-
exim4 (4.74-1ubuntu1.3) natty-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via dns decode logic
- debian/patches/CVE-2012-5671.patch: adjust max length and validate
against it in src/pdkim/pdkim.h, src/dkim.c.
- CVE-2012-5671
-- Marc Deslauriers <email address hidden> Thu, 25 Oct 2012 08:29:01 -0400
-
exim4 (4.74-1ubuntu1.2) natty-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via DKIM identities
- debian/patches/86_CVE-2011-1407.patch: don't use match_isinlist() for
simple string list matching in src/receive.c.
- CVE-2011-1407
-- Marc Deslauriers <email address hidden> Tue, 24 May 2011 15:42:30 -0400
-
exim4 (4.74-1ubuntu1.1) natty-security; urgency=low
* SECURITY UPDATE: format string vulnerability (LP: #779391)
- debian/patches/85_CVE-2011-1764.patch: patch from upstream
- CVE-2011-1764
-- Felix Geyer <email address hidden> Sun, 08 May 2011 15:31:05 +0200
-
exim4 (4.74-1ubuntu1) natty; urgency=low
* Merge from debian experimental. Remaining changes: (LP: #713855)
- debian/patches/71_exiq_grep_error_on_messages_without_size.patch:
+ Improve handling of broken messages when "exim4 -bp" (mailq)
reports lines without size info. (Closes: #528625)
- debian/control: Don't declare a Provides: default-mta; in Ubuntu,
we want postfix to be the default.
- debian/{control,rules}: Add and enable hardened build for PIE.
(Closes: #542726)
* Update 71_exiq_grep_error_on_messages_without_size.patch to get way
which upstream has fixed it. Probably it can be dropped with next
upstream release.
* This upload fixes CVE: (LP: #708023)
- CVE-2011-0017
exim4 (4.74-1) experimental; urgency=low
* 4.74 release, should build on hurd again.
* Fix some lintian --pedantic issues: copyright-refers-to-symlink-license
maintainer-script-without-set-e debian-control-has-unusual-field-spacing
exim4 (4.74~rc2-1) experimental; urgency=low
* In spf example use spf-tools-perl's spfquery instead of the one from
libmail-spf-query-perl. Do not try to use unimplemented best-guess
support. Update Suggests accordingly. Closes: #608336
* Add headers in ACL by using the add_header modifier instead of "message".
(This modifier has been available since 4.61.) Closes: #609308
* New upstream version.
+ includes the fix for CVE-2011-0017
+ If a non-debug daemon was invoked with a non-whitelisted macro, then
logs from after attempting delivery would be silently lost, including
for successful delivery. This log-loss bug was introduced in 4.73
as part of the security lockdown. Closes: #610611
+ Update some patches.
-- Artur Rona <email address hidden> Wed, 09 Feb 2011 21:31:35 +0100
-
exim4 (4.73~rc1-1ubuntu1) natty; urgency=low
* Merge from debian unstable. Remaining changes: (LP: #697934)
- debian/patches/71_exiq_grep_error_on_messages_without_size.patch:
+ Improve handling of broken messages when "exim4 -bp" (mailq)
reports lines without size info.
- debian/control: Don't declare a Provides: default-mta; in Ubuntu,
we want postfix to be the default.
- debian/{control,rules}: Add and enable hardened build for PIE.
(Closes: #542726)
* Drop B-D on libmysqlclient15-dev, resolved in Debian.
-- Artur Rona <email address hidden> Tue, 28 Dec 2010 22:20:17 +0100
-
exim4 (4.72-2ubuntu1) natty; urgency=low
* Merge from debian unstable. Remaining changes: (LP: #671615)
- debian/patches/71_exiq_grep_error_on_messages_without_size.dpatch:
Improve handling of broken messages when "exim4 -bp" (mailq) reports
lines without size info.
- Don't declare a Provides: default-mta; in Ubuntu, we want postfix to be
the default.
- debian/control: Change build dependencies to MySQL 5.1.
- debian/{control,rules}: add and enable hardened build for PIE
(Closes: #542726).
exim4 (4.72-2) unstable; urgency=low
[ Marc Haber ]
* Apply patch to russian (ru) debconf template, thanks to Тим
Алексеевский and Tim Alexeevsky. Closes: #576202
* fix exim4-config_files man page, mention
{host|sender}_local_deny_exceptions instead of
local_{host|sender}_whitelist. Thanks to Fabien André in #578176
* add !acl = acl_local_deny_exceptions to defer stanzas in SPF code.
Thanks to Fabien André. Closes: #578176
* Re-work config.autogenerated header to more exactly reflect
configuration source. (mh) Closes: #593984
[ Andreas Metzler ]
* Fix getopt invocation to make update-exim4.conf.template -o work. (Thank
you Matthew W. S. Bell) Closes: #590333
* 40_dkimnotinpaniclog.diff pulled from upstream git. Stop logging
non-critical DKIM errors in paniclog. Closes: #567876
* Debconf translations:
- Danish. Closes: #592792
-- Artur Rona <email address hidden> Fri, 05 Nov 2010 21:05:47 +0100
-
exim4 (4.72-1ubuntu1) maverick; urgency=low
* Merge with Debian unstable (LP: #609620). Remaining changes:
+ debian/patches/71_exiq_grep_error_on_messages_without_size.dpatch:
Improve handling of broken messages when "exim4 -bp" (mailq) reports
lines without size info.
+ Don't declare a Provides: default-mta; in Ubuntu, we want postfix to be
the default.
+ debian/control: Change build dependencies to MySQL 5.1.
+ debian/{control,rules}: add and enable hardened build for PIE
(Closes: #542726).
exim4 (4.72-1) unstable; urgency=low
* New upstream release. (Identical to the git snapshot previously
uploaded to experimental.)
exim4 (4.72~20100529-1) experimental; urgency=low
* Git snapshot 20100529.
+ Fix documentation for exipick -bpra. #574778
+ CVE-2010-2024: Protect against symlink attacks on MBX lockfile in /tmp.
(Debian's default configuration does not use MBX format, but the
exim4-daemon-heavy binary supports MBX.)
+ CVE-2010-2023 Prevent hardlink attack on mbox sticky mail directory.
(Probably not relevant for Debian systems at all, since the mail spool
is 2775 root:mail.)
+ Dovecot authenticator ignores unknown keywords, making it compatible
with version 1.1 of Dovecot authentication protocol. (= dovecot 2.0).
See Changelog for complete list.
* Drop patches included upstream: 36_typoinexipick.diff
20_PDKIM-Upgrade-PolarSSL.diff.
exim4 (4.71-4) unstable; urgency=low
* Drop unneeded lintian overrides.
+ description-contains-homepage
+ debian/source.lintian-overrides dbg-package-missing-depends exim4-dbg.
+ partially-translated-question
+ maintainer-script-needs-depends-on-update-inetd
+ possible-bashism-in-maintainer-script
+ binary-without-manpage
+ possible-debconf-note-abuse
+ changelog-not-compressed-with-max-compression
* Lintian informational hints:
+ hyphen-used-as-minus-sign. debian/manpages/exim4-config_files.5
debian/manpages/update-exim4.conf.8 debian/manpages/exiwhat.8
* Use dh_lintian.
* Fix sourcing of lsb-functions in init-script. Test for existence of
/usr/lib/exim4/exim4 first. Unconditionally read /lib/lsb/init-functions.
If they are not present the package's dependencies are not installed.
Bump dependency on lsb-base to 3.0-6. (log_action_*)
* Update reference to spec.txt in README.Debian. Closes: #568051
* Invoke spfquery as spfquery.mail-spf-query-perl. There are three different
implementations of spfquery in Debian, with incompatible commandline
switches and different exit codes. Closes: #573956
-- Artur Rona <email address hidden> Sun, 25 Jul 2010 02:00:42 +0200
