UbuntuUpdates.org

Package "postfix-doc"

Name: postfix-doc

Description:

Documentation for Postfix
Latest version: 3.8.1-2ubuntu0.2
Release: mantic (23.10)
Level: security
Repository: main
Head package: postfix
Homepage: https://www.postfix.org

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "postfix-doc"

All arch deb package
APT INSTALL

Other versions of "postfix-doc" in Mantic

Repository Area Version
base main 3.8.1-2
updates main 3.8.1-2ubuntu0.2

Changelog

Version: 3.8.1-2ubuntu0.2 2024-01-31 10:10:55 UTC

  postfix (3.8.1-2ubuntu0.2) mantic-security; urgency=medium

  * SECURITY UPDATE: SMTP smuggling (LP: #2049337)
    - debian/patches/CVE-2023-51764-2.patch: improved fix with reduced
      risks of regression. Introduced
      "smtpd_forbid_bare_newline = normalize".
    - CVE-2023-51764

 -- Allen Huang <email address hidden> Tue, 30 Jan 2024 15:39:43 +0800
Source diff to previous version
2049337 CVE-2023-51764: SMTP smuggling
CVE-2023-51764 Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=c

Version: 3.8.1-2ubuntu0.1 2024-01-22 12:07:34 UTC

  postfix (3.8.1-2ubuntu0.1) mantic-security; urgency=medium

  * SECURITY UPDATE: SMTP smuggling (LP: #2049337)
    - debian/patches/CVE-2023-51764.patch: introduced
      `smtpd_forbid_bare_newline`. With "smtpd_forbid_bare_newline = yes",
      the Postfix SMTP server disconnects a remote SMTP client that
      sends a line ending in a 'bare newline'.
    - CVE-2023-51764

 -- Allen Huang <email address hidden> Fri, 19 Jan 2024 12:30:34 +0000
2049337 CVE-2023-51764: SMTP smuggling
CVE-2023-51764 Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=c


About   -   Send Feedback to @ubuntu_updates