Debian Package Tracker

From: Ryan Kavanagh <rak@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted opensmtpd 6.6.2p1-1 (source) into unstable
Date: Tue, 28 Jan 2020 23:05:17 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 28 Jan 2020 17:27:21 -0500
Source: opensmtpd
Architecture: source
Version: 6.6.2p1-1
Distribution: unstable
Urgency: high
Maintainer: Ryan Kavanagh <rak@debian.org>
Changed-By: Ryan Kavanagh <rak@debian.org>
Changes:
 opensmtpd (6.6.2p1-1) unstable; urgency=high
 .
   * New upstream release fixes the following two security issues:
     + smtpd can crash on opportunistic TLS downgrade, causing a denial of
       service.
     + An incorrect check allows an attacker to trick mbox delivery into
       executing arbitrary commands as root and lmtp delivery into executing
       arbitrary commands as an unprivileged user.
   * Bump standards version to 4.5.0
Checksums-Sha1:
 be0cc5eefd840b492f384602d3d3f400fcc9fbd1 3053 opensmtpd_6.6.2p1-1.dsc
 af8514cf9da7aeaccde19e5406bb4a0d477b81a2 777422 opensmtpd_6.6.2p1.orig.tar.gz
 5b3c76103f519ed4e07b26d2b33605af7d679a1e 26040 opensmtpd_6.6.2p1-1.debian.tar.xz
 475a7ff08e55997e13d345a22ece972d088e91e5 7503 opensmtpd_6.6.2p1-1_amd64.buildinfo
Checksums-Sha256:
 be875a252b262be56d17cae330fa94a73d664be2b12c6fb6f14df0c9acc645d3 3053 opensmtpd_6.6.2p1-1.dsc
 63b811aca56861108bb72f16fcbbf32f1af71e77b8996a9a5654b6a18915df9a 777422 opensmtpd_6.6.2p1.orig.tar.gz
 ce0534e5bcb16c1ff131a4a828f2325052d6c1d1a465028d45b68e6d9349813e 26040 opensmtpd_6.6.2p1-1.debian.tar.xz
 f805ed55d8a8d5f35d49664ca0b3f8843f322e5062f2cc7418094c6a39fa40f2 7503 opensmtpd_6.6.2p1-1_amd64.buildinfo
Files:
 641664db87b8456f5d6db09fefcb195a 3053 mail optional opensmtpd_6.6.2p1-1.dsc
 bd29619f56c009a4eb4879304771822b 777422 mail optional opensmtpd_6.6.2p1.orig.tar.gz
 06b7dc7e070f946869665e688467d2f9 26040 mail optional opensmtpd_6.6.2p1-1.debian.tar.xz
 e8eee299ef9d4c6e8c40423eb461683c 7503 mail optional opensmtpd_6.6.2p1-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQVDBAEBCgAtFiEETkaVGe1ndzQmj72Vj3v4/EoRyXoFAl4wuW4PHHJha0BkZWJp
YW4ub3JnAAoJEI97+PxKEcl6NEMn/iKXSfWqyGu/jet8u0VmevIMV51TP3ASiN4y
zeC2F8YZfRbwiycnauJoOfotOlRbvd4frQzwdw6EsfCLP193DwbSeM/q4t4NAF8r
xPCHWgMLA2K/t1lJQkpM7TUodvNLKgGOQWAJBXFVMQIAD1FOWRujROb4QELz+rmH
n3eDW7UohboNZ8C/SSDksRG2tSXdEhSlFJBc9SqAWQjUtI78uCuSi/GsfJ5Oc4eU
1NCqreTmBzqqHwj+8qeEse6BjfkRXsJ5WN64ydQ4VNGCWAu3h9ERe0w6tTvvmfcD
9JVMEy7R+hUf81XO0nIvLMo46CsyJtH4O2e2zZzlkUiRLGXPh2CMlpeMKlNjON2i
Cecl8SyVqh0fK0bunvnoAby/W4jYMDJMPWHwtcYIsabsMKxyivVMxQsOz8hcfYum
F4BGFAcnfnGi4+cRMuEeYzpWn0O2S2jm0Ecno8AdKoWjFdlyx1x6+7k5NBOQyWts
e1VtOPpdS+FGwwdCiOCs+go38Rw+FEqcE2IR5dXdWWLlWuC2w+3wRjbT8eSiMKCN
boKGWgUuS5R8RBh1Qd0YJBXszFL1cOqame0l2wOM5Y4NshLJgJht9f68AntBxSo2
e1hy75qG7geXCNcy4KaB2LUZoPrtT24H5aJ8TctHLYtUkw+DMY/JlM50Lgtvvwfd
k3D7OlN2k0avk/fHi3J0i+j/0RJl1g8rZjHQK0BGS5qVHtm7DM3XJq/jnEat4gt4
PQd13lDXeiuTr/Rv6yO3l8qXJYyjrJF183EEjL9mFaVhDT2n9lhRDp/C5v7/DpYl
xd0MadQ821waJ28gTGkHIwKxWCvI/O/fbHh4RkqURQonv96aGVbys04ZeoS7/HeJ
qUm88Xo0f8wFPWUC2CRO7+Jtlb8D6eIcIfvzl6CgwWwNxPoPdQHBbtpCYrORRmKD
/QrVgbwSEcLHCHSZ9yclvCoQwhke9zc9CTxCP7JPiSf24uYQkhjLIwgdEwkh0CgT
PwimlKdNKe71RkfvxWiCGZiIVP+r9Idb00txa1WCDvpGBiP9KJSmF7dNyFqqJeHj
O95JHXvfdlmbadDyNNmX0fpegnhWN59wMpna0IIZn6Xz4PguvgQ3uj7WcQ9cA1Dp
HDtcB964KyE5u9pStynMMhSwkhtV8jYWWhfjmCeT5cF1XwG6MaB0z3+QjeLKrr1d
MFHcx+ADWdnsxk4wmZutHnym+87lrbPdGMrrlHwnyxOMNbQ9qQ0LCQK76KHQeVPm
6K683rsJaPJBFL0A7kQyGe5BWwscupOJkv/TgOQDjU1vEYMe+KB4Gy/J1HX/iGgj
TiK+v4xuEI74RPtJydgI94OTMgTOW3udbJL5AhCN3bCYOmL09A1tC0atPpEUnJ2V
OMzYFoVhOa15Il4VfHc+4IBbx+fFq7gX8mtbR5A9hC/MUYp+HTVSdgZIIjqJmAvr
9oSFlMQCmqMLTJJhM6FDeKHY2xLrZQN7D4e4fg+pI3x0MhIWk/fRYIF3qOPrAfID
LDAjQu4YTmQs5KePCJ9dLl6d5IsgUF0taHRmambGooPitOlLg5shxCsCYQ/hl1j/
wEVqlzQlHypJZGELWr6zcnmPn5VS50Ly0ykxE3klFYZMvGyoFsCXzwxrCNX838F/
BtOiWaxKjzm5W6cOwp8xrUkp+FiyT1BagwCMdYjMQ91IE8++6UHN31cfKgWHoXxG
QCdZTT/6
=AyT4
-----END PGP SIGNATURE-----
News for package opensmtpd
