Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted exim4 4.97-3 (source) into unstable
Date: Mon, 25 Dec 2023 07:04:04 +0000
Signed by: Andreas Metzler <ametzler@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 25 Dec 2023 07:50:16 +0100
Source: exim4
Architecture: source
Version: 4.97-3
Distribution: unstable
Urgency: medium
Maintainer: Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>
Changed-By: Andreas Metzler <ametzler@debian.org>
Closes: 1059387
Changes:
 exim4 (4.97-3) unstable; urgency=medium
 .
   * Fixes from upstream GIT master:
     77_01-Reject-dot-LF-as-ending-data-phase.-Bug-3063.patch
     77_02-Use-enum-for-body-data-input-state-machine.patch
     77_03-Reject-dot-LF-as-ending-data-phase-pt.-2-.-Bug-3063.patch
     + Enforce a data synch check before emitting the 354 "go ahead".
       Previously this was only done if a pre-data ACL was configured.
     + Refuse to accept a line "dot, LF" as end-of-DATA unless operating in
       LF-only mode (as detected from the first header line).  Previously we
       did accept that in (normal) CRLF mode; this has been raised as a
       possible attack scenario (under the name "smtp smuggling").
     Closes: #1059387 CVE-2023-51766
Checksums-Sha1: 
 efbbd99c913bfee9faae73178c66d40f19eb082c 2911 exim4_4.97-3.dsc
 937c4f79150345006725543c0886893714da38b7 473384 exim4_4.97-3.debian.tar.xz
Checksums-Sha256: 
 6b96dd15c02b37a991b794a8cca10c40306960a429f81e0e9e01eade1e15b522 2911 exim4_4.97-3.dsc
 f9ae0a29683c13eb946438ca144217099fb3b13f14de22247b3d08d5c9a18f76 473384 exim4_4.97-3.debian.tar.xz
Files: 
 1eb914ca7b17ec4bba3f98e2726711ae 2911 mail standard exim4_4.97-3.dsc
 06bc9d31722a2cfa4aefe11b38105887 473384 mail standard exim4_4.97-3.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmWJJnIACgkQpU8BhUOC
FIQO+Q/9Gn/9/CldIBv/HxgqQrKk2460LAfl+mPe66kNTsLOulrUl6l+xfkC9HZd
swbH/qT58AL/000zf+x5PrUUo1vqMAbnXAli+cvT/aR6to3VQ72U/RWbjddQTPzL
mvliG3KANuhK0kWsLvIZgJftMTMGpnY6dujU7UyofnzKJ6wKcCtLaY1kxs5BWU/D
B1oQGEoYGELImRpp3qzZ9QE+UT+Wm+Gz6ZyNCmfdko6FG++m/QmE1+6vMSE1NFmI
zHHhPnS0P3srk7VSLa7tphWNLYS5vypwLTTqRy/iKfBjL3SBJjdJsRMsacUusjJo
QpxJUv3j90tasuuSWvjLvwBhxI1UJRmpWgkPe/IhF+rbmZ9grk62+BHqVqbiI+Px
diTGjqcmic6Ds2JbovNl837lO+zLgJYkVIqyBFelLjhZsoBGK+Qc2SUH03Q0iobH
S9vhgHNQwW+Wy8oYKF/d0lIjUTEaqzh1+fTejWLa/S0nwnknqlguifGK4BxiUSW2
t5QWeNnJEPd7hv+f1Sot8Sw8FJI677IEKHuQxRFxoT+XXe3JWT+tvIdeYF8gD8XB
1UVg2x3gkokPB/i7yMJ5sO5Q2/nYgnIDrtbIad7UwLGmtRKhsznJg8NaOYF2ZTjx
9AbONHu4WhQqJyJlzniVBNb26aXO0J5GNcxWkm3U6S18iDbZ5Js=
=WxeR
-----END PGP SIGNATURE-----

News for package exim4