This bug was fixed in the package exim4 - 4.72-1ubuntu1 --------------- exim4 (4.72-1ubuntu1) maverick; urgency=low
* Merge with Debian unstable (LP: #609620). Remaining changes: + debian/patches/71_exiq_grep_error_on_messages_without_size.dpatch: Improve handling of broken messages when "exim4 -bp" (mailq) reports lines without size info. + Don't declare a Provides: default-mta; in Ubuntu, we want postfix to be the default. + debian/control: Change build dependencies to MySQL 5.1. + debian/{control,rules}: add and enable hardened build for PIE (Closes: #542726). exim4 (4.72-1) unstable; urgency=low * New upstream release. (Identical to the git snapshot previously uploaded to experimental.) exim4 (4.72~20100529-1) experimental; urgency=low * Git snapshot 20100529. + Fix documentation for exipick -bpra. #574778 + CVE-2010-2024: Protect against symlink attacks on MBX lockfile in /tmp. (Debian's default configuration does not use MBX format, but the exim4-daemon-heavy binary supports MBX.) + CVE-2010-2023 Prevent hardlink attack on mbox sticky mail directory. (Probably not relevant for Debian systems at all, since the mail spool is 2775 root:mail.) + Dovecot authenticator ignores unknown keywords, making it compatible with version 1.1 of Dovecot authentication protocol. (= dovecot 2.0). See Changelog for complete list. * Drop patches included upstream: 36_typoinexipick.diff 20_PDKIM-Upgrade-PolarSSL.diff. exim4 (4.71-4) unstable; urgency=low * Drop unneeded lintian overrides. + description-contains-homepage + debian/source.lintian-overrides dbg-package-missing-depends exim4-dbg. + partially-translated-question + maintainer-script-needs-depends-on-update-inetd + possible-bashism-in-maintainer-script + binary-without-manpage + possible-debconf-note-abuse + changelog-not-compressed-with-max-compression * Lintian informational hints: + hyphen-used-as-minus-sign. debian/manpages/exim4-config_files.5 debian/manpages/update-exim4.conf.8 debian/manpages/exiwhat.8 * Use dh_lintian. * Fix sourcing of lsb-functions in init-script. Test for existence of /usr/lib/exim4/exim4 first. Unconditionally read /lib/lsb/init-functions. If they are not present the package's dependencies are not installed. Bump dependency on lsb-base to 3.0-6. (log_action_*) * Update reference to spec.txt in README.Debian. Closes: #568051 * Invoke spfquery as spfquery.mail-spf-query-perl. There are three different implementations of spfquery in Debian, with incompatible commandline switches and different exit codes. Closes: #573956 -- Artur Rona <ari-tc...@tlen.pl> Sun, 25 Jul 2010 02:00:42 +0200 ** Changed in: exim4 (Ubuntu) Status: Confirmed => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-2023 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-2024 -- Merge exim4 4.72-1 (main) from Debian unstable (main) https://bugs.launchpad.net/bugs/609620 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs