exim4 4.97-3 source package in Debian
Changelog
exim4 (4.97-3) unstable; urgency=medium
* Fixes from upstream GIT master:
77_01-Reject-dot-LF-as-ending-data-phase.-Bug-3063.patch
77_02-Use-enum-for-body-data-input-state-machine.patch
77_03-Reject-dot-LF-as-ending-data-phase-pt.-2-.-Bug-3063.patch
+ Enforce a data synch check before emitting the 354 "go ahead".
Previously this was only done if a pre-data ACL was configured.
+ Refuse to accept a line "dot, LF" as end-of-DATA unless operating in
LF-only mode (as detected from the first header line). Previously we
did accept that in (normal) CRLF mode; this has been raised as a
possible attack scenario (under the name "smtp smuggling").
Closes: #1059387 CVE-2023-51766
-- Andreas Metzler <email address hidden> Mon, 25 Dec 2023 07:50:16 +0100
Upload details
- Uploaded by:
- Exim4 Maintainers
- Uploaded to:
- Sid
- Original maintainer:
- Exim4 Maintainers
- Architectures:
- any all
- Section:
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Builds
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| exim4_4.97-3.dsc | 2.8 KiB | 6b96dd15c02b37a991b794a8cca10c40306960a429f81e0e9e01eade1e15b522 |
| exim4_4.97.orig.tar.xz | 1.8 MiB | 428150e67c494fa14fe5195d81b972c1b23e651ee4f9f2ff1788250266d31e9c |
| exim4_4.97.orig.tar.xz.asc | 508 bytes | 9f2f74d63c897be3c689bbc2e73c67c815f809b2776b03e5baaaae1598d6b946 |
| exim4_4.97-3.debian.tar.xz | 462.3 KiB | f9ae0a29683c13eb946438ca144217099fb3b13f14de22247b3d08d5c9a18f76 |
No changes file available.
