Bug#1053310: marked as done (exim4-base: Various severe CVE reports are outstanding)

Mon, 16 Oct 2023 09:51:16 -0700 

Your message dated Mon, 16 Oct 2023 16:49:09 +0000
with message-id <e1qsqmd-006pnp...@fasolo.debian.org>
and subject line Bug#1053310: fixed in exim4 4.97~RC2-2
has caused the Debian Bug report #1053310,
regarding exim4-base: Various severe CVE reports are outstanding
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1053310: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053310
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: exim4-base
Version: 4.94.2-7
Severity: critical
Justification: breaks the whole system

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

There are various CVE report with a rating of 9.8/10.

CVE-2023-42119
CVE-2023-42118
CVE-2023-42117
CVE-2023-42116
CVE-2023-42115
CVE-2023-42114

It would help if there would be a statement by the Debian exim maintainer team, 
by when updates are expected to arrive.

This would at least help to judge, if I should migrate my systems to postfix or 
if I can wait for a bugfix.


*** End of the template - remove these template lines ***


-- Package-specific info:
Exim version 4.94.2 #2 built 13-Jul-2021 16:04:57
Copyright (c) University of Cambridge, 1995 - 2018
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2018
Berkeley DB: Berkeley DB 5.3.28: (September  9, 2013)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS 
move_frozen_messages Content_Scanning DANE DKIM DNSSEC Event I18N OCSP 
PIPE_CONNECT PRDR PROXY SOCKS TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz 
dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa tls
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Configuration file search path is 
/etc/exim4/exim4.conf:/var/lib/exim4/config.autogenerated
Configuration file is /var/lib/exim4/config.autogenerated

-- System Information:
Debian Release: 11.7
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 
'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-25-amd64 (SMP w/2 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages exim4-base depends on:
ii  adduser                        3.118
ii  cron [cron-daemon]             3.0pl1-137
ii  debconf [debconf-2.0]          1.5.77
ii  exim4-config [exim4-config-2]  4.94.2-7
ii  libc6                          2.31-13+deb11u6
ii  libdb5.3                       5.3.28+dfsg1-0.8
ii  lsb-base                       11.1.0
ii  netbase                        6.3
ii  systemd-sysv                   247.3-7+deb11u4

Versions of packages exim4-base recommends:
ii  mailutils [mailx]  1:3.10-3+b1
ii  psmisc             23.4-2

Versions of packages exim4-base suggests:
ii  emacs-gtk [mail-reader]          1:27.1+1-3.1+deb11u2
pn  exim4-doc-html | exim4-doc-info  <none>
pn  eximon4                          <none>
ii  file                             1:5.39-3+deb11u1
ii  mailutils [mail-reader]          1:3.10-3+b1
ii  openssl                          1.1.1n-0+deb11u5
pn  spf-tools-perl                   <none>
pn  swaks                            <none>

-- Configuration Files:
/etc/logrotate.d/exim4-base changed [not included]
/etc/logrotate.d/exim4-paniclog changed [not included]

-- debconf information excluded

--- End Message ---
--- Begin Message --- 
Source: exim4
Source-Version: 4.97~RC2-2
Done: Andreas Metzler <ametz...@debian.org>

We believe that the bug you reported is fixed in the latest version of
exim4, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1053...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Metzler <ametz...@debian.org> (supplier of updated exim4 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 16 Oct 2023 18:26:40 +0200
Source: exim4
Architecture: source
Version: 4.97~RC2-2
Distribution: unstable
Urgency: high
Maintainer: Exim4 Maintainers <pkg-exim4-maintain...@lists.alioth.debian.org>
Changed-By: Andreas Metzler <ametz...@debian.org>
Closes: 1053310
Changes:
 exim4 (4.97~RC2-2) unstable; urgency=high
 .
   * 76_changesfrom_4.96.2.diff: Pull fixes for CVE-2023-42117 and
     CVE-2023-41227 from upstream GIT master. Closes: #1053310
Checksums-Sha1: 
 abf85e45bb905dec050ca2f7b993e5f8c12a6c61 2951 exim4_4.97~RC2-2.dsc
 eda60800413392ec7aee9b96a4e094b06061c82c 474432 exim4_4.97~RC2-2.debian.tar.xz
Checksums-Sha256: 
 0cf75a0bb68fd1819903eb66a57563ebeafce145c458ab0f19761538052c41e3 2951 
exim4_4.97~RC2-2.dsc
 23571277b2538c787bdb6b0b6cd5539b2b3b04abcc00778ffd9bf7fae6ed468f 474432 
exim4_4.97~RC2-2.debian.tar.xz
Files: 
 ee0bf7242c2150132231a3e70146c6e7 2951 mail standard exim4_4.97~RC2-2.dsc
 bd145cc76f727d45709c96dacc6c64b1 474432 mail standard 
exim4_4.97~RC2-2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmUtZV0ACgkQpU8BhUOC
FIQduQ//TOMemJC82Wzpmlx1YBxsAecUrEr6PwrcJBFdqL2+LgGhhO+oAmOdHYcz
iSPT5OaoHKjk65VjVGkz07IeG4eLoS8i/Z1+Vd5Gt2pNCTyuR4wqSfp1YXLa9d4s
pDyNw/ll5bvvzsVbxFhDxUtjtfsnxpoySCXrakczUTbWJtV3zuAmmbaMVuCTEpzH
tuOpXgf2A98/TdCcKdfXELZzc1pTNKKTpVIbCPkUIpIYHXRmI4/zFVp5xMZcOTdy
yUGT/J/ttUbVCdMvyW5TPMBGquEYokHyJDAiTN+NM70x2Fey5avkWZlGiSFjuyIG
8STtPb0gwb5MusaOZTrHL5CCQKgOgg1SsZAfi5pUhh8CGClVXlOI1YYt6p9jGNxe
ubl4kkppZlfZ/YaU4hZHzLcAfezBsGOd4YGHCABIh5ugJQWrTFAhIg0C7XMcJi7X
NTJpTMLxl8URz1IBdweANq5KpIqkGyIHOIzdGL/XQCxr0OQsARzsUn7B6bMSYIZz
7w3fYgvFgL2V7fffYpMxnFoKC/NPb4hH8E3muCbi+g6PiI+VWkxoP/P1iC/l9rUS
cbUvZWIp13ptFGZK/IX2YXAqlLNfHc+w76XnTr6WYdLy2Am8PXudgRh30F4SC2BG
wpWT6UaYTBSEPZbb4mHf//e9BOQFVJ5nnLv3OUVbJS8j+nFjTDA=
=tELE
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to