exim4 4.94.2-2ubuntu1 source package in Ubuntu
Changelog
exim4 (4.94.2-2ubuntu1) impish; urgency=medium
* Merge with Debian unstable. Remaining changes:
- Show Ubuntu distribution in SMTP banner
+ d/p/fix_smtp_banner.patch: Show Ubuntu distribution in SMTP banner.
+ Build-Depends on lsb-release to detect Distribution.
* Dropped changes:
- debian/patches/sec-202105/*.patch: backport patches from upstream to
correct issues.
[Included in 4.94.2-1]
exim4 (4.94.2-2) unstable; urgency=medium
* Updates from exim-4.94.2+fixes:
+ 73_01-Fix-DANE-SNI-handling-Bug-2265.patch (from +fixes).
Fix broken SNI/DANE handling.
+ 73_02-Fix-ipv6norm.patch: Fix ${ip6norm:} operator. Previously, any
trailing line text was dropped, making it unusable in complex
expressions.
+ 75_27_open_logs_2744.patch Partial fix for nullpointer dereference with
logging to syslog. See 988086.
exim4 (4.94.2-1) unstable; urgency=high
* New upstream security release.
+ Release based on +fixes branch, drop 74_*diff.
+ Unfuzz 75_04-acl.patch.
+ Merge in upstream configuration change rejecting all RCPT commands after
too many (more than five out of the initial ten) bad recipients. Can be
disabled by setting CHECK_RCPT_NO_FAIL_TOO_MANY_BAD_RCPT.
+ Fixes multiple security vulnerabilities reported by Qualys and adds
related robustness improvements. (Special thanks to Heiko)
CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
CVE-2020-28007: Link attack in Exim's log directory
CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
CVE-2020-28012: Missing close-on-exec flag for privileged pipe
CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
CVE-2020-28009: Integer overflow in get_stdinput()
CVE-2020-28015, CVE-28021: New-line injection into spool header file
CVE-2020-28026: Line truncation and injection in spool_read_header()
CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
CVE-2020-28017: Integer overflow in receive_add_recipient()
CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
CVE-2020-28011: Heap buffer overflow in queue_run()
CVE-2020-28010: Heap out-of-bounds write in main()
CVE-2020-28018: Use-after-free in tls-openssl.c
CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
CVE-2020-28014, CVE-2021-27216: PID file handling
CVE-2020-28008: Assorted attacks in Exim's spool directory
CVE-2020-28019: Failure to reset function pointer after BDAT error
* Update debian/upstream/signing-key.asc from
<https://downloads.exim.org/Exim-Maintainers-Keyring.asc>.
exim4 (4.94-19) unstable; urgency=medium
* Further updates from heiko/exim-4.94+fixes+taintwarn:
+ 75_24-Silence-the-compiler.patch
+ 75_26-Disable-taintchecks-for-mkdir-this-isn-t-part-of-4.9.patch
* Upload to unstable.
exim4 (4.94-18) experimental; urgency=medium
* Pull patches to temporarily add an option to turn taint errors into
warnings. (See #987133)
+ 75_01-Introduce-main-config-option-allow_insecure_tainted_.patch
+ 75_02-search.patch
+ 75_03-dbstuff.patch
+ 75_04-acl.patch
+ 75_05-parse.patch
+ 75_06-rda.patch
+ 75_07-appendfile.patch
+ 75_08-autoreply.patch
+ 75_09-pipe.patch
+ 75_10-deliver.patch
+ 75_11-directory.patch
+ 75_12-expand.patch
+ 75_13-lf_sqlperform.patch
+ 75_14-rf_get_transport.patch
+ 75_15-deliver.patch
+ 75_16-smtp_out.patch
+ 75_17-smtp.patch
+ 75_18-update-doc.patch
+ 75_20-Set-mainlog_name-and-rejectlog_name-unconditionally.patch
+ 75_21-tidy-log.c.patch
+ 75_22-Silence-compiler.patch
+ 75_23-Do-not-close-the-main-_log-if-we-do-not-see-a-chance.patch
* Update NEWS.Debian to describe the feature.
exim4 (4.94-17) unstable; urgency=medium
* Let exim4-config Recommend ca-certificates, needed for certificate
verification.
exim4 (4.94-16) unstable; urgency=medium
* README.Debian: Fix typo "tls_verify_certificate" instead of
"tls_verify_certificates".
* General doc improvements in this area. (Thanks, Jö Fahlke) Closes: #985244
* Intensify upgrade warning in NEWS file.
* Enforce certificate verification against the system trust store in the
remote SMTP transport by default by setting
REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = *. Closes: #985344
* Update from exim-4.94+fixes:
+ 74_56-Fix-FreeBSD-13-build.patch
+ 74_57-Fix-weight-calculation-for-spamd_address.-Bug-2694.patch
+ 74_58-Fix-weight-calculation-for-socks_proxy.-Bug-2694.patch
+ 74_59-Fix-build-for-platforms-not-having-ulong.patch
+ 74_60-Fix-list-expansion-for-various-domainlists-having-in.patch
+ 74_61-Bulid-fix-DISABLE_PIPE_CONNECT-build.-Bug-2703.patch
+ 74_62-Docs-fix-description-of-hosts_try_dane.-Bug-2704.patch
-- Utkarsh Gupta <email address hidden> Tue, 11 May 2021 18:25:10 +0530
Upload details
- Uploaded by:
- Utkarsh Gupta
- Sponsored by:
- Robie Basak
- Uploaded to:
- Impish
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| exim4_4.94.2.orig.tar.xz | 1.8 MiB | 051861fc89f06205162f12129fb7ebfe473383bb6194bf8642952bfd50329274 |
| exim4_4.94.2-2ubuntu1.debian.tar.xz | 473.2 KiB | 0f7d0476f3909cc9d629ee6ff044ac8a6c295f86cce9fc051450656da0ed05cf |
| exim4_4.94.2-2ubuntu1.dsc | 2.7 KiB | 979f4b77886e9bdb87c84f2565ad07ecdc9e9d88caa73e3964037389978c74d9 |
Available diffs
Binary packages built by this source
- exim4: No summary available for exim4 in ubuntu impish.
No description available for exim4 in ubuntu impish.
- exim4-base: No summary available for exim4-base in ubuntu impish.
No description available for exim4-base in ubuntu impish.
- exim4-base-dbgsym: No summary available for exim4-base-dbgsym in ubuntu impish.
No description available for exim4-base-dbgsym in ubuntu impish.
- exim4-config: No summary available for exim4-config in ubuntu impish.
No description available for exim4-config in ubuntu impish.
- exim4-daemon-heavy: No summary available for exim4-daemon-heavy in ubuntu impish.
No description available for exim4-daemon-heavy in ubuntu impish.
- exim4-daemon-heavy-dbgsym: No summary available for exim4-daemon-heavy-dbgsym in ubuntu impish.
No description available for exim4-daemon-
heavy-dbgsym in ubuntu impish.
- exim4-daemon-light: No summary available for exim4-daemon-light in ubuntu impish.
No description available for exim4-daemon-light in ubuntu impish.
- exim4-daemon-light-dbgsym: No summary available for exim4-daemon-light-dbgsym in ubuntu impish.
No description available for exim4-daemon-
light-dbgsym in ubuntu impish.
- exim4-dev: No summary available for exim4-dev in ubuntu impish.
No description available for exim4-dev in ubuntu impish.
- eximon4: No summary available for eximon4 in ubuntu impish.
No description available for eximon4 in ubuntu impish.
- eximon4-dbgsym: No summary available for eximon4-dbgsym in ubuntu impish.
No description available for eximon4-dbgsym in ubuntu impish.
