Format: 1.8
Date: Fri, 12 Apr 2024 11:03:05 -0400
Source: amavisd-new
Built-For-Profiles: noudeb
Architecture: source
Version: 1:2.13.0-3ubuntu1.1
Distribution: mantic-security
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Changes:
 amavisd-new (1:2.13.0-3ubuntu1.1) mantic-security; urgency=medium
 .
   * SECURITY UPDATE: incorrect check via multiple boundary parameters
     - debian/patches/CVE-2024-28054-1.patch: add CC_UNCHECKED,3 content
       category in conf/amavisd.conf, lib/Amavis.pm, lib/Amavis/Conf.pm,
       lib/Amavis/Unpackers.pm, lib/Amavis/Unpackers/MIME.pm,
       lib/Amavis/Unpackers/Part.pm, t/Amavis/Unpackers/MIMETest.pm.
     - debian/patches/CVE-2024-28054-2.patch: use
       MIME::Entity->ambiguous_content if available in .gitlab-ci.yml,
       lib/Amavis/Unpackers/MIME.pm.
     - debian/patches/CVE-2024-28054-3.patch: describe CVE-2024-28054 in
       README_FILES/README.CVE-2024-28054.
     - CVE-2024-28054
Checksums-Sha1:
 9dc85ca235c0039f9d13d3cccdd96a18dd5c6181 2456 amavisd-new_2.13.0-3ubuntu1.1.dsc
 578130ee426526e3f6bfa2fc544560897fbddca6 81776 amavisd-new_2.13.0-3ubuntu1.1.debian.tar.xz
 9679381d5edd58a0619ddb8644c3b1e6f4d56dde 12995 amavisd-new_2.13.0-3ubuntu1.1_source.buildinfo
Checksums-Sha256:
 fb91480629bab78b6768ae023435695c797eaa3f2b564e5527a0ab2b06a54fdd 2456 amavisd-new_2.13.0-3ubuntu1.1.dsc
 2cf24d6eadcda8761cefb79535c4c8914b85ef8919a3f5dae18ae8754c1a09a9 81776 amavisd-new_2.13.0-3ubuntu1.1.debian.tar.xz
 d4310d642532712eed785f05ad26b2c8e64ba1a4ba032a0b352678bf4fee729d 12995 amavisd-new_2.13.0-3ubuntu1.1_source.buildinfo
Files:
 c26f32c3760c1c303a44ac7cb6c474fb 2456 mail optional amavisd-new_2.13.0-3ubuntu1.1.dsc
 0f494e3a2a32f0b71d9a4e11664987c0 81776 mail optional amavisd-new_2.13.0-3ubuntu1.1.debian.tar.xz
 0512ec08e597f5d152bbe6088ba80408 12995 mail optional amavisd-new_2.13.0-3ubuntu1.1_source.buildinfo
Original-Maintainer: Brian May <bam@debian.org>