exim4 4.93-13ubuntu1.8 source package in Ubuntu

Changelog

exim4 (4.93-13ubuntu1.8) focal-security; urgency=medium

  * SECURITY UPDATE: information disclosure
    - debian/patches/CVE-2023-42114.patch: fix possible OOB read in
      SPA authenticator
    - CVE-2023-42114
  * SECURITY UPDATE: remote code execution
    - debian/patches/CVE-2023-42115.patch: fix possible OOB write in
      external authenticator
    - CVE-2023-42115
  * SECURITY UPDATE: remote code execution
    - debian/patches/CVE-2023-42116.patch: fix possible OOB write in
      SPA authenticator
    - CVE-2023-42116
  * debian/patches/CVE-2023-42114_15_16.patch:
    - use uschar more in spa authenticator

 -- Allen Huang <email address hidden>  Mon, 02 Oct 2023 17:21:29 +0100

Upload details

Uploaded by:
Allen Huang
Uploaded to:
Focal
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
mail
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Focal updates main mail
Focal security main mail

Downloads

File Size SHA-256 Checksum
exim4_4.93.orig.tar.xz 1.7 MiB 68213201b5d5900b0e1481860df0ec7c0bf1212a716fe1f0493b16649c5b4d81
exim4_4.93-13ubuntu1.8.debian.tar.xz 531.6 KiB 8d133ad8585bc6c902b2223221ec37d3ed3eb544e82571ca0ccca4b5baff5deb
exim4_4.93-13ubuntu1.8.dsc 2.7 KiB 2e031bfc7b15f20bb9ff988e170feb951d6002f5f9403e0cc65c7a9351a0bec6

View changes file

Binary packages built by this source

exim4: metapackage to ease Exim MTA (v4) installation

 Exim (v4) is a mail transport agent. exim4 is the metapackage depending
 on the essential components for a basic exim4 installation.
 .
 The Debian exim4 packages have their own web page,
 http://wiki.debian.org/PkgExim4. There is also a Debian-specific
 FAQ list. Information about the way the Debian packages are
 configured can be found in
 /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
 information about the way the Debian binary packages are built. The
 very extensive upstream documentation is shipped in
 /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
 configuration process in a standard setup, invoke dpkg-reconfigure
 exim4-config. There is a Debian-centered mailing list,
 pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
 questions there, and only write to the upstream exim-users mailing
 list if you are sure that your question is not Debian-specific. You
 can find the subscription web page on
 http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users

exim4-base: support files for all Exim MTA (v4) packages

 Exim (v4) is a mail transport agent. exim4-base provides the support
 files needed by all exim4 daemon packages. You need an additional package
 containing the main executable. The available packages are:
 .
  exim4-daemon-light
  exim4-daemon-heavy
 .
 If you build exim4 from the source package locally, you can also
 build an exim4-daemon-custom package tailored to your own feature set.
 .
 The Debian exim4 packages have their own web page,
 http://wiki.debian.org/PkgExim4. There is also a Debian-specific
 FAQ list. Information about the way the Debian packages are
 configured can be found in
 /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
 information about the way the Debian binary packages are built. The
 very extensive upstream documentation is shipped in
 /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
 configuration process in a standard setup, invoke dpkg-reconfigure
 exim4-config. There is a Debian-centered mailing list,
 pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
 questions there, and only write to the upstream exim-users mailing
 list if you are sure that your question is not Debian-specific. You
 can find the subscription web page on
 http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users

exim4-base-dbgsym: debug symbols for exim4-base
exim4-config: configuration for the Exim MTA (v4)

 Exim (v4) is a mail transport agent. exim4-config provides the configuration
 for the exim4 daemon packages. The configuration framework has been split
 off the main package to allow sites to replace the configuration scheme
 with their own without having to change the actual exim4 packages.
 .
 Sites with special configuration needs (having a lot of identically
 configured machines for example) can use this to distribute their own
 custom configuration via the packaging system, using the magic
 available with dpkg's conffile handling, without having to do local
 changes on all of these machines.
 .
 The Debian exim4 packages have their own web page,
 http://wiki.debian.org/PkgExim4. There is also a Debian-specific
 FAQ list. Information about the way the Debian packages are
 configured can be found in
 /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
 information about the way the Debian binary packages are built. The
 very extensive upstream documentation is shipped in
 /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
 configuration process in a standard setup, invoke dpkg-reconfigure
 exim4-config. There is a Debian-centered mailing list,
 pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
 questions there, and only write to the upstream exim-users mailing
 list if you are sure that your question is not Debian-specific. You
 can find the subscription web page on
 http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users

exim4-daemon-heavy: Exim MTA (v4) daemon with extended features, including exiscan-acl

 Exim (v4) is a mail transport agent. This package contains the exim4
 daemon with extended features. In addition to the features already
 supported by exim4-daemon-light, exim4-daemon-heavy includes LDAP,
 sqlite, PostgreSQL and MySQL data lookups, SASL and SPA SMTP authentication,
 embedded Perl interpreter, and the content scanning extension
 (formerly known as "exiscan-acl") for integration of virus scanners
 and spamassassin.
 .
 The Debian exim4 packages have their own web page,
 http://wiki.debian.org/PkgExim4. There is also a Debian-specific
 FAQ list. Information about the way the Debian packages are
 configured can be found in
 /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
 information about the way the Debian binary packages are built. The
 very extensive upstream documentation is shipped in
 /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
 configuration process in a standard setup, invoke dpkg-reconfigure
 exim4-config. There is a Debian-centered mailing list,
 pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
 questions there, and only write to the upstream exim-users mailing
 list if you are sure that your question is not Debian-specific. You
 can find the subscription web page on
 http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users

exim4-daemon-heavy-dbgsym: debug symbols for exim4-daemon-heavy
exim4-daemon-light: lightweight Exim MTA (v4) daemon

 Exim (v4) is a mail transport agent. This package contains the exim4
 daemon with only basic features enabled. It works well with the
 standard setups that are provided by Debian and includes support for
 TLS encryption and the dlopen patch to allow dynamic loading of a
 local_scan function.
 .
 The Debian exim4 packages have their own web page,
 http://wiki.debian.org/PkgExim4. There is also a Debian-specific
 FAQ list. Information about the way the Debian packages are
 configured can be found in
 /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
 information about the way the Debian binary packages are built. The
 very extensive upstream documentation is shipped in
 /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
 configuration process in a standard setup, invoke dpkg-reconfigure
 exim4-config. There is a Debian-centered mailing list,
 pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
 questions there, and only write to the upstream exim-users mailing
 list if you are sure that your question is not Debian-specific. You
 can find the subscription web page on
 http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users

exim4-daemon-light-dbgsym: debug symbols for exim4-daemon-light
exim4-dev: header files for the Exim MTA (v4) packages

 Exim (v4) is a mail transport agent. This package contains header
 files that can be used to compile code that is then dynamically linked
 to exim's local_scan interface.
 .
 The Debian exim4 packages have their own web page,
 http://wiki.debian.org/PkgExim4. There is also a Debian-specific
 FAQ list. Information about the way the Debian packages are
 configured can be found in
 /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
 information about the way the Debian binary packages are built. The
 very extensive upstream documentation is shipped in
 /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
 configuration process in a standard setup, invoke dpkg-reconfigure
 exim4-config. There is a Debian-centered mailing list,
 pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
 questions there, and only write to the upstream exim-users mailing
 list if you are sure that your question is not Debian-specific. You
 can find the subscription web page on
 http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users

eximon4: monitor application for the Exim MTA (v4) (X11 interface)

 Eximon is a helper program for the Exim MTA (v4). It allows
 administrators to view the mail queue and logs, and perform a variety
 of actions on queued messages, such as freezing, bouncing and thawing
 messages.

eximon4-dbgsym: debug symbols for eximon4