Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted exim4 4.89-2+deb9u8 (source amd64 all) into oldstable
Date: Wed, 05 May 2021 09:50:15 +0000
Signed by: Thorsten Alteholz <alteholz@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 04 May 2021 11:03:02 +0200
Source: exim4
Binary: exim4-base exim4-config exim4-daemon-light exim4 exim4-daemon-heavy eximon4 exim4-dbg exim4-daemon-light-dbg exim4-daemon-heavy-dbg exim4-dev
Architecture: source amd64 all
Version: 4.89-2+deb9u8
Distribution: stretch-security
Urgency: high
Maintainer: Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
 exim4      - metapackage to ease Exim MTA (v4) installation
 exim4-base - support files for all Exim MTA (v4) packages
 exim4-config - configuration for the Exim MTA (v4)
 exim4-daemon-heavy - Exim MTA (v4) daemon with extended features, including exiscan-ac
 exim4-daemon-heavy-dbg - debugging symbols for the Exim MTA "heavy" daemon
 exim4-daemon-light - lightweight Exim MTA (v4) daemon
 exim4-daemon-light-dbg - debugging symbols for the Exim MTA "light" daemon
 exim4-dbg  - debugging symbols for the Exim MTA (utilities)
 exim4-dev  - header files for the Exim MTA (v4) packages
 eximon4    - monitor application for the Exim MTA (v4) (X11 interface)
Changes:
 exim4 (4.89-2+deb9u8) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * Fix several security vulnerabilities reported by Qualys and add related
     robustness improvements. (Originally fixed in upstream release 4.94.3 and
     in upstream GIT branch exim-4.92.3+fixes. (Special thanks to Heiko)
     + CVE-2020-28007: Link attack in Exim's log directory
     + CVE-2020-28008: Assorted attacks in Exim's spool directory
     + CVE-2020-28009: Integer overflow in get_stdinput()
     + CVE-2020-28011: Heap buffer overflow in queue_run()
     + CVE-2020-28012: Missing close-on-exec flag for privileged pipe
     + CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
     + CVE-2020-28014, CVE-2021-27216: Arbitrary PID file creation, clobbering,
       and deletion.
     + CVE-2020-28015 and CVE-2020-28021: New-line injection into spool header
       file.
     + CVE-2020-28017: Integer overflow in receive_add_recipient()
     + CVE-2020-28019: Failure to reset function pointer after BDAT error
     + CVE-2020-28020: More checks on header line length during reception
     + CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
     + CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
     + CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
     + CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
     + CVE-2020-28026: Line truncation and injection in spool_read_header()
Checksums-Sha1:
 19359cd5cb64ec5108d56bab4959a1da709c1194 2977 exim4_4.89-2+deb9u8.dsc
 75c4008100f313dfca73a1050e8ca59c7ee1dcf4 1686652 exim4_4.89.orig.tar.xz
 6dbd309a990d5542eba98622d06c60c47d083305 470624 exim4_4.89-2+deb9u8.debian.tar.xz
 4f0a702d7168bdcc2a0a1dcbb4ee4297ffff37d5 1094310 exim4-base_4.89-2+deb9u8_amd64.deb
 296c123fc768ee0fd5ee1751fe69bb67e21f9e17 377496 exim4-config_4.89-2+deb9u8_all.deb
 6dcfc2fa2171e6038ea0fafa19ffb49bd579b7ca 2090454 exim4-daemon-heavy-dbg_4.89-2+deb9u8_amd64.deb
 4eda00db9a3fe2f3c30ef1a466270f22ddd4075d 596778 exim4-daemon-heavy_4.89-2+deb9u8_amd64.deb
 7b2742b5b306559a8cc01846f7653d144aa7cb75 1795492 exim4-daemon-light-dbg_4.89-2+deb9u8_amd64.deb
 c3aa118475baea466bb7c53a37d3adfa6c0b401d 545892 exim4-daemon-light_4.89-2+deb9u8_amd64.deb
 3118ccd83b8162031533b1d576793dc7a1df15df 618496 exim4-dbg_4.89-2+deb9u8_amd64.deb
 186e812313b2832df07954bbc9502b3eeb48f5be 99780 exim4-dev_4.89-2+deb9u8_amd64.deb
 5046ab8f38b61aa8c1cf30305ae9fac9eccb19f4 7868 exim4_4.89-2+deb9u8_all.deb
 5486e07609053e4072e197e24633602b6136c26f 11509 exim4_4.89-2+deb9u8_amd64.buildinfo
 754c024dfba3e250410612c31986a1fabe6b4d2c 130216 eximon4_4.89-2+deb9u8_amd64.deb
Checksums-Sha256:
 c30fd2bed49dcd00b5bdbf3e57ea42467e2a13606464bf20b750dca34ea4f3d4 2977 exim4_4.89-2+deb9u8.dsc
 0c490a1ca97bbb22d6079d2896de19af48ac3af109ea5f307dbc6b49c66e9626 1686652 exim4_4.89.orig.tar.xz
 61f4f8d494d3d937cd1f741598c860936a62d325c7686be40b0e4ef30c23f3ca 470624 exim4_4.89-2+deb9u8.debian.tar.xz
 d959f0819ac4a17e71df51adfca8e007fda3c613a73bbc7fffdcffa7282eca66 1094310 exim4-base_4.89-2+deb9u8_amd64.deb
 b8f8d706e96918e8bf0621219da70334f4fd47624ce572b2fdb7f52e00a49967 377496 exim4-config_4.89-2+deb9u8_all.deb
 9693029b739b3248db2fd14a45f27484bb684726e6c6c08248b20a45d5093614 2090454 exim4-daemon-heavy-dbg_4.89-2+deb9u8_amd64.deb
 b0a18d895f64401dbba0d5d3c00f0e2bc8c539c5ac2376af94fc955b5ee41b7c 596778 exim4-daemon-heavy_4.89-2+deb9u8_amd64.deb
 f2a35d9441d2ac934cd5414aabfbe19c3f4a8acf87140eaddf06e558551c4924 1795492 exim4-daemon-light-dbg_4.89-2+deb9u8_amd64.deb
 bccc83d8b9df4e52b68bad3df02d6bb67078196f17e7e6d23170f0846aa65d90 545892 exim4-daemon-light_4.89-2+deb9u8_amd64.deb
 06d77709a0dcad836fba556453cc0d5580957b6b776894f5ca5049c8ec9fea6c 618496 exim4-dbg_4.89-2+deb9u8_amd64.deb
 1c8c2ffaf03670ab03a49b498d1328b025a2556de4bf7ec44c5298543ea65eb1 99780 exim4-dev_4.89-2+deb9u8_amd64.deb
 ea311ceabd9f3760b16bfaafe25fb6fd52677ae8ce98fef39bee631c3acbe52d 7868 exim4_4.89-2+deb9u8_all.deb
 2d3b1ca215bbd63d94d15c15695c474a7b2bac1193461682ca92996458ebb2bf 11509 exim4_4.89-2+deb9u8_amd64.buildinfo
 99a5b5965ac0ab07bd153a20e7949127f619ad5d17473d867187d05855a8f674 130216 eximon4_4.89-2+deb9u8_amd64.deb
Files:
 2ef3239078ec7995900f6cfd9ed1dae3 2977 mail standard exim4_4.89-2+deb9u8.dsc
 b569ec80c495dffc54545895e680ed61 1686652 mail standard exim4_4.89.orig.tar.xz
 0115685c0893821a13fcf2326a6a7760 470624 mail standard exim4_4.89-2+deb9u8.debian.tar.xz
 5d8da496946b7300d073d43bbb4e3708 1094310 mail standard exim4-base_4.89-2+deb9u8_amd64.deb
 cf1e4f1511b865e6a443196a1414de8b 377496 mail standard exim4-config_4.89-2+deb9u8_all.deb
 104868cf2a22e1d6496a866d572ce291 2090454 debug extra exim4-daemon-heavy-dbg_4.89-2+deb9u8_amd64.deb
 f0ac90ab3392bc15d9bee5f9da6c8f0e 596778 mail optional exim4-daemon-heavy_4.89-2+deb9u8_amd64.deb
 db7d0a7dac0b49e4f95d7252cc543960 1795492 debug extra exim4-daemon-light-dbg_4.89-2+deb9u8_amd64.deb
 36e43ca4b15bbd744f8492235b18d117 545892 mail standard exim4-daemon-light_4.89-2+deb9u8_amd64.deb
 0ee061e5fae77f6411be24bad4944303 618496 debug extra exim4-dbg_4.89-2+deb9u8_amd64.deb
 462466f2bce17386a7d3a18994f6350a 99780 mail extra exim4-dev_4.89-2+deb9u8_amd64.deb
 1ff02a56cedbc110bf649f05dff5a759 7868 mail standard exim4_4.89-2+deb9u8_all.deb
 767e8b89f4677e8e173461b352f98c78 11509 mail standard exim4_4.89-2+deb9u8_amd64.buildinfo
 099a72114b64182a7851e57e26b51328 130216 mail optional eximon4_4.89-2+deb9u8_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmCSY4tfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR2CdEADH3VTHE55pzyQ03ISjrvRnh+uGLJY2
LxXKJLjgLQpGODoe1ydERDy3M/PYWVP0AJvBBWI3y8HFO/X7883y3CC1/XxFVG1L
9YO2eUiC8+CA4ZEx8tGrU49yKH6L1xolRMzzbgEbHDlBVBPRlW6EZWh5zrKEcqNF
vIiuap7O95DPlABa3rg16Zg8I+J1RTt8CqYp7+qZDqEZtUx7VpJklkEMl4sxrKx6
FxR//ogpGlzBAEp6PM2cH1R+CLq5JqnYIgZ5huXP8AXE9w6j3+58+rtgc8RIYYJL
+Lo0pOGdjO5NVuPxYntxdCoMBav2TG0+PGISJwZQ8s0+jwBMcR6wvuoObEZdn7r4
8t94wnh+vDLjmzDfUfSnk9fdO3R/9P1sSj0PA51tysMTUzuBeZkPdqR74UqMCb9I
hGsY3m4n0m74nJlr6wRId+ColkXO4Es5ZS/kXsEW9B1MKNDlWemD4BKAPc5mRKKW
HM4Oe8eoO98IZKS5b6h8Heesokh0TfSHlFo3fW0x40DTknjjLbCZlKe7c9jTh8UD
bMT+W7d+wyekkhbqLSa8XLGIwOnbpc666F/Gc1Exap00p9HI7m2MLSirP9zRNgK4
8zx9+tUhPoRnrpgZwis2uEq0S0ASwnKc/k715PDuD0Xpr6z1tBKa8+joselC2HU/
bhInG8W1OrA+0A==
=5ttx
-----END PGP SIGNATURE-----
News for package exim4
