-
exim4 (4.86.2-2ubuntu2.6) xenial-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2020-12783-*.patch: fix SPA
authenticator, checking client-supplied data before using it
in src/auths/spa.c, src/auths/spa-spa.c.
- CVE-2020-12783
-- <email address hidden> (Leonidas S. Barbosa) Thu, 14 May 2020 09:54:21 -0300
-
exim4 (4.86.2-2ubuntu2.5) xenial-security; urgency=medium
* SECURITY UPDATE: remote command execution
- debian/patches/CVE-2019-15846.patch: ensure not to interpret '\\'
before '\0' in src/string.c
- CVE-2019-15846
-- Alex Murray <email address hidden> Thu, 05 Sep 2019 11:19:50 +0930
-
exim4 (4.86.2-2ubuntu2.4) xenial-security; urgency=medium
* SECURITY UPDATE: code execution via ${sort }
- debian/patches/CVE-2019-13917.patch: avoid re-expansion in ${sort }
in src/expand.c.
- CVE-2019-13917
-- Marc Deslauriers <email address hidden> Fri, 19 Jul 2019 07:21:10 -0400
-
exim4 (4.86.2-2ubuntu2.3) xenial-security; urgency=medium
* SECURITY UPDATE: Buffer overflow in base64d()
- debian/patches/CVE-2018-6789.patch: fix overflow in
src/auths/b64decode.c.
- CVE-2018-6789
-- Marc Deslauriers <email address hidden> Sat, 10 Feb 2018 14:18:40 -0500
-
exim4 (4.86.2-2ubuntu2.2) xenial-security; urgency=medium
* SECURITY UPDATE: memory leak
- debian/patches/93_CVE-2017-1000368.patch: free -p argument if
allocation was required.
- CVE-2017-1000368
-- Steve Beattie <email address hidden> Fri, 02 Jun 2017 22:07:28 -0700
-
exim4 (4.86.2-2ubuntu2.1) xenial-security; urgency=medium
* SECURITY UPDATE: DKIM information leakage
- debian/patches/CVE-2016-9963.patch: fix information leakage in
src/dkim.c, src/transports/smtp.c.
- CVE-2016-9963
-- Marc Deslauriers <email address hidden> Thu, 05 Jan 2017 08:29:10 -0500
-
exim4 (4.86.2-2ubuntu2) xenial; urgency=medium
* Rebuild against libmysqlclient20.
-- Robie Basak <email address hidden> Tue, 05 Apr 2016 12:21:41 +0000
-
exim4 (4.86.2-2ubuntu1) xenial; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian.control, debian/patches/fix_smtp_banner.patch
+ Show Ubuntu distribution in SMTP banner.
+ Build-Depends on lsb-release.
exim4 (4.86.2-2) unstable; urgency=high
* Bump exim4-config Breaks to exim4-daemon-* (<< 4.86.2). Closes: #816790
exim4 (4.86.2-1) unstable; urgency=high
* Pull 75_0012_Cutthrough-Fix-bug-with-dot-only-line.patch from upstream
4.86+fixes branch.
* New upstream security release for CVE-2016-1531.
+ New options keep_environment/add_environment which are empty by default,
i.e. any subprocesses start in a clean (empty) environment.
+ -C requires an absolute path.
+ Exim changes it's working directory to / right after startup.
* Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new
options. If neither is used we use add_environment to set a minimal
PATH=/bin:/usr/bin to avoid a runtime warning.
-- Marc Deslauriers <email address hidden> Tue, 15 Mar 2016 11:56:18 -0400
-
exim4 (4.86-7ubuntu3) xenial; urgency=medium
* No-change rebuild for gnutls transition.
-- Matthias Klose <email address hidden> Wed, 17 Feb 2016 22:40:56 +0000
-
exim4 (4.86-7ubuntu2) xenial; urgency=medium
* Rebuild for Perl 5.22.1.
-- Colin Watson <email address hidden> Fri, 18 Dec 2015 10:30:54 +0000
-
exim4 (4.86-7ubuntu1) xenial; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian.control, debian/patches/fix_smtp_banner.patch
+ Show Ubuntu distribution in SMTP banner.
+ Build-Depends on lsb-release.
exim4 (4.86-7) unstable; urgency=medium
* Allow arch-indep build (dpkg-buildpackage -A). Closes: #806023
* 75_0011_MIME-fix-crash-on-filenames-having-null-charset.-Bug.patch from
exim-4_86+fixes branch fixes another MIME ACL related crash.
https://bugs.exim.org/show_bug.cgi?id=1730
exim4 (4.86-6) unstable; urgency=medium
* Cleanup (actual patch is identical): Use
75_0009_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch from
exim-4_86+fixes branch instad of
76_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch.
* Pull 75_0010_DKIM-ignore-space-tab-embedded-in-base64-during-deco.patch,
DKIM: ignore space & tab embedded in base64 during decode. Bug 1700
exim4 (4.86-5) unstable; urgency=high
* Pull 76_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch from GIT
head to avoid misaligned access in cached lookup. Closes: #803255
exim4 (4.86-4) unstable; urgency=medium
* Fix documentation of lowuid_aliases router, exceptions are in
CONFDIR/lowuid-aliases not CONFDIR/lowuid_aliases. (Thanks, Tim Krah)
Closes: #799672
* fcron has been removed from Debian in 2011, stop listing it as an
alternative dependency of exim4-base (Thanks, Alexandre Detiste).
Closes: #798236
* Update to upstream exim-4_86+fixes branch:
+ Drop 75_Fix-ESMTP-MAIL-command-option-processing.patch,
76_Fix-post-transport-crash.patch,
77_Fix-post-transport-crash-safeguard-for-missing-spool.patch,
78_Close-logs-after-daemon-process-exceptional-write.patch.
+ Add 75_0001-Fix-post-transport-crash.patch
75_0002-Fix-post-transport-crash-safeguard-for-missing-spool.patch
75_0003-Fix-ESMTP-MAIL-command-option-processing.patch
75_0005-Close-logs-after-daemon-process-exceptional-write.-B.patch
75_0007-DNS-time-limit-cached-returns-using-TTL.-Bug-1395.patch
75_0008-Retry-always-use-interface-if-set-for-retry-DB-key.-.patch
* Use dh v9.
-- Pierre-André MOREY <email address hidden> Mon, 14 Dec 2015 14:23:51 +0100
-
exim4 (4.86-3ubuntu1) wily; urgency=medium
* Merge from Debian unstable. (LP: #1485369) Remaining changes:
- debian/control, debian/patches/fix_smtp_banner.patch:
+ Show Ubuntu distribution in SMTP banner.
+ Build-Depends on lsb-release.
exim4 (4.86-3) unstable; urgency=medium
* Pull three patches from upstream git:
+ 75_Fix-ESMTP-MAIL-command-option-processing.patch:
Corrects handling of mail-addresses with whitespace.
<http://article.gmane.org/gmane.mail.exim.user/97069>
+ 76_Fix-post-transport-crash.patch
77_Fix-post-transport-crash-safeguard-for-missing-spool.patch
<https://bugs.exim.org/show_bug.cgi?id=1671>
* Fix spelling error in copyright file. (Thanks, lintian)
* Pull 77_Fix-post-transport-crash-safeguard-for-missing-spool.patch from
upstream git, exim was keeping logfiles open after after a "too many
connections" event. Closes: #796524, #476958 (Thanks to Andreas Pflug for
chasing this.)
* When saving the berkeley DB version at build-time pass -P option to cpp,
to prevent linebreaks.
exim4 (4.86-2) unstable; urgency=high
* Update exim4-config Breaks, PRDR support is was moved from being
Experimental into the mainline with 4.83.
Closes: #794320
exim4 (4.86-1) unstable; urgency=medium
* New upstream version, identical to RC5 (except for the version string).
exim4 (4.86~RC5-1) unstable; urgency=medium
* New upstream version.
+ Drop 75_Bump-LOCAL_SCAN_ABI_VERSION.patch.
-- Artur Rona <email address hidden> Thu, 17 Sep 2015 13:18:20 +0100
