Bug#1073206: bullseye-pu: package python-aiosmtpd/1.2.2-1+deb11u1

To: Dale Richards <dale@dalerichards.net>, 1073206@bugs.debian.org
Subject: Bug#1073206: bullseye-pu: package python-aiosmtpd/1.2.2-1+deb11u1
From: Jonathan Wiltshire <jmw@debian.org>
Date: Sat, 15 Jun 2024 19:39:10 +0100
Message-id: <[🔎] Zm3fzl0hffQCFxuC@powdarrmonkey.net>
Reply-to: Jonathan Wiltshire <jmw@debian.org>, 1073206@bugs.debian.org
In-reply-to: <[🔎] 171837364658.263037.9489051646426685346.reportbug@melina>
References: <[🔎] 171837364658.263037.9489051646426685346.reportbug@melina> <[🔎] 171837364658.263037.9489051646426685346.reportbug@melina>

Control: tag -1 confirmed

On Fri, Jun 14, 2024 at 03:00:46PM +0100, Dale Richards wrote:
> [ Reason ]
> This update resolves two security vulnerabilities present in
> the version of python-aiosmtpd in Bullseye (1.2.2-1):
> 
>   * CVE-2024-27305 - SMTP smuggling due to poor handling of
>     non-standard line endings (Bug: #1066820)
>   * CVE-2024-34083 - STARTTLS unencrypted command injection
>     (Bug: #1072119)

Please go ahead.

Thanks,

-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Reply to:

References:
- Bug#1073206: bullseye-pu: package python-aiosmtpd/1.2.2-1+deb11u1
  - From: Dale Richards <dale@dalerichards.net>

Prev by Date: Processed: Re: Bug#1073206: bullseye-pu: package python-aiosmtpd/1.2.2-1+deb11u1
Next by Date: Bug#1073231: bullseye-pu: package sendmail/8.15.2-22+deb11u1
Previous by thread: Processed: Re: Bug#1073206: bullseye-pu: package python-aiosmtpd/1.2.2-1+deb11u1
Next by thread: Bug#1073206: python-aiosmtpd 1.2.2-1+deb11u1 flagged for acceptance
Index(es):
- Date
- Thread