sendmail (8.12.3-7.2) oldstable-security; urgency=high * Non-maintainer upload by the Security Team * Backported upstream patch to fix remote command execution [debian/patches/8.12/8.12.3/z_CVE-2006-0058.patch, VU#834865] -- Martin Schulze Wed, 22 Mar 2006 23:24:46 +0100 sendmail (8.12.3-7.1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Corrected the patch to not use default settings for the sasldb [debian/local/update_auth.in, CAN-2004-0833] -- Martin Schulze Mon, 13 Sep 2004 09:07:18 +0200 sendmail (8.12.3-7) stable-security; urgency=high * Don't update sasldb with default settings (thanks Hugo) CAN-2004-0833 -- Richard A Nelson (Rick) Mon, 06 Sep 2004 12:00:00 -0000 sendmail (8.12.3-6.6) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fix vulnerability in ruleset parsing [debian/patches/8.12/8.12.3/CAN-2003-0681.patch] -- Matt Zimmerman Wed, 17 Sep 2003 14:34:02 -0400 sendmail (8.12.3-6.5) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fix vulnerability in parseaddr() which could be used to overwrite memory [debian/patches/8.12/8.12.3/CAN-2003-0694.patch] -- Matt Zimmerman Tue, 16 Sep 2003 16:28:18 -0400 sendmail (8.12.3-6.4) stable-security; urgency=low * Non-maintainer upload by the Security Team * Create temporary files securely Report and patches from Paul Szabo [debian/checksendmail/checksendmail.perl, contrib/doublebounce.pl, contrib/expn.pl] (Closes: #173243) * Configure with --enable-bind=no and remove build-dep on bind-dev. Linking with libbind broke LDAP support in 8.12.3-5 (Closes: #183434) [debian/rules, debian/build/rules.in] -- Matt Zimmerman Thu, 24 Apr 2003 13:02:08 -0400 sendmail (8.12.3-6.3) stable-security; urgency=high * Non-maintainer upload by the Security Team * Corrected the patch to fix a potentially remotely exploitable bug. -- Martin Schulze Fri, 4 Apr 2003 15:39:21 +0200 sendmail (8.12.3-6.2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fixed a buffer overflow in address parsing due to a char to int conversion problem which is potentially remotely exploitable found by Michal Zalewski. (VU#897604 CA-2003-12 CAN-2003-0161, debian/patches/8.12/8.12.3/security.parsaddr) * Force no optimization for arm - buggy compiler... -- Martin Schulze Tue, 1 Apr 2003 20:58:30 +0200 sendmail (8.12.3-5) stable-security; urgency=urgent * Finally, bring a working, installable (and removable) sendmail to Woody !!! * !!! A remote buffer overflow is squashed via upstream fix !!! * The following GRAVE bugs are fixed + sendmailconfig sets sm_path incorrectly (fixed in sid, but not woody) + sendmail_8.12.3-4 cannot install from scratch + sendmailconfig silly checks + sendmailconfig no longer works (due to update_conf location) Closes: #146331, #150179, #153908, #158445 * The following Serious Policy Violations + sendmail preinst does not check for /etc/cron.d Closes: #154702 * The following Important problems + Lots of syslog messages regarding SSL after upgrade, reinstall fails Closes: #158751 * The following Normal problems + sendmailconfig assumes incorrectly location of loadable modules + sendmail: package sendmail can't be removed/replaced + not having STARTTLS configured spams messages to the logs + sendmail: Installation fails to create SSL certificates + sendmail issues in Woody Closes: #160612, #162997, #170625, #169527, #171085, #171407 * Included (at no additional charge) + Fix for numeric ids (got several mails on this - HESIOD problem) + Several upstream patches for MX, MSP, SMRSH and improved DNS handling that cleans up potential DOS issues -- Richard A Nelson (Rick) Tue, 21 Jan 2003 12:00:00 -0500 /* vim:set ai et tw=80 */