-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 12 Mar 2016 08:17:40 +0100 Source: exim4 Binary: exim4-base exim4-config exim4-daemon-light exim4 exim4-daemon-heavy eximon4 exim4-dbg exim4-daemon-light-dbg exim4-daemon-heavy-dbg exim4-dev Architecture: source amd64 all Version: 4.84.2-1 Distribution: jessie-security Urgency: high Maintainer: Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org> Changed-By: Andreas Metzler <ametzler@debian.org> Description: exim4 - metapackage to ease Exim MTA (v4) installation exim4-base - support files for all Exim MTA (v4) packages exim4-config - configuration for the Exim MTA (v4) exim4-daemon-heavy - Exim MTA (v4) daemon with extended features, including exiscan-ac exim4-daemon-heavy-dbg - debugging symbols for the Exim MTA "heavy" daemon exim4-daemon-light - lightweight Exim MTA (v4) daemon exim4-daemon-light-dbg - debugging symbols for the Exim MTA "light" daemon exim4-dbg - debugging symbols for the Exim MTA (utilities) exim4-dev - header files for the Exim MTA (v4) packages eximon4 - monitor application for the Exim MTA (v4) (X11 interface) Changes: exim4 (4.84.2-1) jessie-security; urgency=high . * New upstream security release. + Fix CVE-2016-1531, a local privilege escalation issue when perl_startup is used. + New options keep_environment/add_environment which are empty by default, i.e. any subprocesses start in a clean (empty) environment. + -C requires an absolute path. + Exim changes it's working directory to / right after startup. * Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new options. Set "keep_environment =" by default to avoid a runtime warning. Bump exim4-config Breaks to exim4-daemon-* (<< 4.84.2). * 89_01_only_warn_on_nonempty_environment.diff, 89_02_Store-the-initial-working-directory.diff: Upstream followups on the CVE fix (Thanks, Heiko Schlittermann!): + Runtime warning is only generated if (and only if) keep_environment is unset and environment is nonempty. + Store the initial working directory and make it available in the new expansion variable $initial_cwd. * Add NEWS entry to warn of potential breakage. Checksums-Sha1: fecdea5723ed93e1dd4b3447b499f20f0fbaad22 2785 exim4_4.84.2-1.dsc a5c3c684a16e65e401cf70fb051a61007ea3db4e 1745970 exim4_4.84.2.orig.tar.bz2 d5c80e91d58c43da1cb7eb0facf7024cef7f391f 422272 exim4_4.84.2-1.debian.tar.xz d52f7426d10c51dfb0d863761c47c79261e7d22f 1048472 exim4-base_4.84.2-1_amd64.deb e013ea2164b8c0fc63fc600abee846cee6036beb 216662 eximon4_4.84.2-1_amd64.deb 9faa5b3fe8a21a10058351a981395313b1ea8311 630380 exim4-daemon-light_4.84.2-1_amd64.deb c64926975979b4a90d8ceae618fd2e6292b01ffa 679184 exim4-daemon-heavy_4.84.2-1_amd64.deb e0e966e777770cdb47f3866269a1ba372efa4272 807266 exim4-daemon-light-dbg_4.84.2-1_amd64.deb 097526f2d0655c5d16ab7a46509cd5d1a55e1fba 901728 exim4-daemon-heavy-dbg_4.84.2-1_amd64.deb c92c77a2ffb21ac1e5568da81ec6e708dbb8d807 337224 exim4-dbg_4.84.2-1_amd64.deb 01c3e77299b1327f450e258a1d90e1da1fcc041f 185758 exim4-dev_4.84.2-1_amd64.deb 4223cad50e0b96974a0c72ee18150015229697a6 501248 exim4-config_4.84.2-1_all.deb 0ac26ecbbdc9dcb661b76b25e6b053077383cf90 8530 exim4_4.84.2-1_all.deb Checksums-Sha256: c0f4c2b8c004747a7174082a35d402da04446af88190574872b96773929690cb 2785 exim4_4.84.2-1.dsc eb082aedf9349a29e25120e53f9e67a7ca6c4a6dad579c1425da1e131599bf52 1745970 exim4_4.84.2.orig.tar.bz2 de0ebb7564e25c9ef30396528aaa977aa8f7ca7b60bc46995cd991fa19ec4913 422272 exim4_4.84.2-1.debian.tar.xz d494d56c5a2044fe50bdbb03caee6dc4eeddd671be6f3b056ec97ff8a65a2b43 1048472 exim4-base_4.84.2-1_amd64.deb 8c50c5bbd28680cfd322a9f87fd4fd8f281c622381de0c4ba990805fc6667b8a 216662 eximon4_4.84.2-1_amd64.deb ffad494523263437b67f654a310b1c2576ebe67e39dedf0ab97b4901cd6d5213 630380 exim4-daemon-light_4.84.2-1_amd64.deb 01fff4934ce820bf3764094c7e0291da5e26611ab44a723d83eea7bc5b76ebe3 679184 exim4-daemon-heavy_4.84.2-1_amd64.deb 158879a0395e5a60745f195b83884eb6d5382e2ba8b3ee2c0a5044022b7f27a5 807266 exim4-daemon-light-dbg_4.84.2-1_amd64.deb eb4c2f6a4cba302389a9f53f6f4b99826c7132265fcbd9d437c20a95587d4494 901728 exim4-daemon-heavy-dbg_4.84.2-1_amd64.deb 881a0944b4e40cd0e699c27d96c6f61f9418bae72a255b256d44bfbf9ced66b3 337224 exim4-dbg_4.84.2-1_amd64.deb d56f6099b2c7e3c3dc68d6d45c2068bcd743bb8039ecf9aa134d2249d8fc3ee3 185758 exim4-dev_4.84.2-1_amd64.deb 412a30aaec786d4103be209aec5ff3680ed13dbbb4f18003af829a271fbee43f 501248 exim4-config_4.84.2-1_all.deb 8e9b5c4f076e4e8d75e02331cefa872420b4c0f177f5374c014433292bf8ba31 8530 exim4_4.84.2-1_all.deb Files: 7f8d401b0b589de873330e95447501f4 2785 mail standard exim4_4.84.2-1.dsc 3c3ff9edbc82c8ffe7a4cfff23f6d904 1745970 mail standard exim4_4.84.2.orig.tar.bz2 406ee619a3720630c1ee51cc7bad5102 422272 mail standard exim4_4.84.2-1.debian.tar.xz cb398e06e8df41602ec64c554c4de472 1048472 mail standard exim4-base_4.84.2-1_amd64.deb 875c34a47c25cfe19b004c2c3a21622e 216662 mail optional eximon4_4.84.2-1_amd64.deb d8f35aaf5c0f053f910e076f806e6e57 630380 mail standard exim4-daemon-light_4.84.2-1_amd64.deb 0931808c0e01705e2b934d1e1401d60a 679184 mail optional exim4-daemon-heavy_4.84.2-1_amd64.deb 24df5fc3a3194d04a7a7e4c7d3412e04 807266 debug extra exim4-daemon-light-dbg_4.84.2-1_amd64.deb cf0775318a8e03e3814737aff2d6b00f 901728 debug extra exim4-daemon-heavy-dbg_4.84.2-1_amd64.deb a9593fb046f468b8dac6d6ca47854a75 337224 debug extra exim4-dbg_4.84.2-1_amd64.deb 2019f91b8150e846fe649874b946ba46 185758 mail extra exim4-dev_4.84.2-1_amd64.deb 3ececb6f70c6d79b0fc3c2275d14baec 501248 mail standard exim4-config_4.84.2-1_all.deb 6e20441913a38387376267e5cdcdd383 8530 mail standard exim4_4.84.2-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJW5bG6AAoJEKVPAYVDghSE+nQP/0Aqg5vEtaGjgWEJ8HwZC6U9 IcofDeCYUrOeqaydMM9tExQh3eCfTRBhM6ANGV/L8j/JUe3+4IJFLqLjApHQwBCG 2BXAkOcf5XojWTR9RKqwuK4BvhiHpqqsTgjQ0rBxUpnB/cfTWZJ7/rjdmiwpuXFe 26/L3CKYuSwIoLWbHKq4aQv81Z7OBP7WLKDtWx004MoYcaTgIKveAoC6FKQc+eDx VjU7KWd5LI3FO/Sl6vgMO5zxElbgbxEB9v6K4hvG+wdS5BIyTAr8Q7nK13u5k+GE cN/bjmKwPu3JZZNhY9RNXEl/XvI4T2tbUx+g77/dTrGX7LKTKSoRwBTFH9OmnSZs V3rgN5H2/3cEzaoth0AfqysGYyw8qKbEMJy+GgDHHVi4Z3L7Y6JOdVF/WInedH2R BoYL1eRrDw/bCLZW77aky9U6Z4xm/VS6VghUHKyMaNHl5SYhn5S54jqNJLSIWDdm NrP/Ir7vRp3FiliWEpOU9WrA14XgfC4t9+sDFe7tkZqpWgrhRUaSc0AdH68UC37w kAlOkl9f/SXlgOD4TsrL9qpBUf5JUxLOq2lq2t/WS+4OyjFCy8Vl6Ovs0NR5zEoy UTfASqzC5reZwvtSVKDvnZ5FNLC2qzcoLQgqRsBmGXU3xY/Q5Lhk3jHh6fYp8av9 rHccKBMEjnCd1TySmOfp =E/aQ -----END PGP SIGNATURE-----