Bug#1073202: bookworm-pu: package python-aiosmtpd/1.4.3-1.1+deb12u1

To: Dale Richards <dale@dalerichards.net>, 1073202@bugs.debian.org
Subject: Bug#1073202: bookworm-pu: package python-aiosmtpd/1.4.3-1.1+deb12u1
From: Jonathan Wiltshire <jmw@debian.org>
Date: Sat, 15 Jun 2024 22:38:00 +0100
Message-id: <[🔎] Zm4JuBJ8Ddevxic2@powdarrmonkey.net>
Reply-to: Jonathan Wiltshire <jmw@debian.org>, 1073202@bugs.debian.org
In-reply-to: <[🔎] 171837009609.132048.15443386478324185336.reportbug@melina>
References: <[🔎] 171837009609.132048.15443386478324185336.reportbug@melina> <[🔎] 171837009609.132048.15443386478324185336.reportbug@melina>

Control: tag -1 confirmed

On Fri, Jun 14, 2024 at 02:01:36PM +0100, Dale Richards wrote:
> [ Reason ]
> This update resolves two security vulnerabilities present in
> the version of python-aiosmtpd in Bookworm (1.4.3-1.1):
> 
>   * CVE-2024-27305 - SMTP smuggling due to poor handling of
>     non-standard line endings (Bug: #1066820)
>   * CVE-2024-34083 - STARTTLS unencrypted command injection
>     (Bug: #1072119)
> 
> These have both been deemed unworthy of a DSA, but the
> Security Team have suggested we update this package for the
> next Bookworm point release.

Please go ahead.

Thanks,

-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Reply to:

References:
- Bug#1073202: bookworm-pu: package python-aiosmtpd/1.4.3-1.1+deb12u1
  - From: Dale Richards <dale@dalerichards.net>

Prev by Date: Processed: Re: Bug#1073202: bookworm-pu: package python-aiosmtpd/1.4.3-1.1+deb12u1
Next by Date: Bug#1071267: bookworm-pu: package ipmitool/1.8.19-4
Previous by thread: Processed: Re: Bug#1073202: bookworm-pu: package python-aiosmtpd/1.4.3-1.1+deb12u1
Next by thread: Bug#1073202: python-aiosmtpd 1.4.3-1.1+deb12u1 flagged for acceptance
Index(es):
- Date
- Thread