On 29 December 2023 14:02:24 CET, Jonathan Wiltshire <j...@debian.org> wrote: >----------------------------------------------------------------------- >Debian Stable Updates Announcement SUA 249-1 https://www.debian.org >debian-release@lists.debian.org Scott Kitterman >December 29th, 2023 >----------------------------------------------------------------------- > >Package : postfix >Version : 3.7.9-0+deb12u1 [bookworm] > : 3.5.23-0+deb11u1 [bullseye] >Importance : medium > >Postfix is a high-performance mail transport agent. > >This update consists of recommended upstream bug fixes since the versions >in bullseye and bookworm. In particular, a fix for CVE-2023-51764 (SMTP >smuggling) requires a configuration change to take full effect. > >The configuration change is not done automatically to avoid causing issues >with existing installations. Users should consult the relevant Postfix >documentation [1] before setting "smtpd_forbid_bare_newline = yes" in the >main.cf file. > > 1: https://www.postfix.org/smtp-smuggling.html > > >Upgrade Instructions >-------------------- > >You can get the updated packages by adding the stable-updates archive >for your distribution to your /etc/apt/sources.list: > > deb https://deb.debian.org/debian bookworm-updates main > deb-src https://deb.debian.org/debian bookworm-updates main > > or > > deb https://deb.debian.org/debian bullseye-updates main > deb-src https://deb.debian.org/debian bullseye-updates main > >You can also use any of the Debian archive mirrors. See >https://www.debian.org/mirrors/list for the full list of mirrors. > >For further information about stable-updates, please refer to >https://lists.debian.org/debian-devel-announce/2011/03/msg00010.html > >If you encounter any issues, please don't hesitate to get in touch with >the Debian Release Team at debian-release@lists.debian.org >
