Package: opensmtpd Version: 6.6.1p1-5~bpo10+1 Severity: critical Tags: security upstream Justification: root security hole
Dear Maintainer, Opensmtpd 6.6.1 has 2 critical vulnerabilities, including one that results in a remote root arbitray code execution see https://www.mail-archive.com/misc@opensmtpd.org/msg04850.html -- System Information: Debian Release: 10.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable'), (90, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-6-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages opensmtpd depends on: ii adduser 3.118 ii debconf [debconf-2.0] 1.5.71 ii ed 1.15-1 ii init-system-helpers 1.56+nmu1 ii libasr0 1.0.2-2 ii libc6 2.28-10 ii libdb5.3 5.3.28+dfsg1-0.5 ii libevent-2.1-6 2.1.8-stable-4 ii libpam0g 1.3.1-5 ii libssl1.1 1.1.1d-0+deb10u2 ii lsb-base 10.2019051400 ii zlib1g 1:1.2.11.dfsg-1 Versions of packages opensmtpd recommends: ii opensmtpd-extras 6.6.0-1~bpo10+1 Versions of packages opensmtpd suggests: ii ca-certificates 20190110 -- Configuration Files: /etc/smtpd.conf changed [not included] -- debconf information excluded
