-
exim4 (4.97-4ubuntu4) noble; urgency=medium
* No-change rebuild for CVE-2024-3094
-- Steve Langasek <email address hidden> Sun, 31 Mar 2024 18:12:56 +0000
-
exim4 (4.97-4ubuntu3) noble; urgency=medium
* No-change rebuild against libperl5.38t64
-- Steve Langasek <email address hidden> Sat, 09 Mar 2024 18:19:06 +0000
-
exim4 (4.97-4ubuntu2) noble; urgency=medium
* No-change rebuild against libdb5.3t64
-- Steve Langasek <email address hidden> Sat, 02 Mar 2024 20:31:24 +0000
-
exim4 (4.97-4ubuntu1) noble; urgency=medium
* Merge with Debian unstable (LP: #2051408). Remaining changes:
- Show Ubuntu distribution in SMTP banner
+ d/p/fix_smtp_banner.patch: Show Ubuntu distribution
in SMTP banner.
+ d/control: Build-Depends on lsb-release to detect Distribution.
- Disable external SPF support to avoid Build-Depends on libspf2-dev
(only available in universe). SPF can still be implemented via
spf-tools-perl, as documented in exim4.conf.template. This reverts
Vcs-Git commit 494f1fe, first released in 4.95~RC0-1.
(LP #1952738)
+ d/control: drop Build-Depends on libspf2-dev.
+ d/EDITME.exim4-heavy.diff: disable support for libspf2.
+ d/d/c/a/30_exim4-config_check_rcpt: restore SPF logic based
on spfquery.mail-spf-perl from spf-tools-perl, but without
the previously supported helo detection.
-- Bryce Harrington <email address hidden> Fri, 26 Jan 2024 17:11:37 -0800
-
exim4 (4.97-3ubuntu2) noble; urgency=medium
* No-change rebuild for the perl update.
-- Matthias Klose <email address hidden> Thu, 11 Jan 2024 04:29:22 +0100
-
exim4 (4.97-3ubuntu1) noble; urgency=medium
* Merge with Debian unstable (LP: #2040379). Remaining changes:
- Show Ubuntu distribution in SMTP banner
+ d/p/fix_smtp_banner.patch: Show Ubuntu distribution
in SMTP banner.
+ d/control: Build-Depends on lsb-release to detect Distribution.
- Disable external SPF support to avoid Build-Depends on libspf2-dev
(only available in universe). SPF can still be implemented via
spf-tools-perl, as documented in exim4.conf.template. This reverts
Vcs-Git commit 494f1fe, first released in 4.95~RC0-1.
(LP #1952738)
+ d/control: drop Build-Depends on libspf2-dev.
+ d/EDITME.exim4-heavy.diff: disable support for libspf2.
+ d/d/c/a/30_exim4-config_check_rcpt: restore SPF logic based
on spfquery.mail-spf-perl from spf-tools-perl, but without
the previously supported helo detection.
* Dropped:
- information disclosure
+ d/p/CVE-2023-42114.patch: fix possible OOB read in
SPA authenticator
[Included in 4.97~RC1-2]
- remote code execution
+ d/p/CVE-2023-42115.patch: fix possible OOB write in
external authenticator
[Included in 4.97~RC1-2]
- remote code execution
+ d/p/CVE-2023-42116.patch: fix possible OOB write in
SPA authenticator
[Included in 4.97~RC1-2]
- d/p/CVE-2023-42114_15_16.patch:
+ use uschar more in spa authenticator
[Included in 4.97~RC1-2]
- remote code execution
+ d/p/CVE-2023-42117.patch: fixed string_is_ip_address()
in string.c
- information disclosure
+ d/p/CVE-2023-42119.patch: hardened dnsdb.c against
crafted DNS responses.
[Included in upstream release 4.97]
-- Bryce Harrington <email address hidden> Wed, 03 Jan 2024 12:58:30 -0800
-
exim4 (4.96-17ubuntu2.1) mantic-security; urgency=medium
* SECURITY UPDATE: remote code execution
- debian/patches/CVE-2023-42117.patch: fixed string_is_ip_address()
in string.c
- CVE-2023-42117
* SECURITY UPDATE: information disclosure
- debian/patches/CVE-2023-42119.patch: hardened dnsdb.c against
crafted DNS responses.
- CVE-2023-42119
-- Allen Huang <email address hidden> Wed, 25 Oct 2023 01:21:02 +0100
-
exim4 (4.96-17ubuntu2) mantic; urgency=medium
* SECURITY UPDATE: information disclosure
- debian/patches/CVE-2023-42114.patch: fix possible OOB read in
SPA authenticator
- CVE-2023-42114
* SECURITY UPDATE: remote code execution
- debian/patches/CVE-2023-42115.patch: fix possible OOB write in
external authenticator
- CVE-2023-42115
* SECURITY UPDATE: remote code execution
- debian/patches/CVE-2023-42116.patch: fix possible OOB write in
SPA authenticator
- CVE-2023-42116
* debian/patches/CVE-2023-42114_15_16.patch:
- use uschar more in spa authenticator
-- Allen Huang <email address hidden> Tue, 03 Oct 2023 14:35:45 +0100