Format: 1.8
Date: Fri, 12 Apr 2024 11:03:05 -0400
Source: amavisd-new
Built-For-Profiles: noudeb
Architecture: source
Version: 1:2.13.0-3ubuntu2
Distribution: noble-security
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Changes:
 amavisd-new (1:2.13.0-3ubuntu2) noble-security; urgency=medium
 .
   * SECURITY UPDATE: incorrect check via multiple boundary parameters
     - debian/patches/CVE-2024-28054-1.patch: add CC_UNCHECKED,3 content
       category in conf/amavisd.conf, lib/Amavis.pm, lib/Amavis/Conf.pm,
       lib/Amavis/Unpackers.pm, lib/Amavis/Unpackers/MIME.pm,
       lib/Amavis/Unpackers/Part.pm, t/Amavis/Unpackers/MIMETest.pm.
     - debian/patches/CVE-2024-28054-2.patch: use
       MIME::Entity->ambiguous_content if available in .gitlab-ci.yml,
       lib/Amavis/Unpackers/MIME.pm.
     - debian/patches/CVE-2024-28054-3.patch: describe CVE-2024-28054 in
       README_FILES/README.CVE-2024-28054.
     - CVE-2024-28054
Checksums-Sha1:
 af2601ac42fa3dc64d92b702047fb6910e166705 2448 amavisd-new_2.13.0-3ubuntu2.dsc
 981ef5de15aa982500bbf09c6360c889c1244454 81768 amavisd-new_2.13.0-3ubuntu2.debian.tar.xz
 47ba5eaafac186cbe6d55d687d4485ea8002d9b3 13450 amavisd-new_2.13.0-3ubuntu2_source.buildinfo
Checksums-Sha256:
 afa15f9dabdfa2992a557088ecc27f72a4d4de9e8ca2409cb5c81dc38cb1bfea 2448 amavisd-new_2.13.0-3ubuntu2.dsc
 f76304a043d0d9e5d4c80849922940719e2fd5ff855ced3a78864aa1fa45e501 81768 amavisd-new_2.13.0-3ubuntu2.debian.tar.xz
 025a8d24862c2333e3451a98106c27ba9a47fc0ada7685157160207d7bc8a73c 13450 amavisd-new_2.13.0-3ubuntu2_source.buildinfo
Files:
 25d9ca86b2d3dfdc862b48240e9893e9 2448 mail optional amavisd-new_2.13.0-3ubuntu2.dsc
 d9f2eb42a571ff8b923a3ed91ae8220b 81768 mail optional amavisd-new_2.13.0-3ubuntu2.debian.tar.xz
 96c3751911ef647574814774ad181191 13450 mail optional amavisd-new_2.13.0-3ubuntu2_source.buildinfo
Original-Maintainer: Brian May <bam@debian.org>