-
exim4 (4.82-3ubuntu2.4) trusty-security; urgency=medium
* SECURITY UPDATE: Buffer overflow in base64d()
- debian/patches/CVE-2018-6789.patch: fix overflow in
src/auths/b64decode.c.
- CVE-2018-6789
-- Marc Deslauriers <email address hidden> Sat, 10 Feb 2018 14:19:43 -0500
-
exim4 (4.82-3ubuntu2.3) trusty-security; urgency=medium
* SECURITY UPDATE: memory leak
- debian/patches/CVE-2017-1000368.patch: free -p argument if
allocation was required.
- CVE-2017-1000368
-- Steve Beattie <email address hidden> Fri, 02 Jun 2017 22:44:35 -0700
-
exim4 (4.82-3ubuntu2.2) trusty-security; urgency=medium
* SECURITY UPDATE: DKIM information leakage
- debian/patches/CVE-2016-9963.patch: fix information leakage in
src/dkim.c, src/transports/smtp.c.
- CVE-2016-9963
-- Marc Deslauriers <email address hidden> Thu, 05 Jan 2017 08:31:06 -0500
-
exim4 (4.82-3ubuntu2.1) trusty-security; urgency=medium
* SECURITY UPDATE: privilege escalation via crafted lookup value
- debian/patches/CVE-2014-2972.patch: only expand integers for integer
math once.
- CVE-2014-2972
* SECURITY UPDATE: privilege escalation when used with perl_startup
- debian/patches/CVE-2016-1531.patch: add new add_environment and
keep_environment configuration options.
- debian/patches/CVE-2016-1531-2.patch: don't issue env warning if env
is empty.
- debian/patches/CVE-2016-1531-3.patch: store the initial working
directory, expand $initial_cwd.
- debian/patches/CVE-2016-1531-4.patch: delay chdir(/) until we opened
the main config.
- Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the
new options. Set "keep_environment =" by default to avoid a runtime
warning.
- Bump exim4-config Breaks to exim4-daemon-* (<< 4.82-3ubuntu2.1).
- debian/exim4-config.NEWS: Add entry to warn of potential breakage.
- CVE-2016-1531
* WARNING: This update may break existing installations.
-- Marc Deslauriers <email address hidden> Mon, 14 Mar 2016 12:57:00 -0400
-
exim4 (4.82-3ubuntu2) trusty; urgency=medium
* debian/tests/control: Add missing python test dependency, as
debian/tests/security calls python.
-- Martin Pitt <email address hidden> Tue, 25 Feb 2014 17:33:13 +0100
-
exim4 (4.82-3ubuntu1) trusty; urgency=low
* Merge from Debian unstable (LP: #1259620). Remaining changes:
- Show Ubuntu distribution on smtp:
+ debian/patches/fix_smtp_banner.patch: updated SMTP banner
with Ubuntu distribution
+ debian/control: added lsb-release build dependency
- Don't provide default-mta; in Ubuntu, we want postfix to be the
default.
- Build-depend on db5.3.
exim4 (4.82-3) unstable; urgency=low
* Upload to unstable.
exim4 (4.82-2) experimental; urgency=low
* Pull two post-release fixes from upstream git master:
+ 75_unbind-ldap-connection.diff - Only unbind ldap connection if bind
succeeded.
+ 77_close-the-server-side-of-TLS.diff - Correctly close the server side
of TLS when forking for delivery.
* Pull 76_fix_ldap_option_setting.diff from Todd Lyons testing tree. See
<http://mid.gmane.org/20131029200309.GA277075%40zedat.fu-berlin.de>.
exim4 (4.82-1) experimental; urgency=low
* New upstream stable release.
* Drop exim4-config_files.5 symlinks for local_host_whitelist and
local_sender_whitelist, add symlinks for host_local_deny_exceptions and
sender_local_deny_exceptions instead. Closes: #661365
exim4 (4.82~rc5-1) experimental; urgency=low
* New upstream version.
exim4 (4.82~rc3-1) experimental; urgency=low
* New upstream version.
+ TL/15 Fix exiqsumm summary for corner case. Patch provided by Richard
Hall.
+ TL/16 Bugzilla 1289 - Clarify host/ip processing when have errors
looking up a hostname or reverse DNS when processing a host list. Used
suggestions from multiple comments on this bug.
+ TL/17 Bugzilla 1057 - Multiple clamd TCP targets patch from Mark Zealey.
* Add macros for sending a client certificate on outgoing TLS connections.
(REMOTE_SMTP_TLS_CERTIFICATE/REMOTE_SMTP_PRIVATEKEY,
REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE/REMOTE_SMTP_SMARTHOST_PRIVATEKEY)
Closes: #677826
exim4 (4.82~rc2-1) experimental; urgency=low
* exim-gencert: Generate 2048bit key by default. LP: #1200581
* New upstream version.
+ Drop 80_addmanuallybuiltdocs.diff
exim4 (4.82~rc1-1) experimental; urgency=low
* New upstream version.
+ TL/02 Add +smtp_confirmation as a default logging option.
Closes: #649600
+ JH/05 Permit multiple router/transport headers_add/remove lines.
Closes: #276126
+ See /usr/share/doc/exim4-base/NewStuff.gz for other newly added
features.
* Upload to experimental.
* Drop unnecessary patches (30_dontoverridecflags.dpatch
75_openssl_sni.diff 76_tls_dh_min_bits.diff 77_docsfortls_dh_min_bits.diff
78_pkcs11_init.diff 84_CVE-2012-5671.patch 85_server_set_id_SPA.diff
86_Dovecot-robustness.diff 87_localinjected_mimeacl.diff), unfuzz patches.
* Applying upstream's default configuration updates to Debian configuration
change 30_exim4-config_examples to use tls_in_cipher/tls_out_cipher
instead of tls_out_cipher. - exim4-config therefore Breaks
exim daemon << 4.82~rc1.
* 80_addmanuallybuiltdocs.diff: Upstream rc tarball ships empty filter.txt
and spec.txt, replace these with correct handbuilt versions.
-- Yolanda Robla <email address hidden> Tue, 10 Dec 2013 17:07:20 +0000
-
exim4 (4.80-9ubuntu2) trusty; urgency=low
* Build-depend on libdb5.3-dev, instead of libdb5.1-dev.
-- Dmitrijs Ledkovs <email address hidden> Mon, 04 Nov 2013 12:14:54 +0000
-
exim4 (4.80-9ubuntu1) trusty; urgency=low
* Resynchronise with Debian. Remaining changes:
- Don't provide default-mta; in Ubuntu, we want postfix to be the
default.
- Add "Ubuntu" to SMTP banner.
exim4 (4.80-9) unstable; urgency=low
* Upload to unstable.
exim4 (4.80-8) experimental; urgency=low
* Import updated watchfile by Bart Martens. (Handles more compression types
and x.y.revision versioning.)
* In initscript invoke pidofproc with a pathname argument as it is
documented in LSB and required by lsb-base (>= 4.1+Debian9).
Closes: #693696, #718871
* Improve exim4-config_files.5 and README.Debian - Warn about unresolvable
items in host lists. Closes: #627988
* Drop support for "/etc/init.d/exim4 what". It offers zero benefit to
invoking exiwhat directly and throws an error mesage, too. (Thanks Regid
Ichira for the diagnosis.) Closes: #643720
* Set "host_find_failed = ignore" (instead of defer) on smarthost and
hub_user_smarthost router. Now if one (of the possibly multiple) listed
smarthosts is not resolvable (NXDOMAIN) ignores it and and tries the next
listed one. If all listed hosts are unresolvable the mail is still
defered, since host_all_ignored is set to defer by default. Therefore the
behavior does not change for single-smarthost systems. Closes: #658878
* Remove obsolete conffile /etc/cron.monthly/exim4-base which was only
shipped in 4.69-3. Closes: #689334
* Update exim_db.8, syncing against spec.txt from exim 4.80.
* 87_localinjected_mimeacl.diff from upstream GIT. When injecting a message
locally in non-SMTP mode, and with MIME ACLs configured, if the ACL
rejected the message, Exim would try to `fprintf(NULL, "%s",
the_message)`. This fixes that.
* [lintian] Escape some dashes in exim4-config_files.5.
* Point vcs-* to anonscm.
* Remove pidfile after stopping the daemon, exim does not remove it itself.
Closes: #702988
* eu.po: Fix last reference to /usr/share/doc/exim4-base/README.Debian
(without either .html or .gz suffix). Closes: #394975
* Merge autopkgtests from Ubuntu (Thanks Yolanda Robla for the pointer)
Closes: #710018
+ tests/CVE-2010-4344.py is GPLv2 - Add license header.
+ tests/daemon and tests/security do not use bashisms, change shebang
to /bin/sh.
* Upload to experimental, due to perl transition.
-- Colin Watson <email address hidden> Mon, 28 Oct 2013 11:55:21 -0700
-
exim4 (4.80-7ubuntu4) trusty; urgency=low
* Rebuild for Perl 5.18.
-- Colin Watson <email address hidden> Wed, 23 Oct 2013 10:24:08 +0100
-
exim4 (4.80-7ubuntu3) saucy; urgency=low
* debian/patches/fix_smtp_banner.patch: updated SMTP banner
with Ubuntu distribution
* debian/control: added lsb-release build dependency
-- Yolanda Robla <email address hidden> Tue, 18 Jun 2013 19:17:43 +0200
