[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted exim4 4.84.2-1 (source amd64 all) into proposed-updates->stable-new, proposed-updates



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 12 Mar 2016 08:17:40 +0100
Source: exim4
Binary: exim4-base exim4-config exim4-daemon-light exim4 exim4-daemon-heavy eximon4 exim4-dbg exim4-daemon-light-dbg exim4-daemon-heavy-dbg exim4-dev
Architecture: source amd64 all
Version: 4.84.2-1
Distribution: jessie-security
Urgency: high
Maintainer: Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>
Changed-By: Andreas Metzler <ametzler@debian.org>
Description:
 exim4      - metapackage to ease Exim MTA (v4) installation
 exim4-base - support files for all Exim MTA (v4) packages
 exim4-config - configuration for the Exim MTA (v4)
 exim4-daemon-heavy - Exim MTA (v4) daemon with extended features, including exiscan-ac
 exim4-daemon-heavy-dbg - debugging symbols for the Exim MTA "heavy" daemon
 exim4-daemon-light - lightweight Exim MTA (v4) daemon
 exim4-daemon-light-dbg - debugging symbols for the Exim MTA "light" daemon
 exim4-dbg  - debugging symbols for the Exim MTA (utilities)
 exim4-dev  - header files for the Exim MTA (v4) packages
 eximon4    - monitor application for the Exim MTA (v4) (X11 interface)
Changes:
 exim4 (4.84.2-1) jessie-security; urgency=high
 .
   * New upstream security release.
     + Fix CVE-2016-1531, a local privilege escalation issue when perl_startup
       is used.
     + New options keep_environment/add_environment which are empty by default,
       i.e. any subprocesses start in a clean (empty) environment.
     + -C requires an absolute path.
     + Exim changes it's working directory to / right after startup.
   * Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new
     options. Set "keep_environment =" by default to avoid a runtime warning.
     Bump exim4-config Breaks to exim4-daemon-* (<< 4.84.2).
   * 89_01_only_warn_on_nonempty_environment.diff,
     89_02_Store-the-initial-working-directory.diff: Upstream followups on the
     CVE fix (Thanks, Heiko Schlittermann!):
     + Runtime warning is only generated if (and only if) keep_environment
       is unset and environment is nonempty.
     + Store the initial working directory and make it available in the new
       expansion variable $initial_cwd.
   * Add NEWS entry to warn of potential breakage.
Checksums-Sha1:
 fecdea5723ed93e1dd4b3447b499f20f0fbaad22 2785 exim4_4.84.2-1.dsc
 a5c3c684a16e65e401cf70fb051a61007ea3db4e 1745970 exim4_4.84.2.orig.tar.bz2
 d5c80e91d58c43da1cb7eb0facf7024cef7f391f 422272 exim4_4.84.2-1.debian.tar.xz
 d52f7426d10c51dfb0d863761c47c79261e7d22f 1048472 exim4-base_4.84.2-1_amd64.deb
 e013ea2164b8c0fc63fc600abee846cee6036beb 216662 eximon4_4.84.2-1_amd64.deb
 9faa5b3fe8a21a10058351a981395313b1ea8311 630380 exim4-daemon-light_4.84.2-1_amd64.deb
 c64926975979b4a90d8ceae618fd2e6292b01ffa 679184 exim4-daemon-heavy_4.84.2-1_amd64.deb
 e0e966e777770cdb47f3866269a1ba372efa4272 807266 exim4-daemon-light-dbg_4.84.2-1_amd64.deb
 097526f2d0655c5d16ab7a46509cd5d1a55e1fba 901728 exim4-daemon-heavy-dbg_4.84.2-1_amd64.deb
 c92c77a2ffb21ac1e5568da81ec6e708dbb8d807 337224 exim4-dbg_4.84.2-1_amd64.deb
 01c3e77299b1327f450e258a1d90e1da1fcc041f 185758 exim4-dev_4.84.2-1_amd64.deb
 4223cad50e0b96974a0c72ee18150015229697a6 501248 exim4-config_4.84.2-1_all.deb
 0ac26ecbbdc9dcb661b76b25e6b053077383cf90 8530 exim4_4.84.2-1_all.deb
Checksums-Sha256:
 c0f4c2b8c004747a7174082a35d402da04446af88190574872b96773929690cb 2785 exim4_4.84.2-1.dsc
 eb082aedf9349a29e25120e53f9e67a7ca6c4a6dad579c1425da1e131599bf52 1745970 exim4_4.84.2.orig.tar.bz2
 de0ebb7564e25c9ef30396528aaa977aa8f7ca7b60bc46995cd991fa19ec4913 422272 exim4_4.84.2-1.debian.tar.xz
 d494d56c5a2044fe50bdbb03caee6dc4eeddd671be6f3b056ec97ff8a65a2b43 1048472 exim4-base_4.84.2-1_amd64.deb
 8c50c5bbd28680cfd322a9f87fd4fd8f281c622381de0c4ba990805fc6667b8a 216662 eximon4_4.84.2-1_amd64.deb
 ffad494523263437b67f654a310b1c2576ebe67e39dedf0ab97b4901cd6d5213 630380 exim4-daemon-light_4.84.2-1_amd64.deb
 01fff4934ce820bf3764094c7e0291da5e26611ab44a723d83eea7bc5b76ebe3 679184 exim4-daemon-heavy_4.84.2-1_amd64.deb
 158879a0395e5a60745f195b83884eb6d5382e2ba8b3ee2c0a5044022b7f27a5 807266 exim4-daemon-light-dbg_4.84.2-1_amd64.deb
 eb4c2f6a4cba302389a9f53f6f4b99826c7132265fcbd9d437c20a95587d4494 901728 exim4-daemon-heavy-dbg_4.84.2-1_amd64.deb
 881a0944b4e40cd0e699c27d96c6f61f9418bae72a255b256d44bfbf9ced66b3 337224 exim4-dbg_4.84.2-1_amd64.deb
 d56f6099b2c7e3c3dc68d6d45c2068bcd743bb8039ecf9aa134d2249d8fc3ee3 185758 exim4-dev_4.84.2-1_amd64.deb
 412a30aaec786d4103be209aec5ff3680ed13dbbb4f18003af829a271fbee43f 501248 exim4-config_4.84.2-1_all.deb
 8e9b5c4f076e4e8d75e02331cefa872420b4c0f177f5374c014433292bf8ba31 8530 exim4_4.84.2-1_all.deb
Files:
 7f8d401b0b589de873330e95447501f4 2785 mail standard exim4_4.84.2-1.dsc
 3c3ff9edbc82c8ffe7a4cfff23f6d904 1745970 mail standard exim4_4.84.2.orig.tar.bz2
 406ee619a3720630c1ee51cc7bad5102 422272 mail standard exim4_4.84.2-1.debian.tar.xz
 cb398e06e8df41602ec64c554c4de472 1048472 mail standard exim4-base_4.84.2-1_amd64.deb
 875c34a47c25cfe19b004c2c3a21622e 216662 mail optional eximon4_4.84.2-1_amd64.deb
 d8f35aaf5c0f053f910e076f806e6e57 630380 mail standard exim4-daemon-light_4.84.2-1_amd64.deb
 0931808c0e01705e2b934d1e1401d60a 679184 mail optional exim4-daemon-heavy_4.84.2-1_amd64.deb
 24df5fc3a3194d04a7a7e4c7d3412e04 807266 debug extra exim4-daemon-light-dbg_4.84.2-1_amd64.deb
 cf0775318a8e03e3814737aff2d6b00f 901728 debug extra exim4-daemon-heavy-dbg_4.84.2-1_amd64.deb
 a9593fb046f468b8dac6d6ca47854a75 337224 debug extra exim4-dbg_4.84.2-1_amd64.deb
 2019f91b8150e846fe649874b946ba46 185758 mail extra exim4-dev_4.84.2-1_amd64.deb
 3ececb6f70c6d79b0fc3c2275d14baec 501248 mail standard exim4-config_4.84.2-1_all.deb
 6e20441913a38387376267e5cdcdd383 8530 mail standard exim4_4.84.2-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJW5bG6AAoJEKVPAYVDghSE+nQP/0Aqg5vEtaGjgWEJ8HwZC6U9
IcofDeCYUrOeqaydMM9tExQh3eCfTRBhM6ANGV/L8j/JUe3+4IJFLqLjApHQwBCG
2BXAkOcf5XojWTR9RKqwuK4BvhiHpqqsTgjQ0rBxUpnB/cfTWZJ7/rjdmiwpuXFe
26/L3CKYuSwIoLWbHKq4aQv81Z7OBP7WLKDtWx004MoYcaTgIKveAoC6FKQc+eDx
VjU7KWd5LI3FO/Sl6vgMO5zxElbgbxEB9v6K4hvG+wdS5BIyTAr8Q7nK13u5k+GE
cN/bjmKwPu3JZZNhY9RNXEl/XvI4T2tbUx+g77/dTrGX7LKTKSoRwBTFH9OmnSZs
V3rgN5H2/3cEzaoth0AfqysGYyw8qKbEMJy+GgDHHVi4Z3L7Y6JOdVF/WInedH2R
BoYL1eRrDw/bCLZW77aky9U6Z4xm/VS6VghUHKyMaNHl5SYhn5S54jqNJLSIWDdm
NrP/Ir7vRp3FiliWEpOU9WrA14XgfC4t9+sDFe7tkZqpWgrhRUaSc0AdH68UC37w
kAlOkl9f/SXlgOD4TsrL9qpBUf5JUxLOq2lq2t/WS+4OyjFCy8Vl6Ovs0NR5zEoy
UTfASqzC5reZwvtSVKDvnZ5FNLC2qzcoLQgqRsBmGXU3xY/Q5Lhk3jHh6fYp8av9
rHccKBMEjnCd1TySmOfp
=E/aQ
-----END PGP SIGNATURE-----


Reply to: