Source: sendmail Version: 8.17.2-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for sendmail. CVE-2023-51765[0]: | sendmail through at least 8.14.7 allows SMTP smuggling in certain | configurations. Remote attackers can use a published exploitation | technique to inject e-mail messages that appear to originate from | the sendmail server, allowing bypass of an SPF protection mechanism. | This occurs because sendmail supports <LF>.<CR><LF> but some other | popular e-mail servers do not. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-51765 https://www.cve.org/CVERecord?id=CVE-2023-51765 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
