Accepted opensmtpd 6.0.2p1-2+deb9u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 28 Jan 2020 20:28:49 -0500
Source: opensmtpd
Architecture: source
Version: 6.0.2p1-2+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Ryan Kavanagh <rak@debian.org>
Changed-By: Ryan Kavanagh <rak@debian.org>
Closes: 950121
Changes:
opensmtpd (6.0.2p1-2+deb9u1) stretch-security; urgency=high
.
* Fix privilege escalation vulnerability, 019_smtpd_exec.patch.sig. An
incorrect check allows an attacker to trick mbox delivery into executing
arbitrary commands as root and lmtp delivery into executing arbitrary
commands as an unprivileged user. (Closes: #950121) (CVE-2020-7247)
Checksums-Sha1:
51f527617839cab9c8882ba7b86777091205a8f7 3096 opensmtpd_6.0.2p1-2+deb9u1.dsc
386e1115c5cbe91f67ce0854594197846b4bb5d9 695513 opensmtpd_6.0.2p1.orig.tar.gz
0e4c9798a3da01a4bec189103f75a76ab65f3c18 25616 opensmtpd_6.0.2p1-2+deb9u1.debian.tar.xz
dfb59917a7c2e2a0e9d4c48a8b72815346f934bf 8435 opensmtpd_6.0.2p1-2+deb9u1_source.buildinfo
Checksums-Sha256:
7447c82a4e136507629b3f526aa527085960a724153c531250d71c89e4b0623f 3096 opensmtpd_6.0.2p1-2+deb9u1.dsc
2af9b6d08784c7e546bf124bb61e311a6aa0c9835507710a76f5c242383190ac 695513 opensmtpd_6.0.2p1.orig.tar.gz
e490075d01dedeb555f11ade5b3a2edd89e214fdc8853112974fabb1d61c0f9d 25616 opensmtpd_6.0.2p1-2+deb9u1.debian.tar.xz
b59882a41cce18c212f8f9eb1b2525a87edd52d0a2530ba8cff070336de2aedb 8435 opensmtpd_6.0.2p1-2+deb9u1_source.buildinfo
Files:
5fcebb440cf89d61e978bacf9b302371 3096 mail extra opensmtpd_6.0.2p1-2+deb9u1.dsc
1ebc232624f2e2e31010c810ea0a3b88 695513 mail extra opensmtpd_6.0.2p1.orig.tar.gz
80b7cca0a098437f602dbeed6f1109f9 25616 mail extra opensmtpd_6.0.2p1-2+deb9u1.debian.tar.xz
d84cb7719750d2e9bcc56408811ba030 8435 mail extra opensmtpd_6.0.2p1-2+deb9u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQVDBAEBCgAtFiEETkaVGe1ndzQmj72Vj3v4/EoRyXoFAl4xoZIPHHJha0BkZWJp
YW4ub3JnAAoJEI97+PxKEcl6WmQn/3Fq78mJUMrOB0bFg4eiyiNdhEIzhZl1OvAo
D9uJaib4E52Z9EHCpR8Ig7XTE+wdx0u542Ir8Gm3Es11dG4cyFKB8RucVJGkFzOp
XUhImIfuPM/BWywUctjC0yxRy/CxG1zATcyXaf/LUsZLMV7qYbKeXWC2Rqxdg1n3
UOqjX50Z/r1zEGO0V65hTIALOrmTakgYVykieR+WQE0MXqsKDbx4tIPtnfQQiU2F
i4wnRz3l3YpvTaoyQG4kFJLvxyLaz6D61tFR9PVlfdhyZHpGQJLNvy9dMbihQsuL
X7+21bHf9G/BXnJgMii94mJrT/yCrAv2iFo2Fa8p5CAjPbw3nZ3S51V+bJqqByjm
qeVr0hzqmnCEyUT7TzhBcsky9ur/nQb71t/CtVsmgcEuvBMu5lJkwoPAfxdphHKZ
1PA75/Fzbw/5VqutLHaGHq0IJTLPwrRSB0A9lv5Uq2oVTp6S3P649tCv61ypxZAu
rQj790XXQK91DVkogF57y7zlvFDWm9CXPv9WWeK/km4TK0EnfPiJEiyJ4ymumiqC
I1zeXGcl6XsIo2veuWcHZ7rToonU5uSdRHI91LipssqRYqw/tmKksgm9JQ/G4zVW
ImY/Hnkr/JbReyiqZ7OhZqo2AYZ+nzKSZXC4YeBeIjQ4q21wwkcPaA494mCZ54No
UXDF2J9XE0J+GrvevuWjdYGAid7rLP4DGk6NUasjXom/YO1YLxsG0TUwqC6Du0pd
i+gxzbANC508pQVXdf+Du/TjRdRw0Q4EeHLl4LKPj9lqN246lKIQu9zMLTtoTi71
I5VRFAP2b2X/LWsCgLohGueDZAk5TDQz0sCVKvhH7YAPqz5kQnmUfk/R5bY0+w0C
565ZUwB5UBRVlPn3daI4UIuNZCUUbr24veU6VrXzgOtzUmEerKpZBLKxgteVPmYb
1PgIGK0gXX0jukH0DDmzaSs4oUauumj3TwG54MMl70CvcdI+2JQStzwT+VxFJS4v
kO8GINNvVnRocp6Xa7MqRLqgRGn1ecodXVgDhU1IHoFZYGAseHGO8TyZVM26OGUw
XmoMvwMx0sSGkE2NwRWqUtjUmZjc8M3ApK04nDiACN+Rcl2p8oY6FxiWmmR/bhtN
uQMHub07EMb+bmf1KN5dcu6iq5Y1coErWQwDiqwzim87SJQePRJSiaLFqfv4b6Tl
TkjDj0C74NJkeLWrnQ5Wj4XK0nXbbrShxK7XWc/YwvS0c3i1WfYFsWBmHoXzcc/p
ZlEpsndHDnBt4OZmlRH6B3noTfYDXzKg8Not/7AILfT+k3JYkJNyKPB+Qa/Pe4RA
4LoZUSoIaVXgsmG1imiIbBuu5wIoqBy5MCs4hBcRVN2RnQMck2GB3xIAtaTO5Ybb
le/xdTBuv9sSB1vW/3u/yHDD2BVe4H9eXqxXOJvpHjLiDXd5U25s8r5bziGEKHpt
qho+ecr+0YsLE44AUiyAd2EEGPmp6+9CJPRTX5qNEW5pKlMtU6KpPCCtraHURBik
UQB+G9oLhCUbBgwSMjaTjXSgaBUQZsAV0JirJ2DFT/yV2PdHwNv/+fEGAD+2xa5g
aroeFAuF8nGgaXIHaeQbytNro0aC61BmNdi8koZG3/WX3f7IU7oI2uP1uF8OV5/C
QDl5C1qMXtSI661Kakseq011xcwV3asGNkWRznt/0RAJE2Qp0D2GGyeAGrVR0Qlw
xKL5Jxo+
=BkTe
-----END PGP SIGNATURE-----