-
exim4 (4.95-4ubuntu2.5) jammy-security; urgency=medium
* SECURITY UPDATE: SMTP smuggling
- debian/patches/CVE-2023-51766-1.patch: Reject "dot, LF" as
ending data phase in src/receive.c, src/smtp_in.c.
- debian/patches/CVE-2023-51766-2.patch: use enum for body data
input state-machine in src/receive.c.
- debian/patches/CVE-2023-51766-3.patch: fix in src/receive.c.
- CVE-2023-51766
-- Leonidas Da Silva Barbosa <email address hidden> Thu, 11 Jan 2024 10:16:58 -0300
-
exim4 (4.95-4ubuntu2.4) jammy-security; urgency=medium
* SECURITY UPDATE: remote code execution
- debian/patches/CVE-2023-42117.patch: fixed string_is_ip_address()
in string.c
- CVE-2023-42117
* SECURITY UPDATE: information disclosure
- debian/patches/CVE-2023-42119.patch: hardened dnsdb.c against
crafted DNS responses.
- CVE-2023-42119
-- Allen Huang <email address hidden> Wed, 25 Oct 2023 01:36:57 +0100
-
exim4 (4.95-4ubuntu2.3) jammy-security; urgency=medium
* SECURITY UPDATE: information disclosure
- debian/patches/CVE-2023-42114.patch: fix possible OOB read in
SPA authenticator
- CVE-2023-42114
* SECURITY UPDATE: remote code execution
- debian/patches/CVE-2023-42115.patch: fix possible OOB write in
external authenticator
- CVE-2023-42115
* SECURITY UPDATE: remote code execution
- debian/patches/CVE-2023-42116.patch: fix possible OOB write in
SPA authenticator
- CVE-2023-42116
* debian/patches/CVE-2023-42114_15_16.patch:
- use uschar more in spa authenticator
-- Allen Huang <email address hidden> Mon, 02 Oct 2023 17:10:42 +0100
-
exim4 (4.95-4ubuntu2.2) jammy-security; urgency=medium
* SECURITY UPDATE: use after free in regex handler
- debian/patches/CVE-2022-3559-1.patch: properly clear references in
src/exim.c, src/expand.c, src/functions.h, src/globals.c,
src/regex.c, src/smtp_in.c.
- debian/patches/CVE-2022-3559-2.patch: fix non-WITH_CONTENT_SCAN build
in src/exim.c, src/regex.c.
- debian/patches/CVE-2022-3559-3.patch: fix non-WITH_CONTENT_SCAN build
in src/exim.c, src/functions.h, src/globals.h, src/regex.c,
src/smtp_in.c.
- debian/patches/CVE-2022-3559-4.patch: fix non-WITH_CONTENT_SCAN build
in src/expand.c.
- CVE-2022-3559
-- Marc Deslauriers <email address hidden> Wed, 23 Nov 2022 10:53:26 -0500
-
exim4 (4.95-4ubuntu2.1) jammy; urgency=medium
* d/p/lp1974214-segfault-smtp-delivery-0{1,2}.patch: Fix segfault when
there's an SMTP delivery attempt following a deferral. (LP: #1974214)
-- Sergio Durigan Junior <email address hidden> Fri, 03 Jun 2022 17:51:15 -0400
-
exim4 (4.95-4ubuntu2) jammy; urgency=medium
* d/p/lp1966923-exiqgrep-syntax-error.patch: Fix exiqgrep syntax error,
improve the validation of command-line options and add a new -E option
to allow specifying a binary to be used. (LP: #1966923)
-- Sergio Durigan Junior <email address hidden> Wed, 30 Mar 2022 16:45:24 -0400
-
exim4 (4.95-4ubuntu1) jammy; urgency=medium
* Merge with Debian unstable. Remaining changes:
- Show Ubuntu distribution in SMTP banner
+ d/p/fix_smtp_banner.patch: Show Ubuntu distribution
in SMTP banner.
+ Build-Depends on lsb-release to detect Distribution.
- Disable external SPF support to avoid Build-Depends on libspf2-dev
(only available in universe). SPF can still be implemented via
spf-tools-perl, as documented in exim4.conf.template. (LP #1952738)
This reverts Vcs-Git commit 494f1fe, first released in 4.95~RC0-1.
Changes:
+ d/control: drop Build-Depends on libspf2-dev.
+ d/d/c/a/30_exim4-config_check_rcpt: restore SPF logic based
on spfquery.mail-spf-perl from spf-tools-perl.
+ d/EDITME.exim4-heavy.diff: disable support for libspf2.
-- Utkarsh Gupta <email address hidden> Fri, 25 Feb 2022 01:47:15 +0530
-
exim4 (4.95-2ubuntu3) jammy; urgency=medium
* No-change rebuild for the perl update.
-- Matthias Klose <email address hidden> Sun, 06 Feb 2022 14:52:48 +0100
-
exim4 (4.95-2ubuntu2) jammy; urgency=medium
* New delta:
- Disable external SPF support to avoid Build-Depends on libspf2-dev
(only available in universe). SPF can still be implemented via
spf-tools-perl, as documented in exim4.conf.template. (LP: #1952738)
This reverts Vcs-Git commit 494f1fe, first released in 4.95~RC0-1.
Changes:
+ d/control: drop Build-Depends on libspf2-dev.
+ d/d/c/a/30_exim4-config_check_rcpt: restore SPF logic based
on spfquery.mail-spf-perl from spf-tools-perl.
+ d/EDITME.exim4-heavy.diff: disable support for libspf2.
-- Paride Legovini <email address hidden> Wed, 01 Dec 2021 11:48:10 +0100
-
exim4 (4.95-2ubuntu1) jammy; urgency=medium
* Merge with Debian unstable (LP: #1946857). Remaining changes:
- Show Ubuntu distribution in SMTP banner
+ d/p/fix_smtp_banner.patch: Show Ubuntu distribution in SMTP banner.
+ Build-Depends on lsb-release to detect Distribution.
-- Lena Voytek <email address hidden> Tue, 09 Nov 2021 10:10:14 -0700
-
exim4 (4.94.2-7ubuntu3) jammy; urgency=medium
* No-change rebuild against libidn12
-- Steve Langasek <email address hidden> Sun, 07 Nov 2021 05:31:31 +0000
-
exim4 (4.94.2-7ubuntu2) impish; urgency=medium
* Merge with Debian unstable. Remaining changes:
- Show Ubuntu distribution in SMTP banner
+ d/p/fix_smtp_banner.patch: Show Ubuntu distribution in SMTP banner.
+ Build-Depends on lsb-release to detect Distribution.
-- Miriam Espana Acebal <email address hidden> Thu, 15 Jul 2021 13:23:50 +0200