSW7gd0k28FSOLf8zte0xkn6C37X GXmkQA/APaOXHT0/X8tjzjnCLJwP++zIJLvsIXv3fRSvz8vJBWHDRTVnszhdCBNu r2/ACyXZTPn9I6FzJzxFE8Y81QDCh6UTUAKtAArFhb2h44uBI50KqQHwYRlUGTR+ AYEudR7sdWGG2BN3KLlK+TFb749PyLFW7HJjvRaPsqgjralOgozbjsBnGx9czVaj EqvKJh8YFVXE1zOOWUEPBPkyRAvrHEGDWMfYcgVYpXjXu3sZoP94GX0maOOmHuzt lYE/KXm2Vh2xe3RNJYRPXOQ4BblWe25yICn/EzBbvkdT2DLIDD8AGfP/8S7xtXcz x7ds+8k3 =IF0/ -----END PGP SIGNATURE----- --iM97bDwsOuKEyQUo--
Klaus Ethgen <[email protected]>:[email protected].
Full text available.[email protected], [email protected]:bug#579; Package exim4.
Full text available.Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.
Devuan Bugs Owner <[email protected]>.
Last modified:
Thu, 28 Nov 2024 06:39:01 UTC