Your message dated Mon, 15 May 2017 16:48:44 +0000 with message-id <E1dAJAq-000AH3-9v@fasolo.debian.org> and subject line Bug#862652: fixed in debian-edu-config 1.927 has caused the Debian Bug report #862652, regarding debian-edu-config: wrong exim4 configuration breaks SMTP server security to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 862652: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862652 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: debian-edu-config: wrong exim4 configuration breaks SMTP server security
- From: Wolfgang Schweer <wschweer@arcor.de>
- Date: Mon, 15 May 2017 11:41:02 +0200
- Message-id: <[🔎] 20170515094102.ijegyz5bmqg2paos@star>
Package: debian-edu-config Version: 1.926 1.818+deb8u2 Severity: seious Hi, while testing if Thunderbird works like expected in Debian Edu Stretch, I noticed that the provided exim4 server configuration (/etc/exim4/exim-ldap-server-v4.conf) is leading to a broken SMTP server: sending mail is possible w/o authentication, TLS is missing. Only possible SMTP settings are: (1) No connection security (2) No authentification These issues are caused by exim4 security fix for CVE-2016-1531 and commit 4beb721 (master branch, fix for #794602). Jessie is affected as well (both issues, same fixes needed). WolfgangAttachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 862652-close@bugs.debian.org
- Subject: Bug#862652: fixed in debian-edu-config 1.927
- From: Holger Levsen <holger@debian.org>
- Date: Mon, 15 May 2017 16:48:44 +0000
- Message-id: <E1dAJAq-000AH3-9v@fasolo.debian.org>
Source: debian-edu-config Source-Version: 1.927 We believe that the bug you reported is fixed in the latest version of debian-edu-config, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 862652@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Holger Levsen <holger@debian.org> (supplier of updated debian-edu-config package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 15 May 2017 18:15:45 +0200 Source: debian-edu-config Binary: debian-edu-config Architecture: source Version: 1.927 Distribution: unstable Urgency: medium Maintainer: Debian Edu Developers <debian-edu@lists.debian.org> Changed-By: Holger Levsen <holger@debian.org> Description: debian-edu-config - Configuration files for Skolelinux systems Closes: 862652 Changes: debian-edu-config (1.927) unstable; urgency=medium . [ Wolfgang Schweer ] * Fix broken exim4 configuration, enable security. (Closes: #862652). - Add usr/share/debian-edu-config/tools/exim4-create-cert. - Add usr/share/debian-edu-config/tools/exim4-create-environment. - Adjust cf/cf.exim to use both scripts. - Adjust etc/exim4/exim-ldap-server-v4.conf. + Make it work after the exim4 security fix for CVE-2016-1531. + Improve security: create certificate to enable TLS, re-enable identity check via Kerberos; now only system mail to postmaster is enabled unconditionally; see #794602. * Fix typo in testsuite/network to use the correct LTSP-Server profile name. * Drop ddcprobe and ddccontrol related code from testsuite/hardware. - ddcprobe is part of the package xresprobe, not available in stretch. - ddccontrol belongs to package ddccontrol (monitor database unmaintained since > 10 years) which isn't installed by default. Checksums-Sha1: 7f8d2a1ae4985d30afad863b2a690d69d7dc2689 1821 debian-edu-config_1.927.dsc 1c080db157b14e9b081ff33eaaf42cdc7f3c4c79 385188 debian-edu-config_1.927.tar.xz 43cae80b414b8218955d621c8c76b46eacd0a1a9 4264 debian-edu-config_1.927_source.buildinfo Checksums-Sha256: 9e8e9786211eefba9c16a4b38d6cafdbe8e239097b5ef5ecb7ca2a2ec1b61879 1821 debian-edu-config_1.927.dsc edab5657aea39863c772126fb88efd680904041e7648621a53014f0f77ab4165 385188 debian-edu-config_1.927.tar.xz 425431b589e57c1547f46dfe213cecf86147825fc42b5d23fd8adb5fb88d125e 4264 debian-edu-config_1.927_source.buildinfo Files: d5b28387e49c4532f25cc40647ffedd6 1821 misc extra debian-edu-config_1.927.dsc 5ed395fee221fab2ade4bd3c0ccad3c8 385188 misc extra debian-edu-config_1.927.tar.xz b82d6e9ef5d385cdb7237df6b3974078 4264 misc extra debian-edu-config_1.927_source.buildinfo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBWRnVowkauFYGmqocAQoEghAAtRvBISmjvapnehE+eohREEqIgKZs1eVz za+6VRnAz59zVbVbbuTPCTfG15EOLMMRYyOdGKz3rUIZOk+wiUReE/pssovV4eXl cbJsYEP8NtMZeVP8v6x7Dw62OQNKugyXkvgnhIY++ky5HTr0GstuXbC5RF8MfgYh eeMXxCv0Y+VuhGI8ZGTWb0m+anER+xAD165GCIjHvvLa9pMll4NDY8duYG63JjEP rOUKBIMBuUNaAYpCoGsKld7s7Xp3UJjhffpMSXLVFQSEKamrZxoaFfrY7ZkuQRuc AVN4IqNoJIY2AkF/S+vEIzjwjJ5Qdr/N/1NWKCcNS0krtiHmz40i1FXI+SflfrGT 13pj5EH4fmhS/m8NrFqj5i++jQhB5Xx4mWmiakUHPZX+OY9MAoti8i8ajalxhljo UsmabcU6FISmRmvmsEOU/8q+CyzVx2FpeLd/lUpVI5Dj+4TALHmTmtgHgXiwaSEt 4pS1dX16lxE5+K4y8vK94fm2lsBNGtKy4zNDAZKmh+4eilE9tIoAh9Ba3EEHiVPu oVyRvqF9OmCbPyTlH9BcpqcTc+hjiI9xe9uoThyIQNth9NiLYHuJlBnDhrf190Hv Yt0akguakyCY1XTBi1oPLrPLS7EFyZKGiWlbYccMJYuX0Txegms/GtWxwX+Jn6y6 vuqNULYFcv0= =mGCJ -----END PGP SIGNATURE-----
--- End Message ---