Format: 1.8
Date: Wed, 26 Feb 2020 10:40:28 -0500
Source: opensmtpd
Binary: opensmtpd
Architecture: amd64
Version: 6.0.3p1-1ubuntu0.2
Distribution: bionic
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lcy01-amd64-027.buildd>
Changed-By: Mike Salvatore <mike.salvatore@canonical.com>
Description:
 opensmtpd  - secure, reliable, lean, and easy-to configure SMTP server
Changes:
 opensmtpd (6.0.3p1-1ubuntu0.2) bionic-security; urgency=medium
 .
   * SECURITY UPDATE: Local privilege escalation, remote code execution
     - debian/patches/CVE-2020-8793_8794.patch: An out of bounds read in smtpd
       allows an attacker to inject arbitrary commands into the envelope file
       which are then executed as root.  Separately, missing privilege
       revocation in smtpctl allows arbitrary commands to be run with the
       _smtpq group.
     -CVE-2020-8793
     -CVE-2020-8794
Checksums-Sha1:
 764361dec5cbe72272b13136bea4c3d38e7f9705 1047652 opensmtpd-dbgsym_6.0.3p1-1ubuntu0.2_amd64.ddeb
 f77b34587736529677795be441348209ed2cdcd1 6169 opensmtpd_6.0.3p1-1ubuntu0.2_amd64.buildinfo
 ee023a397fe8e3e7d2f8154b21c8595e565c4995 260828 opensmtpd_6.0.3p1-1ubuntu0.2_amd64.deb
Checksums-Sha256:
 e1061c62a2539e75a02e8d84f22cc0b740f66d73e7127e39d7abef9d8b2a4f97 1047652 opensmtpd-dbgsym_6.0.3p1-1ubuntu0.2_amd64.ddeb
 b7f4edcf9b33c8e7cac79d83ec707769437a818acce445fb66993ea8c11bc6f3 6169 opensmtpd_6.0.3p1-1ubuntu0.2_amd64.buildinfo
 ad7bbde960867c2f432c0e2fcecfddbbe42e52c05621b5dd17fd58a801724d40 260828 opensmtpd_6.0.3p1-1ubuntu0.2_amd64.deb
Files:
 b250496888982aa4e64cdacd8e221a6c 1047652 debug optional opensmtpd-dbgsym_6.0.3p1-1ubuntu0.2_amd64.ddeb
 b097c8dde703f29b616116100bfd9f17 6169 mail optional opensmtpd_6.0.3p1-1ubuntu0.2_amd64.buildinfo
 afc862e7ee0b36382ff26b88f38c8606 260828 mail optional opensmtpd_6.0.3p1-1ubuntu0.2_amd64.deb
Original-Maintainer: Ryan Kavanagh <rak@debian.org>