Accepted opensmtpd 6.6.4p1-1 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 24 Feb 2020 12:20:52 -0500
Source: opensmtpd
Architecture: source
Version: 6.6.4p1-1
Distribution: unstable
Urgency: high
Maintainer: Ryan Kavanagh <rak@debian.org>
Changed-By: Ryan Kavanagh <rak@debian.org>
Closes: 952453
Changes:
opensmtpd (6.6.4p1-1) unstable; urgency=high
.
* New upstream release fixes critical security bug (Closes: #952453).
Quoting from OpenBSD errata:
.
An out of bounds read in smtpd allows an attacker to inject arbitrary
commands into the envelope file which are then executed as root.
.
Separately, missing privilege revocation in smtpctl allows arbitrary
commands to be run with the _smtpq group.
.
* Update copyright file with new copyright holders
* Remove stale entries from Uploaders field
Checksums-Sha1:
d6f77f256bc4b99ba4f1565a8b534da268ccafc5 3007 opensmtpd_6.6.4p1-1.dsc
1763a76308c1645be036a6803d16d0e85241496f 790754 opensmtpd_6.6.4p1.orig.tar.gz
7008080c4dc3a492f273ee7276b80f7416e52980 26208 opensmtpd_6.6.4p1-1.debian.tar.xz
9e9fa943b165b55190f8ce188054fea0698bcd27 8529 opensmtpd_6.6.4p1-1_source.buildinfo
Checksums-Sha256:
f63089e921c53d552e9e6370c202c953c48fcff1c242e5277d5a1241a9e3626b 3007 opensmtpd_6.6.4p1-1.dsc
e2f9962a6b99b3cc1572b63a10db648fdca4ad2b58079b680b4202cc7c82d7cf 790754 opensmtpd_6.6.4p1.orig.tar.gz
425d63c270d943609709af7eda16dd2b7da225ebe78e2ef8217dde9e0b8e7c06 26208 opensmtpd_6.6.4p1-1.debian.tar.xz
aa75a0c7a5110eadf215c0cd6101bab84afec7a4e2877d41a4cd0b2e4a44ec3a 8529 opensmtpd_6.6.4p1-1_source.buildinfo
Files:
4505939d45729aefb0d76abd94e114b4 3007 mail optional opensmtpd_6.6.4p1-1.dsc
4744943277f9a6dc942e7560dbdb5643 790754 mail optional opensmtpd_6.6.4p1.orig.tar.gz
6d6cd01a4ef29fe544858e64bd6a0599 26208 mail optional opensmtpd_6.6.4p1-1.debian.tar.xz
54bfabe54f58679c92e21347d8c35562 8529 mail optional opensmtpd_6.6.4p1-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQVDBAEBCgAtFiEETkaVGe1ndzQmj72Vj3v4/EoRyXoFAl5UCJsPHHJha0BkZWJp
YW4ub3JnAAoJEI97+PxKEcl6/Wwn/1Vn9A2IdfD1offw4RkAz1Nt8MmL807zOdJd
kbMNyaDZ9ecDhOjOGelWl+rtz2XNcREBczM3tCyyX7ZU8sFIGhbUI+Rxl9P0tcrq
9wzU4flKgytwS78tDOFnwQTnyzvHkRkTsTSJZDcVx6X7suHrydeqXx/5joimL3XD
dvcs6TferRXwcb/zCmV7ZSk3EFcDANK8YNBhGX6pPMq9bU0TCl7XSdEC5FW/j19y
b8KAmchr0kAlASUyCVyCxGnMWWra8VBzUDAGrUlpCCsYGJo5btFI1mRychFGxORN
eI/KoElU5mbC6CngncaAUA1kRI4IGQYB6Q9Rd42t7OjTfBHNVykUypuCya5YDDUG
0iDgmc0OJQ4rcHc2Xd2aKkrRU4DbUqJTbLrVz72gZx5rQtS10BR7HDhPcn56K8vy
KpYAu8LctWmsK1gFNI49TBlxS9TOA36XPstmusMXecgcBqLjjqTRZnBsFnPeAIVM
yBgO1O/YFZ4Ca1zxBwi8tK0sXJP+HEr7EVqj1huE/XARrlOnLUPnfXR7+fAUU8yV
ZY45BXiSEh7DlszrebS0e+CqD7+7vafW+pZ11f9bBNrCTSJrvwWBB+HSck4zkgSo
xB103rTYTC3G/cQdr65wSBhlz3K0iafgJd3ZAlWdaDIJsq/kPZJgHzCmIYmOBiKJ
c+JtOjTR1qTTVUswWQ0bQbDPqnjBgZ+I+LHpjblJz13QuDE+4WkUlkAI56n2A+ru
fSKc5fCD1WQ9KLohNn5Y3qXoj7D37q3PUnHLVpkndTfCkcJvtJ/vHLsqUG9sLccT
MH8teQCzHDnIw4PhOo6Is5MlP+mIppxStP5jYVAt7Y938fapC9URQVSuREuGFZAF
1R+Cw1dKxVINYpF4AZwVW5rffT0qdgaw3rFM5ElmvvYMOcCdW4Cq3IjkfiwaP8Xj
gDQay2jtD0UgdwILgY+8tiBqHLD+u7CogkjiWEhnQkYfkiPicbhenlnUdxUpb2a/
FWyePKYRDqQQOYCn2VW98kjm+AWZNQcyzAz6qxcldDI3tfZWpuFmaN7+CRiCc7gP
ZnjYQDdJ5/wH4xwYNc9kSXaJz+blaTLELWOqTHU2cfsNfmCmq7dZlvYmE7JdVav3
4RsA4g9SJ8jPkCzhhm4Zn+/PCG4SjRIpWalIwWcvTEee2sQesMHkwy7fx6j8vKSw
IXmErMVmaR0H5EmjdPdVuiWm3mPEedDp5lgI8bK19l1DKZ0H1Kc2uPEALb4zWOis
nRPI8vUyYUSz8UPYMYyBvZi8jSi0BSSqD5oHRa4UoVU8DrhHtBhAhH1zUtLRhaWM
pG9Nngq0SZ2G5CTYftrCGVbFotAGra9kh6NWOkr9iFTyQCBqR3nBQPVpRdh+jNo4
Ci95DpK34txNrOC41+9nMjeN+Zrl7qeCGmBaKM2wGuqpx39bdd7wyaZldrrnmnNu
mFPqyf+w5iUs79qJQQh5UZb6eOh5Iq8R5D8vDzjfRhC7ctrgLEunIo2HnYlCoWSx
xQUJVzBck+Ly1mP+xeWEqlJc4ddeC3PUbqFu5zysutch6ulqpT6wCMQtLIALMlzh
AxJcuIBCR3XmiZNgE6OgUcjJQrUPbtdR8VAIdbuIXEjvLLmsqRHdySEESDSNZddC
0jrdeczqQmGCheXetCSmF7FW4i97pWyo8Lq3eoDXr7HgaoAiNR/0FksvURNw7KGr
PkhI5qXI
=c9cL
-----END PGP SIGNATURE-----