Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9a2a182d by Sylvain Beucler at 2024-03-11T12:07:53+01:00 Revert "Removed sendmail from dla-needed since there is no CVE marked as need for a fix for buster." This reverts commit f95d3ce82bb4c126f1895a4fc26d26e068cd8ccb. Rationale: - SMTP Smuggling (CVE-2023-51765) had significant impact - SMTP Smuggling was fixed in e.g. Postfix and Exim - Sendmail is sponsored for LTS - Preliminary LTS work was done - CVE-2023-51765 is still not triaged for sendmail/buster Consequently it's hard to explain why we would not attempt to fix it. In this case, I believe LTS should make an effort to fix sendmail for all dists, rather than follow secteam's initial triage. - - - - - 1 changed file: - data/dla-needed.txt Changes: ===================================== data/dla-needed.txt ===================================== @@ -220,6 +220,15 @@ ruby-rack (Adrian Bunk) samba NOTE: 20230918: Added by Front-Desk (apo) -- +sendmail + NOTE: 20231224: Added by Front-Desk (ta) + NOTE: 20240213: Patch need to be extracted (rouca). Upstream does not publish patches (CVE-2023-51765) + NOTE: 20240217: Patch extracted and being reviewed (rouca) + NOTE: 20240310: Dropped from dla-needed.txt (ola/front-desk) + NOTE: 20240311: Re-added to dla-needed.txt; while secteam tagged it no-dsa in later dists, + NOTE: 20240311: I believe we should fix this sponsored package, like postfix and exim, in all dists, + NOTE: 20240311: please coordinate with the package maintainer to help make this happen. (Beuc/front-desk) +-- shim NOTE: 20240306: Added by Front-Desk (opal) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a2a182dc53f0632ecd32108c91c071bdad76289 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a2a182dc53f0632ecd32108c91c071bdad76289 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
