On Wed, Feb 12, 2020 at 12:13 Tixy <t...@yxit.co.uk> wrote: > On Wed, 2020-02-12 at 11:53 -0600, Tom Browder wrote: > > I started looking in to use of OpenSMPTD for a mail server and have > > installed it from Debian packages. > > > > In the process of reading a blog article by the current developer I > > discovered the upstream is now at version 6.6.2p1+ after some serious > > security issues were discovered by SSL Labs (Qualys). Note that > > Debian > > 10 is only at version 6.0.3p1! > > Are the security issues you are worried about not already fixed in > Debian's package? To check, you can look at the changelog for the > security update released two weeks ago... > > https://metadata.ftp-master.debian.org/changelogs//main/o/opensmtpd/opensmtpd_6.0.3p1-5+deb10u3_changelog
Tixy, thanks. I did check the latest Deb 10 version but not the change log. I was fooled by the Debian version number which looks like the BSD number which I guess never changes. The change log does show the 6.6 and the vulnerability mentioned which Debian fixed. That is a good lesson for me for the future. -Tom
