Re: Upload request: chasquid 1.13-1
On 12/26/2023 8:01 PM IST Alberto Bertogli <albertito@blitiri.com.ar> wrote:
> Hi!
>
> I updated package chasquid to the latest upstream version, 1.13.
>
> https://salsa.debian.org/go-team/packages/chasquid/
>
> Can someone please review the changes and upload?
>
> There are no changes to the Debian package, it is just a merge with upstream's
> new release, and got no new complaints from lintian.
Uploaded, thank you!
> This release includes a fix for a newly discovered SMTP attack (SMTP
> smuggling). Full changelog at
> https://blitiri.com.ar/p/chasquid/relnotes/#113-2023-12-24.
>
> Please let me know if you have any questions or comments!
Would it be possible to backport the SMTP smuggling patch to current chasquid stable version?
IMHO security vulnerabilities like this warrant a p-u[1]
[1]: https://www.debian.org/releases/proposed-updates
Best,
Nilesh
Reply to: