-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 24 Feb 2020 12:27:57 -0500 Source: opensmtpd Architecture: source Version: 6.6.4p1-1~bpo10+1 Distribution: buster-backports Urgency: high Maintainer: Ryan Kavanagh <rak@debian.org> Changed-By: Ryan Kavanagh <rak@debian.org> Closes: 952453 Changes: opensmtpd (6.6.4p1-1~bpo10+1) buster-backports; urgency=high . * Rebuild for buster-backports. * Fixes major security bug (Closes: #952453). . opensmtpd (6.6.4p1-1) unstable; urgency=high . * New upstream release fixes critical security bug (Closes: #952453). Quoting from OpenBSD errata: . An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. . Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group. . * Update copyright file with new copyright holders * Remove stale entries from Uploaders field Checksums-Sha1: 88f96ee0b9cee36f9e36c8651b7c5c370da72463 3052 opensmtpd_6.6.4p1-1~bpo10+1.dsc 1763a76308c1645be036a6803d16d0e85241496f 790754 opensmtpd_6.6.4p1.orig.tar.gz 6c79bc9ada29c39a5043bdaee3825783a654a785 26336 opensmtpd_6.6.4p1-1~bpo10+1.debian.tar.xz 69eb05de73198c35e69918af9d8b1d815390011a 8561 opensmtpd_6.6.4p1-1~bpo10+1_source.buildinfo Checksums-Sha256: 63cb8889a5b10f562990e5e33f2e6b9d8182d3c5028b3eeb5db511867da07f48 3052 opensmtpd_6.6.4p1-1~bpo10+1.dsc e2f9962a6b99b3cc1572b63a10db648fdca4ad2b58079b680b4202cc7c82d7cf 790754 opensmtpd_6.6.4p1.orig.tar.gz ae942358bae406f9b13cef094fc5c5d177058d5edd86be8048deeff924bcdf5f 26336 opensmtpd_6.6.4p1-1~bpo10+1.debian.tar.xz 7b0f65bf8e7163580c256649f46ffb05cbcbf78d4cbdd99347faafb4f2ed1e9d 8561 opensmtpd_6.6.4p1-1~bpo10+1_source.buildinfo Files: 619122f7b5effb92d2a9925aa8aa0cea 3052 mail optional opensmtpd_6.6.4p1-1~bpo10+1.dsc 4744943277f9a6dc942e7560dbdb5643 790754 mail optional opensmtpd_6.6.4p1.orig.tar.gz 9a675d640eb96443ce657d15819790f2 26336 mail optional opensmtpd_6.6.4p1-1~bpo10+1.debian.tar.xz dbba88b43153ee47b62bee48b56517ee 8561 mail optional opensmtpd_6.6.4p1-1~bpo10+1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQVDBAEBCgAtFiEETkaVGe1ndzQmj72Vj3v4/EoRyXoFAl5UCo8PHHJha0BkZWJp YW4ub3JnAAoJEI97+PxKEcl68F0n/1vlFShA9VRD4tQ3Os/JQoTbrFlxuC4eFEcI T+l2fiGZJRW1iQ+QSMlWUA+Q8zXSQEgf6IQCP8ZJQqQwh/UZJyyB6ZBeG72z6WX+ GH8Nuv0tupXEGxtlyvT/QWLhfdTDCiKjKGYhp+ANOobsWCbJGsgL4Venu145BbbS CmIBwDSNsQl25qoYtgVrzHEoaI6m6aVOlEWHXXrQXob0mt21nUkUB5vf6PQtlVLE wULUKU+xrLGuUJq+Pp4cAh2RTwCeNhrWnFKlohdJTTgaw/O9EVRajK1oNK8nVzjb 6X7KlkCtp7MIQE0BlZOHFFfd0BTJGdDWmGez+KIgIN4UWwPXcA01WCrJpa1ofRa9 DYoA3N8Mnh0I7nIgsWsWXjy51QfNl6yKmicej87ETFRsHEQ/nJIgZs3OeXtEBATs bYaLgy7zvE1HJUsI8v2dDyGM9AAmcjUFibeHQz4coMt4jAOcvg/21cdMonWYKLc6 /tIIH9TE5OiyBvM84FJSXwJJWNL7VR6tGhrSwV0D6n8JMM/XpaefRBQr/zFSuhwu SHLm8124jvCvlnR8BCH7BIaeBC5kOWOGB7Q9bV65vl906tWa+YQ3wRkAITcNu+AF f/LK/IpmB6toZw0k9UBD/nahAwwzQFWRiFlJDuOC7ZSgbtNHFnZjV5R03ZyALV3r FKkMUhWUQP9t1E7drUoCBHZ6fP52ZzCuf8Nk9RflFcLPWmHkMfPC2pMRrYlJ47Yb lemN+n4eU77nYq054eRiEjeShEdKca7BP//hWZfzI/Zs2Kl+rOuff7R9XRgiZijy tfphVVwATS5quo4D0FB5v/ucMGW6wRg3X+adnZGwrJ9iZ/A+2VKWvOrywUwCvVzd BUccbGjgE+Wwowiim1Q+GIHjiymX7CpCOraOb1zhPXrZ+b1NEopJ45xsIV6V/DA9 09bD1SwNXKNs5TXYqFmGcNsKREflpALASWd/w9xIRHBg45Yc6w2QTkg0txDaS3PI KuDWN9uQfNk4S2TesF1wkFYDSgCWAL/evphXnXhmZRM1pm4OsgCYZiozF+kyUvbm 68xSYuccnb6D0NGTv6BrAAb9NRiV8Z2pG/Lda2/l9hLFlVHd/19QLiWFcLT5Nru3 qH3kcngqLHnydsp00lSJYh0ck3xjJwmCX252tnoXlVLDQDa/Tl18/1c+WUhGfxtj 5tUyWWlCwOShgsJzEgwgUeCjfWB7td2sdxJESioh8CYdWfPgul+JuKblwjoAUMb7 V+aL5cHkW3OW0PEAuUMyB1y4TM74x7egyGpkVzyXRzIqgDFnD9fxYyidSGv2B8X7 lNTcktTv0b5z4lFp37VOHqW3EC5CgIJeUfxQs7MQq4bv3efF9ouYMCc3svqxMOoI HxN03tzB9QNsY09823ge6pQ5kUblaCajKASQdfr7LMrQtu84NKihPKRUTHVCEXr3 immq266NoygCCMmVoADgllkKeCYsttsD4CoDWyoNVaqXAsn9zb4gN3BWPXe9onXx wC8Uj1uIPHIwi037nEYFYmN3+/t3C+SGXBRkaEKEkQGuw+KfoUE8ahlGq2TZdiBT /8CW3WU2/3Cxxb8x1N2KcHVQVxz9GGUiHNzQm8l/o6KcKSMfazMTq51+ZKrgAX/k pf19h/e5yWWB4PBKDVZGcydg3+QkQxQjluuIvjIxJWa8b3S0J20ocxLKAwGHPZ7Y FqXQ1BM1 =p4nb -----END PGP SIGNATURE-----
