-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 28 Jan 2020 21:54:09 -0500 Source: opensmtpd Architecture: source Version: 6.6.2p1-1~bpo10+1 Distribution: buster-backports Urgency: high Maintainer: Ryan Kavanagh <rak@debian.org> Changed-By: Ryan Kavanagh <rak@debian.org> Closes: 950121 Changes: opensmtpd (6.6.2p1-1~bpo10+1) buster-backports; urgency=high . * Rebuild for buster-backports. * Fixes major security bugs (Closes: #950121) (CVE-2020-7247) . opensmtpd (6.6.2p1-1) unstable; urgency=high . * New upstream release fixes the following two security issues: + smtpd can crash on opportunistic TLS downgrade, causing a denial of service. + An incorrect check allows an attacker to trick mbox delivery into executing arbitrary commands as root and lmtp delivery into executing arbitrary commands as an unprivileged user. * Bump standards version to 4.5.0 Checksums-Sha1: de78031e0a7437c6435f511f496b7c282abf4118 3098 opensmtpd_6.6.2p1-1~bpo10+1.dsc 52e8d1faa60b4e8d4c473c47bed58c98b8ef3c29 26176 opensmtpd_6.6.2p1-1~bpo10+1.debian.tar.xz e2f65f4b33e79897557bd8bc6ec9f07849049033 8465 opensmtpd_6.6.2p1-1~bpo10+1_source.buildinfo Checksums-Sha256: 53c2f063f3dffefb7a4ef8e72ff2fc82a3d6954490848773d4b972fafbfa4081 3098 opensmtpd_6.6.2p1-1~bpo10+1.dsc dc39fa24e14881235e689279627be064d138fa572382f7faa7c83eb5eb05d4b8 26176 opensmtpd_6.6.2p1-1~bpo10+1.debian.tar.xz 208ba05ff1ae49bbd31ef8b1e0e36461cfaf7439234f8bea1c0f0fa2e02598a6 8465 opensmtpd_6.6.2p1-1~bpo10+1_source.buildinfo Files: c45aa197b503f1c66308c4e7b45d3697 3098 mail optional opensmtpd_6.6.2p1-1~bpo10+1.dsc c2f8d7e1b5d8066bf474e5bd498e835a 26176 mail optional opensmtpd_6.6.2p1-1~bpo10+1.debian.tar.xz 785cb44bd519855538449ded94954e4c 8465 mail optional opensmtpd_6.6.2p1-1~bpo10+1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQVDBAEBCgAtFiEETkaVGe1ndzQmj72Vj3v4/EoRyXoFAl4w+GUPHHJha0BkZWJp YW4ub3JnAAoJEI97+PxKEcl6Q2QoAJAbJQQ6Vwhv5NqBFSlVA650QUsYnOJP9pjC CvX87APGVSzrGirOHVFdnE+E/ySgKqUfqP8fiZLqgJv466ongc1E5X7/QaqgZ+VZ OolLjzHjVcHDtbDCBaRtlBuv2B+fj/p85lB+mgD5VveGf2xQNY/JsXd8thYenQzd yWABchtPSDFcSqGX8zbgUC3fzK7Jp3CDzkY1erPRBJclROY6b9l4IUcZnGGYbJtH Vw39t3eVw8liBmrtqJEsAhqSrGXYv1VKVLPhIKZPvypXHfw2jUw+KefHSHBfD/FU UGjipBwkZwrH07pwAC7LUOd2LUArDbTVHfNGSQAsXej84ldqz0NkH4eBBsLNHex+ Bmi/iz5SuIB1+yLr6e+3tVKmf4jXnC9NRInnKEdFd/bw0S5MfjKDcOOs13GqPH3C daFPj5aNvEcQvHlfxkCzdQtfSvh1pv2fuNU0Zbk92N0m5OqLseogD4x8ZCorpGPo efWpvAeYcrn/yOWInIJL+4QulvO1SwWZAQXrOpYUQCeQ+F7Ob+n+lIOJPSEJ1kvl QKf+VB6TpG2XKf5aAZeGx0QJkhk029PovfnGJZTLiqGSHxFTSZCeNxyW+46A2Gw4 EpD0fKhHQ1kXS5SHuKrmHAH07d20DFWgEemHfhhrE3JifQEM8aiR2wS0OnwpN0S3 QCSZwXrqN3+qQtVW63JLV+ylba9Mgt44XCc80sNT+Zh10G7iWigPK3FSgQmRIH5z 7tTp/TM/bd4ZndapJ01RmaS66t9qFAvEEv/StdmLLcN/cyZ2x24I1CcsBW3TDcv1 wGKzLL2ouRL9u/HxQbuYT3n2vUz1ikNcBopBF5e1HJSyf3MK2YS9gs8eh7kkwI/f ki5vQnPpacGp6HSw/lZ71tLuwrSGnI8AiC8o4j7FmRRtsg40BusoJjcu7uB6hZ3s zHpVVeF1WTTZWm9M0ufErDzIePD/3EU+D4igfKH1NEiT9ruYH6lJbzpiBaWVNoBa F+KsQS6EJWpz4UB2/EqhOOfe/hvsIt5pBNMc/u/2mX+4XtVhhPFgGQOdBXnslnQX 3uGLgIcLulHQcCid5O/7A07kQupxlMEAnTiXMExYhzhoiAJCC+LmVRmHC8z3xBw3 RZUwIIlz22Gs4e4NZrlu6NZj66BDmhi3RNxjLmbGnXaN8ipeR1iKN3rXjfJ6fYGd /kHzgGPu4UrYXx7h1D+gShOpjIBchoekYGLJ2oGqbryWnPASC8BTF4YBn9N7E2MX Q8YRH7/aBl7OdYUQtWrFPOmP2FMcMXgfVlbrOS375tO8q5sNCj2Bww1IYXdW3Cni ci1uUYkVzQL78kdBD3heeoJ6NufFcP73m+EO68IfoF7tH9nIoip9fW1NJxBrKiIj U1/bMHfStAo6KlskrLrDVItZzvlPHTpDfiVr+5KEPqjNpcO3KUItAeCKwMGUEX25 u6p4Kp2GNrnbcaxK/xRO+OFMBQecNwHoXUsBD07rlqTm6N/8rexFxxxGjGakuDHh rLXaGSzheodKP3oVIc2XKnM71LzYf0/2M2RmRJS1y/y0QInayLoAvkdIGo7elPZZ hZVnify7IDnQGTfmTfCb0mOqhaHAw2x+z1CmuXJSPGfD82JHh+bBtyNXZ+lQKrf1 2Y6M0ryYfHDJZqVSEOB+EZ4aRI3lPhP2r2m0OGrRQlrH/lLzuecnMVvdtReQ7oZS /XJfCkZw =Fm4t -----END PGP SIGNATURE-----
