pool/exim - exim - openSUSE Gitea

pool/exim

SHA256

Fork 1

Commit Graph

Author	SHA256	Message	Date
Peter Wullinger	32d22ea744	Accepting request 890519 from home:pwcau:branches:server:mail - update to exim-4.94.2 security update * CVE-2020-28007: Link attack in Exim's log directory * CVE-2020-28008: Assorted attacks in Exim's spool directory * CVE-2020-28014: Arbitrary PID file creation * CVE-2020-28011: Heap buffer overflow in queue_run() * CVE-2020-28010: Heap out-of-bounds write in main() * CVE-2020-28013: Heap buffer overflow in parse_fix_phrase() * CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase() * CVE-2020-28015: New-line injection into spool header file (local) * CVE-2020-28012: Missing close-on-exec flag for privileged pipe * CVE-2020-28009: Integer overflow in get_stdinput() * CVE-2020-28017: Integer overflow in receive_add_recipient() * CVE-2020-28020: Integer overflow in receive_msg() * CVE-2020-28023: Out-of-bounds read in smtp_setup_msg() * CVE-2020-28021: New-line injection into spool header file (remote) * CVE-2020-28022: Heap out-of-bounds read and write in extract_option() * CVE-2020-28026: Line truncation and injection in spool_read_header() * CVE-2020-28019: Failure to reset function pointer after BDAT error * CVE-2020-28024: Heap buffer underflow in smtp_ungetc() * CVE-2020-28018: Use-after-free in tls-openssl.c * CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash() - update to exim-4.94.1 * Fix security issue in BDAT state confusion. Ensure we reset known-good where we know we need to not be reading BDAT data, as a general case fix, and move the places where we switch to BDAT mode until after various protocol state checks. Fixes CVE-2020-BDATA reported by Qualys. * Fix security issue in SMTP verb option parsing (CVE-2020-EXOPT) * Fix security issue with too many recipients on a message (to remove a known security problem if someone does set recipients_max to unlimited, or if local additions add to the recipient list). Fixes CVE-2020-RCPTL reported by Qualys. * Fix CVE-2020-28016 (PFPZA): Heap out-of-bounds write in parse_fix_phrase() * Fix security issue CVE-2020-PFPSN and guard against cmdline invoker providing a particularly obnoxious sender full name. * Fix Linux security issue CVE-2020-SLCWD and guard against PATH_MAX better. OBS-URL: https://build.opensuse.org/request/show/890519 OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=248	2021-05-05 05:27:16 +00:00

Author

SHA256

Message

Date

Peter Wullinger

32d22ea744

Accepting request 890519 from home:pwcau:branches:server:mail

- update to exim-4.94.2
  security update
  * CVE-2020-28007: Link attack in Exim's log directory
  * CVE-2020-28008: Assorted attacks in Exim's spool directory
  * CVE-2020-28014: Arbitrary PID file creation
  * CVE-2020-28011: Heap buffer overflow in queue_run()
  * CVE-2020-28010: Heap out-of-bounds write in main()
  * CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
  * CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
  * CVE-2020-28015: New-line injection into spool header file (local)
  * CVE-2020-28012: Missing close-on-exec flag for privileged pipe
  * CVE-2020-28009: Integer overflow in get_stdinput()
  * CVE-2020-28017: Integer overflow in receive_add_recipient()
  * CVE-2020-28020: Integer overflow in receive_msg()
  * CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
  * CVE-2020-28021: New-line injection into spool header file (remote)
  * CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
  * CVE-2020-28026: Line truncation and injection in spool_read_header()
  * CVE-2020-28019: Failure to reset function pointer after BDAT error
  * CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
  * CVE-2020-28018: Use-after-free in tls-openssl.c
  * CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
- update to exim-4.94.1
  * Fix security issue in BDAT state confusion.
    Ensure we reset known-good where we know we need to not be reading BDAT
    data, as a general case fix, and move the places where we switch to BDAT
    mode until after various protocol state checks.
    Fixes CVE-2020-BDATA reported by Qualys.
  * Fix security issue in SMTP verb option parsing (CVE-2020-EXOPT)
  * Fix security issue with too many recipients on a message (to remove a
    known security problem if someone does set recipients_max to unlimited,
    or if local additions add to the recipient list).
    Fixes CVE-2020-RCPTL reported by Qualys.
  * Fix CVE-2020-28016 (PFPZA): Heap out-of-bounds write in parse_fix_phrase()
  * Fix security issue CVE-2020-PFPSN and guard against cmdline invoker
    providing a particularly obnoxious sender full name.
  * Fix Linux security issue CVE-2020-SLCWD and guard against PATH_MAX
    better.

OBS-URL: https://build.opensuse.org/request/show/890519
OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=248

2021-05-05 05:27:16 +00:00

1 Commits