[SECURITY] [DLA 3829-2] sendmail regression update

To: <[email protected]>
Subject: [SECURITY] [DLA 3829-2] sendmail regression update
From: [email protected]
Date: Thu, 20 Jun 2024 07:44:42 +0000
Message-id: <[🔎] [email protected]>
Mail-followup-to: [email protected]
Reply-to: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3829-2                [email protected]
https://www.debian.org/lts/security/                   Bastien RoucariÃ¨s
June 20, 2024                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : sendmail
Version        : 8.15.2-14~deb10u3

Fixing CVE-2023-51765 (smtp smuggling) requires to reject
email that include NUL bytes, in some configuration.

Previous security version of sendmail, by default, does not
reject email that include NUL bytes.

For Debian 10 buster, this problem has been fixed in version
8.15.2-14~deb10u3.

We recommend that you upgrade your sendmail packages.

For the detailed security status of sendmail please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/sendmail

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmZz3ekRHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF9JYA//bY4CXCXuiIgKak/BOfJJLMh2fO5UrKkh
g127VyVckW3MKFN/xLQZBgb+OhojMX5jIBx36KeLPvkZyNJ1uf9eDzQCEpxFsNup
bjbvlTcHnqFFRRtn6aH9kjpexGAkcAaOI1tJOMJheJsaVUy3WVrq600WY2v+uDWi
2relFCslVhwrV75NA9vhq72u/PcXpIj+xAPoa4+LEUf7mqdSCsAp4mjXxcsmnibu
UPDFN3Gk8yYwSS9IfNgjSyxMMxI0ipDWQbQGBmGvQxIuR+QSyrxHkF4lzq1ZyL9A
+rsF0lptw0DzITzbxAUglrcx5Su4BItzYqww0HqoGQAIr1Q5KWgVBVvy+NtQpyNP
iHDZaGt8yg6SqqD+rHDAy60Q3H+x462qkAh7vik6OKah+69jIoGowUgJ+AAupLYK
sulkhRAlt5PUZ8DfQoXEPrw2Lw7WDxp4Y4OlRTNLXYmR6AioTRKqo251ET+oOzUs
YaOd0C+QuGwmBk9QgRi4XLFF82marW0CYwtv/8UATAfemTZyNBXb4c3ZuNH5X5cu
1atzsrBavJqm9bot1kebUgP3DDQ3v6aORKhKEWaV5Le2FrG96gFxX264j/VF7IhV
dZG2y5T4vWgcUp84M1+xQN3nk3sNz2ols8q4hLZrlVUey6KdXeCnFWhAq6kPOsro
vFtpRmtFkEs=
=a6Ae
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3838-1] composer security update
Next by Date: [SECURITY] [DLA 3839-1] putty security update
Previous by thread: [SECURITY] [DLA 3838-1] composer security update
Next by thread: [SECURITY] [DLA 3839-1] putty security update
Index(es):
- Date
- Thread