It seems this has stalled. Most distros have already released a patched
version of libspf2. While I agree it's unclear whether the currently
available patch fixes this CVE, it does however fix an underflow that
would be relevant to release as a security fix, I think. Libspf2 has
tried to reach
so, and Debian is lagging behind. This is even more serious
considering exim is the default MTA on Debian, while many other distros
opt for postfix.
Kind regards,
Bert Van de Poel
On 18/10/2023 11:56, Salvatore Bonaccorso wrote:
Hi,
On Fri, Oct 13, 2023 at 12:05:19PM +0200, Bert Van de Poel
Package: libspf2-2
Version: 1.2.10-7.1~deb11u1
Severity: critical
Tags: security patch
Justification: root security hole
X-Debbugs-Cc: Debian Security Team
As already outlined on
https://security-tracker.debian.org/tracker/CVE-2023-42118 there's a known
security issue in libspf2 found through
Package: wnpp
Severity: wishlist
Owner: Bert Van de Poel
* Package name : eutl
Version : date based?
Upstream Author : The European Union
* URL : https://ec.europa.eu/digital-single-market/en/eu-trusted-lists
* License : NA
Programming Lang: NA
Description : The European Union Trust List
4 matches
Mail list logo