[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Install OpenSMTPD from source or use the Debian packages?

On Wed, Feb 12, 2020 at 12:13 Tixy <tixy@yxit.co.uk> wrote:
On Wed, 2020-02-12 at 11:53 -0600, Tom Browder wrote:
> I started looking in to use of OpenSMPTD for a mail server and have
> installed it from Debian packages.
>
> In the process of reading a blog article by the current developer I
> discovered the upstream is now at version 6.6.2p1+ after some serious
> security issues were discovered by SSL Labs (Qualys). Note that
> Debian
> 10 is only at version 6.0.3p1!

Are the security issues you are worried about not already fixed in
Debian's package? To check, you can look at the changelog for the
security update released two weeks ago...
https://metadata.ftp-master.debian.org/changelogs//main/o/opensmtpd/opensmtpd_6.0.3p1-5+deb10u3_changelog

Tixy, thanks. I did check the latest Deb 10 version but not the change log. I was fooled by the Debian version number which looks like the BSD number which I guess never changes. The change log does show the 6.6 and the vulnerability mentioned which Debian fixed.

That is a good lesson for me for the future.

-Tom

Reply to: