lp:ubuntu/dapper-security/postfix
- Get this branch:
- bzr branch lp:ubuntu/dapper-security/postfix
Branch merges
Branch information
Recent revisions
- 17. By Marc Deslauriers
-
* SECURITY UPDATE: SASL memory corruption
- debian/patches/ CVE-2011- 1720.dpatch: don't reuse the SASL handle
after auth failure in src/smtpd/smtpd_sasl_ proto.c.
- CVE-2011-1720 - 16. By Marc Deslauriers
-
* SECURITY UPDATE: man-in-the-middle via plaintext command injection
- debian/patches/ CVE-2011- 0411.dpatch: Discard the contents of the
stream buffer so there is no pending plaintext in
src/smtp/smtp_ proto.c, src/smtpd/smtpd.c. Backport vstream_fpurge()
in src/util/vstream.*.
- CVE-2011-0411
* SECURITY UPDATE: symlink attack via incorrect pid dir permissions
- debian/postfix. postinst: create pid dir with appropriate permissions.
- CVE-2009-2939 - 15. By LaMont Jones
-
[Wietse Venema]
* SECURITY UPDATE: processes running as group mail could escalate
privileges to the root user
* modify src/util/safe_open. c
* CVE-2008-2936[LaMont Jones]
* Backport sane_basename from 2.3 as part of the patch for CVE-2008-2936
* Added: src/util/sane_basename. {c,in,ref} - 14. By Martin Pitt
-
* SECURITY UPDATE: Potential SQL injection in some client encodings.
* Add debian/patches/ 10pgsql- escape. dpatch:
- src/global/dict_pgsql. c, dict_pgsql_quote(): Use '' instead of \' for
escaping '.
* CVE-2006-2314 - 9. By LaMont Jones
-
ifup/down need to deal with /var not being writable (by exiting).
Closes: launchpad.net/29925 - 8. By LaMont Jones
-
* postfix startup issues. Closes: #348645
* copy /dev/random and /dev/urandom into the chroot for ldaps.
Closes: #348835.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/postfix