Control: tag -1 confirmed On Fri, Jun 14, 2024 at 02:01:36PM +0100, Dale Richards wrote: > [ Reason ] > This update resolves two security vulnerabilities present in > the version of python-aiosmtpd in Bookworm (1.4.3-1.1): > > * CVE-2024-27305 - SMTP smuggling due to poor handling of > non-standard line endings (Bug: #1066820) > * CVE-2024-34083 - STARTTLS unencrypted command injection > (Bug: #1072119) > > These have both been deemed unworthy of a DSA, but the > Security Team have suggested we update this package for the > next Bookworm point release.
Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
