Accepted opensmtpd 6.0.3p1-5+deb10u3 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 28 Jan 2020 19:44:11 -0500
Source: opensmtpd
Architecture: source
Version: 6.0.3p1-5+deb10u3
Distribution: buster-security
Urgency: high
Maintainer: Ryan Kavanagh <rak@debian.org>
Changed-By: Ryan Kavanagh <rak@debian.org>
Closes: 950121
Changes:
opensmtpd (6.0.3p1-5+deb10u3) buster-security; urgency=high
.
* Fix two major security bugs (Closes: #950121) (CVE-2020-7247)
1. smtpd can crash on opportunistic TLS downgrade, causing a denial of
service. OpenBSD 6.6 errata 018:
https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/018_smtpd_tls.patch.sig
2. Fix privilege escalation vulnerability: An incorrect check allows an
attacker to trick mbox delivery into executing arbitrary commands as
root and lmtp delivery into executing arbitrary commands as an
unprivileged user. OpenBSD 6.6 errata 019:
https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/019_smtpd_exec.patch.sig
Checksums-Sha1:
b6499b0c2fc8520c135e08c9a6ffa79ff26b4e00 3082 opensmtpd_6.0.3p1-5+deb10u3.dsc
9aa89eeed7462902903f2e7304173899557aee65 699702 opensmtpd_6.0.3p1.orig.tar.gz
27936365726edbc06a3b7ba1afa9895f82f10425 30488 opensmtpd_6.0.3p1-5+deb10u3.debian.tar.xz
4bda6919e9114f73e347e95ee1da7fc27cd80bc7 8465 opensmtpd_6.0.3p1-5+deb10u3_source.buildinfo
Checksums-Sha256:
3f87713b1a762df4695bde879b651074a48cd5a8caa5df561543c901eb9e5688 3082 opensmtpd_6.0.3p1-5+deb10u3.dsc
291881862888655565e8bbe3cfb743310f5dc0edb6fd28a889a9a547ad767a81 699702 opensmtpd_6.0.3p1.orig.tar.gz
001686a5713417570335e78e38d34b6e48c5775cb1efdaa77b68dafa9d9fb188 30488 opensmtpd_6.0.3p1-5+deb10u3.debian.tar.xz
4a59567fc92d9b33a3fa9d4eced7337f13ddfc765607ee591bcce0edf3518b6d 8465 opensmtpd_6.0.3p1-5+deb10u3_source.buildinfo
Files:
2cddca39b119608a2eabbd4ab7467ad4 3082 mail optional opensmtpd_6.0.3p1-5+deb10u3.dsc
66e496bb0f3303d660744f4fa2178765 699702 mail optional opensmtpd_6.0.3p1.orig.tar.gz
25b4088bc57209a4039b7ebe581677bf 30488 mail optional opensmtpd_6.0.3p1-5+deb10u3.debian.tar.xz
835e67514c1500cc49faee21b6dde461 8465 mail optional opensmtpd_6.0.3p1-5+deb10u3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQVDBAEBCgAtFiEETkaVGe1ndzQmj72Vj3v4/EoRyXoFAl4xoTcPHHJha0BkZWJp
YW4ub3JnAAoJEI97+PxKEcl6X1koAJ1b+uORpBWIIJ/vyjXK9u7dDAYzutoSQ67A
Mn6jPR4Ck68jpekSpY2esdMYj9YWfiM3yyOk1joe0O9JafFRilso1i8cHfZA+acM
2UhdoJA8vv0N1r4V832gcaSHrgqww81Xx4DkrHSZ4Ra6Fq4D9A3r39BweUrGrYk0
pGO6Hw8FG3MkdGae4rphaIDD0/mKvmBMBJSuvzFPjBKlh6GZLxZkEdX5HrSNfLD6
5jS5rcbVDesjFmIieI1qiiUcBEBZiePXy7B3+FBmsUdnb+PLUVtDhJ3hV7KxMWcX
ThwgkxwZ+xAymC2Xc3pk1WUat5DsAh2yUDVyts3GcNyUaP37XBJo+YLpBFFDBe9q
2RjM8q6SZAC6u5xkr203uoy2wa1jk98defUmxU9irUgxnGeuq0/HGhaKYDtS+BgN
uTTJ3agXlZeuJ+r3Es0L7AXYoE3gtv2XHgRGRxMdoxXrOLMYJAW5r093cIj6PKms
9oYwFLrx1unUlj8yAioBIs3hOU5+gPFsQqTOMLtt9P2HqVgXQUeJi02J/hsmBlbb
JP4m92ubFFn/Ih+mv6ShI+RnEVO770eSlkSGblp7joY9EQyyIeYPX5cR5Mt2UKLk
zt5+paDmENwVCyxJSHchJtUg7gDnHzhVdu8IZyJtbOwRrKyn/qS3Dm76+dOAP2Wd
tOSEn1pKsMK/zw9n5VjUyxyh0/Ny/QSDPVzrwC29UQoUfQNIlr8DRy3tDBIin4JY
UazvxlXpH4GH/9lK+Q0J0Avz4aUKMAqW7v9JNV0NrD1nu7O76uLZCLKbcmurigz9
L5NhNOFzdxElCrx8WnBW3wQN/aHHaW7ZJDI36DqTwzpFGdXdTTxiUWswmteO6EVw
eaebxHt0KpIxO5DPkrf17G61CzcfL0jfbfTNiv+N6yrxIPWlFlxmVKj7HXmLL8O1
vTOB7//aVxRWh+QtYCTfbxvIty895cLa+yqaHc/x5LdmY76moJjPb96GbtBRWKWC
ing99iUc5kxsFr1ON3Dh6DJvZ6VQcu9TvEAtGTwThrS8mGtdndp7JhSVU+THgFYo
YPcr9mPSLz1Io858KcEr5cjQfGl5wYmUPLJKY1uoWVlY5q3fTmFDIJV17tYfbFqJ
L160qqTNt1gJC8uyil7e/nAYusQpRF6994smzzWM178TGIsKo2z9RkqGttDkhHiN
i6geUryLgMC8pTvlBVPSMSQAUzWjICm2RSuOaBci6+OTPzM5x7j3S5EC3KN30/jf
ui8pZvWSa904J1ntjKct0KudCxTBB9LzCkD/5oaTWc/r6sdrglwzZTTXtGda3gnb
MBoMAziSaGdGK6jvzYv34OY07DqZHoFkLeICJiE+62r/HSXPV5UqwWec2EoxPZ+e
rzVSjH7GGgeppMUif5iO5WzMxkNxTKW+2iMz2kSnUyaEy5vltwGRf9YFmSaM62J2
3eNY3btpuDTyz1nfgP2Oh5pqGCRTXzRHNTKNrg2cO1DaKT/eKyuNQOubDMCrXW3e
OnwHVGoFZP9yt9+yrAdk6N8DPdyMoaa/+/q3VvV54PbbcSRoANfd0vdzp1FuNa2Z
ps6d8es3qzCDzq8adb00DqOXeBePai8Sb7dVb4b6Xo6AKelCYbUzuHu0EjTIlQ0N
5Fu4up+45OCtirF+9atI74UmtLQPHtRpvP1lUyZFg5C0bhW2IsUwbH573kiI+hmC
4n0WWr6o
=J4zu
-----END PGP SIGNATURE-----