-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 28 Jan 2020 19:44:11 -0500 Source: opensmtpd Architecture: source Version: 6.0.3p1-5+deb10u3 Distribution: buster-security Urgency: high Maintainer: Ryan Kavanagh <rak@debian.org> Changed-By: Ryan Kavanagh <rak@debian.org> Closes: 950121 Changes: opensmtpd (6.0.3p1-5+deb10u3) buster-security; urgency=high . * Fix two major security bugs (Closes: #950121) (CVE-2020-7247) 1. smtpd can crash on opportunistic TLS downgrade, causing a denial of service. OpenBSD 6.6 errata 018: https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/018_smtpd_tls.patch.sig 2. Fix privilege escalation vulnerability: An incorrect check allows an attacker to trick mbox delivery into executing arbitrary commands as root and lmtp delivery into executing arbitrary commands as an unprivileged user. OpenBSD 6.6 errata 019: https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/019_smtpd_exec.patch.sig Checksums-Sha1: b6499b0c2fc8520c135e08c9a6ffa79ff26b4e00 3082 opensmtpd_6.0.3p1-5+deb10u3.dsc 9aa89eeed7462902903f2e7304173899557aee65 699702 opensmtpd_6.0.3p1.orig.tar.gz 27936365726edbc06a3b7ba1afa9895f82f10425 30488 opensmtpd_6.0.3p1-5+deb10u3.debian.tar.xz 4bda6919e9114f73e347e95ee1da7fc27cd80bc7 8465 opensmtpd_6.0.3p1-5+deb10u3_source.buildinfo Checksums-Sha256: 3f87713b1a762df4695bde879b651074a48cd5a8caa5df561543c901eb9e5688 3082 opensmtpd_6.0.3p1-5+deb10u3.dsc 291881862888655565e8bbe3cfb743310f5dc0edb6fd28a889a9a547ad767a81 699702 opensmtpd_6.0.3p1.orig.tar.gz 001686a5713417570335e78e38d34b6e48c5775cb1efdaa77b68dafa9d9fb188 30488 opensmtpd_6.0.3p1-5+deb10u3.debian.tar.xz 4a59567fc92d9b33a3fa9d4eced7337f13ddfc765607ee591bcce0edf3518b6d 8465 opensmtpd_6.0.3p1-5+deb10u3_source.buildinfo Files: 2cddca39b119608a2eabbd4ab7467ad4 3082 mail optional opensmtpd_6.0.3p1-5+deb10u3.dsc 66e496bb0f3303d660744f4fa2178765 699702 mail optional opensmtpd_6.0.3p1.orig.tar.gz 25b4088bc57209a4039b7ebe581677bf 30488 mail optional opensmtpd_6.0.3p1-5+deb10u3.debian.tar.xz 835e67514c1500cc49faee21b6dde461 8465 mail optional opensmtpd_6.0.3p1-5+deb10u3_source.buildinfo -----BEGIN PGP SIGNATURE----- iQVDBAEBCgAtFiEETkaVGe1ndzQmj72Vj3v4/EoRyXoFAl4xoTcPHHJha0BkZWJp YW4ub3JnAAoJEI97+PxKEcl6X1koAJ1b+uORpBWIIJ/vyjXK9u7dDAYzutoSQ67A Mn6jPR4Ck68jpekSpY2esdMYj9YWfiM3yyOk1joe0O9JafFRilso1i8cHfZA+acM 2UhdoJA8vv0N1r4V832gcaSHrgqww81Xx4DkrHSZ4Ra6Fq4D9A3r39BweUrGrYk0 pGO6Hw8FG3MkdGae4rphaIDD0/mKvmBMBJSuvzFPjBKlh6GZLxZkEdX5HrSNfLD6 5jS5rcbVDesjFmIieI1qiiUcBEBZiePXy7B3+FBmsUdnb+PLUVtDhJ3hV7KxMWcX ThwgkxwZ+xAymC2Xc3pk1WUat5DsAh2yUDVyts3GcNyUaP37XBJo+YLpBFFDBe9q 2RjM8q6SZAC6u5xkr203uoy2wa1jk98defUmxU9irUgxnGeuq0/HGhaKYDtS+BgN uTTJ3agXlZeuJ+r3Es0L7AXYoE3gtv2XHgRGRxMdoxXrOLMYJAW5r093cIj6PKms 9oYwFLrx1unUlj8yAioBIs3hOU5+gPFsQqTOMLtt9P2HqVgXQUeJi02J/hsmBlbb JP4m92ubFFn/Ih+mv6ShI+RnEVO770eSlkSGblp7joY9EQyyIeYPX5cR5Mt2UKLk zt5+paDmENwVCyxJSHchJtUg7gDnHzhVdu8IZyJtbOwRrKyn/qS3Dm76+dOAP2Wd tOSEn1pKsMK/zw9n5VjUyxyh0/Ny/QSDPVzrwC29UQoUfQNIlr8DRy3tDBIin4JY UazvxlXpH4GH/9lK+Q0J0Avz4aUKMAqW7v9JNV0NrD1nu7O76uLZCLKbcmurigz9 L5NhNOFzdxElCrx8WnBW3wQN/aHHaW7ZJDI36DqTwzpFGdXdTTxiUWswmteO6EVw eaebxHt0KpIxO5DPkrf17G61CzcfL0jfbfTNiv+N6yrxIPWlFlxmVKj7HXmLL8O1 vTOB7//aVxRWh+QtYCTfbxvIty895cLa+yqaHc/x5LdmY76moJjPb96GbtBRWKWC ing99iUc5kxsFr1ON3Dh6DJvZ6VQcu9TvEAtGTwThrS8mGtdndp7JhSVU+THgFYo YPcr9mPSLz1Io858KcEr5cjQfGl5wYmUPLJKY1uoWVlY5q3fTmFDIJV17tYfbFqJ L160qqTNt1gJC8uyil7e/nAYusQpRF6994smzzWM178TGIsKo2z9RkqGttDkhHiN i6geUryLgMC8pTvlBVPSMSQAUzWjICm2RSuOaBci6+OTPzM5x7j3S5EC3KN30/jf ui8pZvWSa904J1ntjKct0KudCxTBB9LzCkD/5oaTWc/r6sdrglwzZTTXtGda3gnb MBoMAziSaGdGK6jvzYv34OY07DqZHoFkLeICJiE+62r/HSXPV5UqwWec2EoxPZ+e rzVSjH7GGgeppMUif5iO5WzMxkNxTKW+2iMz2kSnUyaEy5vltwGRf9YFmSaM62J2 3eNY3btpuDTyz1nfgP2Oh5pqGCRTXzRHNTKNrg2cO1DaKT/eKyuNQOubDMCrXW3e OnwHVGoFZP9yt9+yrAdk6N8DPdyMoaa/+/q3VvV54PbbcSRoANfd0vdzp1FuNa2Z ps6d8es3qzCDzq8adb00DqOXeBePai8Sb7dVb4b6Xo6AKelCYbUzuHu0EjTIlQ0N 5Fu4up+45OCtirF+9atI74UmtLQPHtRpvP1lUyZFg5C0bhW2IsUwbH573kiI+hmC 4n0WWr6o =J4zu -----END PGP SIGNATURE-----
