-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 24 Feb 2020 12:20:52 -0500 Source: opensmtpd Architecture: source Version: 6.6.4p1-1 Distribution: unstable Urgency: high Maintainer: Ryan Kavanagh <rak@debian.org> Changed-By: Ryan Kavanagh <rak@debian.org> Closes: 952453 Changes: opensmtpd (6.6.4p1-1) unstable; urgency=high . * New upstream release fixes critical security bug (Closes: #952453). Quoting from OpenBSD errata: . An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. . Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group. . * Update copyright file with new copyright holders * Remove stale entries from Uploaders field Checksums-Sha1: d6f77f256bc4b99ba4f1565a8b534da268ccafc5 3007 opensmtpd_6.6.4p1-1.dsc 1763a76308c1645be036a6803d16d0e85241496f 790754 opensmtpd_6.6.4p1.orig.tar.gz 7008080c4dc3a492f273ee7276b80f7416e52980 26208 opensmtpd_6.6.4p1-1.debian.tar.xz 9e9fa943b165b55190f8ce188054fea0698bcd27 8529 opensmtpd_6.6.4p1-1_source.buildinfo Checksums-Sha256: f63089e921c53d552e9e6370c202c953c48fcff1c242e5277d5a1241a9e3626b 3007 opensmtpd_6.6.4p1-1.dsc e2f9962a6b99b3cc1572b63a10db648fdca4ad2b58079b680b4202cc7c82d7cf 790754 opensmtpd_6.6.4p1.orig.tar.gz 425d63c270d943609709af7eda16dd2b7da225ebe78e2ef8217dde9e0b8e7c06 26208 opensmtpd_6.6.4p1-1.debian.tar.xz aa75a0c7a5110eadf215c0cd6101bab84afec7a4e2877d41a4cd0b2e4a44ec3a 8529 opensmtpd_6.6.4p1-1_source.buildinfo Files: 4505939d45729aefb0d76abd94e114b4 3007 mail optional opensmtpd_6.6.4p1-1.dsc 4744943277f9a6dc942e7560dbdb5643 790754 mail optional opensmtpd_6.6.4p1.orig.tar.gz 6d6cd01a4ef29fe544858e64bd6a0599 26208 mail optional opensmtpd_6.6.4p1-1.debian.tar.xz 54bfabe54f58679c92e21347d8c35562 8529 mail optional opensmtpd_6.6.4p1-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQVDBAEBCgAtFiEETkaVGe1ndzQmj72Vj3v4/EoRyXoFAl5UCJsPHHJha0BkZWJp YW4ub3JnAAoJEI97+PxKEcl6/Wwn/1Vn9A2IdfD1offw4RkAz1Nt8MmL807zOdJd kbMNyaDZ9ecDhOjOGelWl+rtz2XNcREBczM3tCyyX7ZU8sFIGhbUI+Rxl9P0tcrq 9wzU4flKgytwS78tDOFnwQTnyzvHkRkTsTSJZDcVx6X7suHrydeqXx/5joimL3XD dvcs6TferRXwcb/zCmV7ZSk3EFcDANK8YNBhGX6pPMq9bU0TCl7XSdEC5FW/j19y b8KAmchr0kAlASUyCVyCxGnMWWra8VBzUDAGrUlpCCsYGJo5btFI1mRychFGxORN eI/KoElU5mbC6CngncaAUA1kRI4IGQYB6Q9Rd42t7OjTfBHNVykUypuCya5YDDUG 0iDgmc0OJQ4rcHc2Xd2aKkrRU4DbUqJTbLrVz72gZx5rQtS10BR7HDhPcn56K8vy KpYAu8LctWmsK1gFNI49TBlxS9TOA36XPstmusMXecgcBqLjjqTRZnBsFnPeAIVM yBgO1O/YFZ4Ca1zxBwi8tK0sXJP+HEr7EVqj1huE/XARrlOnLUPnfXR7+fAUU8yV ZY45BXiSEh7DlszrebS0e+CqD7+7vafW+pZ11f9bBNrCTSJrvwWBB+HSck4zkgSo xB103rTYTC3G/cQdr65wSBhlz3K0iafgJd3ZAlWdaDIJsq/kPZJgHzCmIYmOBiKJ c+JtOjTR1qTTVUswWQ0bQbDPqnjBgZ+I+LHpjblJz13QuDE+4WkUlkAI56n2A+ru fSKc5fCD1WQ9KLohNn5Y3qXoj7D37q3PUnHLVpkndTfCkcJvtJ/vHLsqUG9sLccT MH8teQCzHDnIw4PhOo6Is5MlP+mIppxStP5jYVAt7Y938fapC9URQVSuREuGFZAF 1R+Cw1dKxVINYpF4AZwVW5rffT0qdgaw3rFM5ElmvvYMOcCdW4Cq3IjkfiwaP8Xj gDQay2jtD0UgdwILgY+8tiBqHLD+u7CogkjiWEhnQkYfkiPicbhenlnUdxUpb2a/ FWyePKYRDqQQOYCn2VW98kjm+AWZNQcyzAz6qxcldDI3tfZWpuFmaN7+CRiCc7gP ZnjYQDdJ5/wH4xwYNc9kSXaJz+blaTLELWOqTHU2cfsNfmCmq7dZlvYmE7JdVav3 4RsA4g9SJ8jPkCzhhm4Zn+/PCG4SjRIpWalIwWcvTEee2sQesMHkwy7fx6j8vKSw IXmErMVmaR0H5EmjdPdVuiWm3mPEedDp5lgI8bK19l1DKZ0H1Kc2uPEALb4zWOis nRPI8vUyYUSz8UPYMYyBvZi8jSi0BSSqD5oHRa4UoVU8DrhHtBhAhH1zUtLRhaWM pG9Nngq0SZ2G5CTYftrCGVbFotAGra9kh6NWOkr9iFTyQCBqR3nBQPVpRdh+jNo4 Ci95DpK34txNrOC41+9nMjeN+Zrl7qeCGmBaKM2wGuqpx39bdd7wyaZldrrnmnNu mFPqyf+w5iUs79qJQQh5UZb6eOh5Iq8R5D8vDzjfRhC7ctrgLEunIo2HnYlCoWSx xQUJVzBck+Ly1mP+xeWEqlJc4ddeC3PUbqFu5zysutch6ulqpT6wCMQtLIALMlzh AxJcuIBCR3XmiZNgE6OgUcjJQrUPbtdR8VAIdbuIXEjvLLmsqRHdySEESDSNZddC 0jrdeczqQmGCheXetCSmF7FW4i97pWyo8Lq3eoDXr7HgaoAiNR/0FksvURNw7KGr PkhI5qXI =c9cL -----END PGP SIGNATURE-----
