Control: tag -1 confirmed On Fri, Jun 14, 2024 at 03:00:46PM +0100, Dale Richards wrote: > [ Reason ] > This update resolves two security vulnerabilities present in > the version of python-aiosmtpd in Bullseye (1.2.2-1): > > * CVE-2024-27305 - SMTP smuggling due to poor handling of > non-standard line endings (Bug: #1066820) > * CVE-2024-34083 - STARTTLS unencrypted command injection > (Bug: #1072119)
Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1