-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 13 May 2024 18:44:56 +0000 Source: sendmail Architecture: source Version: 8.17.1.9-2+deb12u1 Distribution: bookworm Urgency: high Maintainer: Debian QA Group <packages@qa.debian.org> Changed-By: Bastien Roucariès <rouca@debian.org> Closes: 1059386 1070190 Changes: sendmail (8.17.1.9-2+deb12u1) bookworm; urgency=high . * QA upload * Fix CVE-2023-51765 (Closes: #1059386): sendmail allowed SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not. This is resolved with 'o' in srv_features. * Enable _FFR_REJECT_NUL_BYTE for rejecting mail that include NUL byte * By default enable rejecting mail that include NUL byte. set confREJECT_NUL to 'true' by default . User could disable by setting confREJECT_NUL to false. (Closes: #1070190). Close a variant of CVE-2023-51765 aka SMTP smuggling. Checksums-Sha1: 05a68eef66b1879dce9bb967510e9c03c53acea9 2874 sendmail_8.17.1.9-2+deb12u1.dsc 9c2de0484ad59bcb957d0eecf62096de5ca47f9b 251852 sendmail_8.17.1.9-2+deb12u1.debian.tar.xz 1217af8ba7ec07cc873f4193ce5a3fc4e58cce99 10819 sendmail_8.17.1.9-2+deb12u1_amd64.buildinfo Checksums-Sha256: e1006c711bbe6c6a4edb6baf20d17acf59c38b2e0cbb236cdfce65b70dbd8242 2874 sendmail_8.17.1.9-2+deb12u1.dsc 78c87ec1fa3183e8e37b86a3feb4cfba7cd997d33fdafaf9fc343849899abc99 251852 sendmail_8.17.1.9-2+deb12u1.debian.tar.xz 37145050ed8b09d9304f327f1f84613338ac112eb7ed8d73762cd1dbb151fe80 10819 sendmail_8.17.1.9-2+deb12u1_amd64.buildinfo Files: 9dca5c551c1ea580cf11f9e3053a6391 2874 mail optional sendmail_8.17.1.9-2+deb12u1.dsc 225bed029be8a49f927062b4b787e79f 251852 mail optional sendmail_8.17.1.9-2+deb12u1.debian.tar.xz dce5abc1ac9a29975615d5eeb3a36006 10819 mail optional sendmail_8.17.1.9-2+deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmZuoQARHHJvdWNhQGRl Ymlhbi5vcmcACgkQADoaLapBCF+Ekw//bDMi/jo4qMYya8jl9SY4AZZmdGi+Bqsa ie7GoygYqXFzq85iaON0qNFIrUASghhR8ZC5tixSEKjkQN5bOCx7T+3JsQJgr1uR p0+CsX8sRn2z35ESpiojecV7ucsqaQcd/aE5CxGG/yeclTENFnanEAUxf6Fz7UvT l9Fo/YnF+3oC1q6nga3CUriANMbrAJe8BrIjYeZ+AiqW/XZs/q8rWO5cpblyF/Fn tOUtl9M3C4eWkLaj+QMouF728wYtJyP/yQ4Hk3oAw07DV9AAfBPTtgImjiItW2Ve y0j4sb5ZqrazFfnDSFcYTHu7TzZSNoGCXpIXBiVSlMaT9SOSAipN/K3DWpTiIHcE Mk8t3IVZho/+8moNY6jAJAyOu/QonLC79Gcf57BEnHi4jadK0Xvnnvjgh2503SyM +pDHskHJ8HyjRmzN5wOgjWrqZBmQp4YEjCHTkrGAIvnLcBd05eENl3HuDx77PjCt ZPjGU2ZcIZMs6/cH75CKre0nnWP/ptnhaFCAASNeS4Xqe8acHRnpNcwW5tJZVORw pLSzQMDTs4LarT5hzSJaoFX4APqqBymRo6bFYwtdSQdhFxYXErFmwY5DHv7ErXYb InDGgjnGEg744aJ19GgoYUHwyjXbZwEHIDcCxewi7GtUYFKEW7oP2Wwx5OjelCgk OhyblYqWxbU= =hs2N -----END PGP SIGNATURE-----