lp:ubuntu/lucid-updates/exim4
- Get this branch:
- bzr branch lp:ubuntu/lucid-updates/exim4
Branch merges
Branch information
Recent revisions
- 36. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary code execution via dns decode logic
- debian/patches/ CVE-2012- 5671.patch: adjust max length and validate
against it in src/pdkim/pdkim.h, src/dkim.c.
- CVE-2012-5671 - 35. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary code execution via DKIM identities
- debian/patches/ 86_CVE- 2011-1407. patch: don't use match_isinlist() for
simple string list matching in src/receive.c.
- CVE-2011-1407 - 34. By Felix Geyer
-
* SECURITY UPDATE: format string vulnerability (LP: #779391)
- debian/patches/ 85_CVE- 2011-1764. patch: patch from upstream
- CVE-2011-1764 - 33. By Marc Deslauriers
-
* SECURITY UPDATE: local privilege escalation via alternate config file
(LP: #697934)
- debian/patches/ 80_CVE- 2010-4345. patch: backport massive behaviour-
altering changes from upstream git to fix issue.
- debian/patches/ 81_CVE- 2010-4345- docs.patch: backport documentation
changes.
- debian/patches/ 67_unnecessaryC opt.dpatch: Do not use exim's -C option
in utility scripts. This would not work with ALT_CONFIG_PREFIX.
Patch obtained from Debian's 4.69-9+lenny2.
- Build with WHITELIST_D_MACROS= OUTGOING. After this security update,
exim will not regain root privileges (usually necessary for local
delivery) if the -D option was used. Macro identifiers listed in
WHITELIST_D_MACROS are exempted from this restriction. mailscanner
(4.79.11-2.2) uses -DOUTGOING.
- Build with TRUSTED_CONFIG_ LIST=/etc/ exim4/trusted_ configs. After this
security update, exim will not re-gain root privileges (usually
necessary for local delivery) if the -C option was used. This makes
it impossible to start a fully functional damon with an alternate
configuration file. /etc/exim4/trusted_ configs (can) contain a list
of filenames (one per line, full path given) to which this
restriction does not apply.
- debian/exim4-daemon- *.NEWS: Add description of changes. Thanks to
Debian and Andreas Metzler for the text.
- CVE-2010-4345
* SECURITY UPDATE: arbitrary file append via symlink attack (LP: #708023)
- debian/patches/ 82_CVE- 2011-0017. patch: check setuid and setgid return
codes in src/exim.c, src/log.c.
- CVE-2011-0017
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via hard link to another user's file (LP: #609620)
- debian/patches/ CVE-2010- 2023.patch: check for links in
src/transports/ appendfile. c.
- CVE-2010-2023
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via symlink on a lock file (LP: #609620)
- debian/patches/ CVE-2010- 2024.patch: improve lock file handling in
src/exim_lock. c, src/transports/ appendfile. c.
- CVE-2010-2024
* debian/rules: disable debconf-updatepo so the security update doesn't
alter translations. - 32. By Michael Bienia
-
* Merge with Debian unstable (lp: #501657). Remaining changes:
+ debian/patches/ 71_exiq_ grep_error_ on_messages_ without_ size.dpatch:
Improve handling of broken messages when "exim4 -bp" (mailq) reports
lines without size info.
+ Don't declare a Provides: default-mta; in Ubuntu, we want postfix to be
the default.
+ debian/control: Change build dependencies to MySQL 5.1.
+ debian/{control, rules}: add and enable hardened build for PIE
(Debian bug 542726). - 29. By Steve Langasek
-
Don't declare a Provides: default-mta; in Ubuntu, we want postfix to be
the default. - 28. By Thierry Carrez
-
* Merge from debian unstable (LP: #375923), remaining changes:
- debian/patches/ 71_exiq_ grep_error_ on_messages_ without_ size.dpatch:
Improve handling of broken messages when "exim4 -bp" (mailq) reports
lines without size info - 27. By Dustin Kirkland
-
[ Daniel van Eeden <email address hidden> ]
debian/patches/ 71_exiq_ grep_error_ on_messages_ without_ size.dpatch:
Improve handling of broken messages when "exim4 -bp" (mailq) reports lines
w/o size info, LP: #18194
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/natty/exim4