Bug#1059386: marked as done (sendmail: CVE-2023-51765)
Your message dated Mon, 15 Jan 2024 13:05:25 + with message-id and subject line Bug#1059386: fixed in sendmail 8.18.0.2-1 has caused the Debian Bug report #1059386, regarding sendmail: CVE-2023-51765 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1059386: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059386 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: sendmail Version: 8.17.2-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for sendmail. CVE-2023-51765[0]: | sendmail through at least 8.14.7 allows SMTP smuggling in certain | configurations. Remote attackers can use a published exploitation | technique to inject e-mail messages that appear to originate from | the sendmail server, allowing bypass of an SPF protection mechanism. | This occurs because sendmail supports . but some other | popular e-mail servers do not. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-51765 https://www.cve.org/CVERecord?id=CVE-2023-51765 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: sendmail Source-Version: 8.18.0.2-1 Done: Andreas Beckmann We believe that the bug you reported is fixed in the latest version of sendmail, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1059...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Beckmann (supplier of updated sendmail package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 15 Jan 2024 13:35:18 +0100 Source: sendmail Architecture: source Version: 8.18.0.2-1 Distribution: experimental Urgency: medium Maintainer: Debian QA Group Changed-By: Andreas Beckmann Closes: 1039365 1059386 Changes: sendmail (8.18.0.2-1) experimental; urgency=medium . * QA upload. * New upstream snapshot. * Refresh patches. * Enable _FFR_REQ_CRLF and _FFR_BARE_LF. (Closes: #1059386) * Add systemd unit (calling /etc/init.d/sendmail). (Closes: #1039365) * Refresh upstream signing keys. * salsa-ci: Use --vary=domain_host.use_sudo=1. * Upload to experimental. Checksums-Sha1: b850c87238b5358775e051df915ad1681cb178dc 2842 sendmail_8.18.0.2-1.dsc 395596225b12e6cd86ef2ece796710c8ab3b4d55 2330539 sendmail_8.18.0.2.orig.tar.gz e2f6bfaf287b834677dba2c8d2e008e4a7792777 801 sendmail_8.18.0.2.orig.tar.gz.asc c0268176a5e7ace96c99bfbad728fbc8fb539e6c 247836 sendmail_8.18.0.2-1.debian.tar.xz e74c4e1327353103eb016f3855f0a2a4bbb45e65 6414 sendmail_8.18.0.2-1_source.buildinfo Checksums-Sha256: bf3396aac18a3c9085db7325aa1c5d98e71d791b11cfc4128713ea28d7ff571a 2842 sendmail_8.18.0.2-1.dsc b8f64c67f94dc6ff0f65498636f8f90b794e58ded15a05650a98115167b60773 2330539 sendmail_8.18.0.2.orig.tar.gz c0e6b1eb0aac0b0d906db16f042c2bbee7dbc9a906e559a4257ec29fb2208f18 801 sendmail_8.18.0.2.orig.tar.gz.asc c6063c0e0d139e20a4f86161d7f492d52475c0cfb49f19697c22bcb9929cc563 247836 sendmail_8.18.0.2-1.debian.tar.xz e7dd8085ca23a47cad20b60c1a940883eb9150906062a40cde552a8889368086 6414 sendmail_8.18.0.2-1_source.buildinfo Files: 25da333f494a69e2b80d567d5a938f39 2842 mail optional sendmail_8.18.0.2-1.dsc e1e8892ea4c50c8107302e97fb2a3c80 2330539 mail optional sendmail_8.18.0.2.orig.tar.gz 940e0cea2371608de2cde41e9fa44ede 801 mail optional sendmail_8.18.0.2.orig.tar.gz.asc 7333ac0e3cd4db353e4ef20106938e41 247836 mail optional sendmail_8.18.0.2-1.debian.tar.xz 485cc359c43150b794fc91edc9bfc677 6414 mail optional sendmail_8.18.0.2-1_source.buildinfo -BEGIN PGP SIGNATURE- iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmWlKF4QHGFuYmVAZGVi aWFuLm9yZwAKCRBfsz+TWentCDTUD/0e1OHXB3YErJ5jZ3hgsOJxp2dD2en5sCHK oG3s2lT4jFZB+I0LgP+xU3gZO3vzWg49nkQ0HUEuHTBpoL32BDVDMpgM3ZGFKVJL 235SCAtwRxQFFhShXSw+aac5UV9mx3YNxGkFTbtKCWapRS4ijdRBkDxTu/FakLaV Zl2UnR3uJhWSVnBx+g9sKySlIMIxMBns2SldkYwRbQ6T4FyKey56ORYtsuAKNyj2 VpCC9SEQtTuU
Processing of sendmail_8.18.0.2-1_source.changes
sendmail_8.18.0.2-1_source.changes uploaded successfully to localhost along with the files: sendmail_8.18.0.2-1.dsc sendmail_8.18.0.2.orig.tar.gz sendmail_8.18.0.2.orig.tar.gz.asc sendmail_8.18.0.2-1.debian.tar.xz sendmail_8.18.0.2-1_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
sendmail_8.18.0.2-1_source.changes ACCEPTED into experimental
Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 15 Jan 2024 13:35:18 +0100 Source: sendmail Architecture: source Version: 8.18.0.2-1 Distribution: experimental Urgency: medium Maintainer: Debian QA Group Changed-By: Andreas Beckmann Closes: 1039365 1059386 Changes: sendmail (8.18.0.2-1) experimental; urgency=medium . * QA upload. * New upstream snapshot. * Refresh patches. * Enable _FFR_REQ_CRLF and _FFR_BARE_LF. (Closes: #1059386) * Add systemd unit (calling /etc/init.d/sendmail). (Closes: #1039365) * Refresh upstream signing keys. * salsa-ci: Use --vary=domain_host.use_sudo=1. * Upload to experimental. Checksums-Sha1: b850c87238b5358775e051df915ad1681cb178dc 2842 sendmail_8.18.0.2-1.dsc 395596225b12e6cd86ef2ece796710c8ab3b4d55 2330539 sendmail_8.18.0.2.orig.tar.gz e2f6bfaf287b834677dba2c8d2e008e4a7792777 801 sendmail_8.18.0.2.orig.tar.gz.asc c0268176a5e7ace96c99bfbad728fbc8fb539e6c 247836 sendmail_8.18.0.2-1.debian.tar.xz e74c4e1327353103eb016f3855f0a2a4bbb45e65 6414 sendmail_8.18.0.2-1_source.buildinfo Checksums-Sha256: bf3396aac18a3c9085db7325aa1c5d98e71d791b11cfc4128713ea28d7ff571a 2842 sendmail_8.18.0.2-1.dsc b8f64c67f94dc6ff0f65498636f8f90b794e58ded15a05650a98115167b60773 2330539 sendmail_8.18.0.2.orig.tar.gz c0e6b1eb0aac0b0d906db16f042c2bbee7dbc9a906e559a4257ec29fb2208f18 801 sendmail_8.18.0.2.orig.tar.gz.asc c6063c0e0d139e20a4f86161d7f492d52475c0cfb49f19697c22bcb9929cc563 247836 sendmail_8.18.0.2-1.debian.tar.xz e7dd8085ca23a47cad20b60c1a940883eb9150906062a40cde552a8889368086 6414 sendmail_8.18.0.2-1_source.buildinfo Files: 25da333f494a69e2b80d567d5a938f39 2842 mail optional sendmail_8.18.0.2-1.dsc e1e8892ea4c50c8107302e97fb2a3c80 2330539 mail optional sendmail_8.18.0.2.orig.tar.gz 940e0cea2371608de2cde41e9fa44ede 801 mail optional sendmail_8.18.0.2.orig.tar.gz.asc 7333ac0e3cd4db353e4ef20106938e41 247836 mail optional sendmail_8.18.0.2-1.debian.tar.xz 485cc359c43150b794fc91edc9bfc677 6414 mail optional sendmail_8.18.0.2-1_source.buildinfo -BEGIN PGP SIGNATURE- iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmWlKF4QHGFuYmVAZGVi aWFuLm9yZwAKCRBfsz+TWentCDTUD/0e1OHXB3YErJ5jZ3hgsOJxp2dD2en5sCHK oG3s2lT4jFZB+I0LgP+xU3gZO3vzWg49nkQ0HUEuHTBpoL32BDVDMpgM3ZGFKVJL 235SCAtwRxQFFhShXSw+aac5UV9mx3YNxGkFTbtKCWapRS4ijdRBkDxTu/FakLaV Zl2UnR3uJhWSVnBx+g9sKySlIMIxMBns2SldkYwRbQ6T4FyKey56ORYtsuAKNyj2 VpCC9SEQtTuU2Rp32ZDxDy7KFuQHo1/uw0tqyG9Lp+4MgbckIIPPBEbrgU1tivuW Uw0+/PTADWbMJ8x/PKuf6iUt/Env9yMn1E+4/D4G11TN4lolTmpPGl3x+OnNJrIw hDszavuOiI94gQY0mzuA7MiIU2A8XDcD810KoikFW+WV9OS6lqyyaCGEnwei908f 96YInlEwLRIMoLIP+NxNsGDEoLQz2aIaIw6uqQzcj5YxyTorTgg+Q9sGgbKMvleK yACu38M3r5u+JqFp1xVfEQdF6BM4PWmCZ3JfN/PpUcRuvFrdSzsT5sc6VnsSrx6+ c7owGSrxcjy7ATpkoC1gjzLJxWkOH3RRGkENs+VEjmDEVHRbtT93zbCPXgdizqXm lN0+gV0wJ5z9RYfLUK/IAk20UNbIZUXy38fkYMCvKWoXaZ8h1c0GSypo9ME/3BMU OSjLwd1u7A== =j+Py -END PGP SIGNATURE-
Bug#1039365: marked as done (sendmail: ships sysv-init script without systemd unit)
Your message dated Mon, 15 Jan 2024 13:05:25 + with message-id and subject line Bug#1039365: fixed in sendmail 8.18.0.2-1 has caused the Debian Bug report #1039365, regarding sendmail: ships sysv-init script without systemd unit to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1039365: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039365 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: sendmail Severity: important User: bl...@debian.org Usertags: missing-systemd-service Dear Maintainer(s), sendmail has been flagged by Lintian as shipping a sysv-init script without a corresponding systemd unit file. The default init system in Debian is systemd, and so far this worked because a transitional sysv-init-to-unit generator was shipped by systemd. This is in the process of being deprecated and will be removed by the time Trixie ships, so the remaining packages that ship init scripts without systemd units will stop working. There are various advantages to using native units, for example the legacy generator cannot tell the different between a oneshot service and a long running daemon. Also, sanboxing and security features become available for services. For more information, consult the systemd documentation: https://www.freedesktop.org/software/systemd/man/systemd.unit.html You can find the Lintian warning here: https://lintian.debian.org/sources/sendmail In case this is a false positive, please add a Lintian override to silence it and then close this bug. Thanks! --- End Message --- --- Begin Message --- Source: sendmail Source-Version: 8.18.0.2-1 Done: Andreas Beckmann We believe that the bug you reported is fixed in the latest version of sendmail, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1039...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Beckmann (supplier of updated sendmail package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 15 Jan 2024 13:35:18 +0100 Source: sendmail Architecture: source Version: 8.18.0.2-1 Distribution: experimental Urgency: medium Maintainer: Debian QA Group Changed-By: Andreas Beckmann Closes: 1039365 1059386 Changes: sendmail (8.18.0.2-1) experimental; urgency=medium . * QA upload. * New upstream snapshot. * Refresh patches. * Enable _FFR_REQ_CRLF and _FFR_BARE_LF. (Closes: #1059386) * Add systemd unit (calling /etc/init.d/sendmail). (Closes: #1039365) * Refresh upstream signing keys. * salsa-ci: Use --vary=domain_host.use_sudo=1. * Upload to experimental. Checksums-Sha1: b850c87238b5358775e051df915ad1681cb178dc 2842 sendmail_8.18.0.2-1.dsc 395596225b12e6cd86ef2ece796710c8ab3b4d55 2330539 sendmail_8.18.0.2.orig.tar.gz e2f6bfaf287b834677dba2c8d2e008e4a7792777 801 sendmail_8.18.0.2.orig.tar.gz.asc c0268176a5e7ace96c99bfbad728fbc8fb539e6c 247836 sendmail_8.18.0.2-1.debian.tar.xz e74c4e1327353103eb016f3855f0a2a4bbb45e65 6414 sendmail_8.18.0.2-1_source.buildinfo Checksums-Sha256: bf3396aac18a3c9085db7325aa1c5d98e71d791b11cfc4128713ea28d7ff571a 2842 sendmail_8.18.0.2-1.dsc b8f64c67f94dc6ff0f65498636f8f90b794e58ded15a05650a98115167b60773 2330539 sendmail_8.18.0.2.orig.tar.gz c0e6b1eb0aac0b0d906db16f042c2bbee7dbc9a906e559a4257ec29fb2208f18 801 sendmail_8.18.0.2.orig.tar.gz.asc c6063c0e0d139e20a4f86161d7f492d52475c0cfb49f19697c22bcb9929cc563 247836 sendmail_8.18.0.2-1.debian.tar.xz e7dd8085ca23a47cad20b60c1a940883eb9150906062a40cde552a8889368086 6414 sendmail_8.18.0.2-1_source.buildinfo Files: 25da333f494a69e2b80d567d5a938f39 2842 mail optional sendmail_8.18.0.2-1.dsc e1e8892ea4c50c8107302e97fb2a3c80 2330539 mail optional sendmail_8.18.0.2.orig.tar.gz 940e0cea2371608de2cde41e9fa44ede 801 mail optional sendmail_8.18.0.2.orig.tar.gz.asc 7333ac0e3cd4db353e4ef20106938e41 247836 mail optional sendmail_8.18.0.2-1.debian.tar.xz 485cc359c43150b794fc91edc9bfc677 6414 mail optional sendmail_8.18.0.2-1_source.buildinfo -BEGIN PGP SIGNATURE- iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmWlKF4QHGFuYmVAZGVi aWFuLm9yZwAKCRBfsz+TWentCDTUD/0e1OHXB3YErJ5jZ3hgsOJxp2dD2en5sCHK oG3s2lT4jFZB+
Bug#1060855: RM: nxcl -- RoQA; orphaned; dead upstream
Package: ftp.debian.org Severity: normal User: ftp.debian@packages.debian.org Usertags: remove X-Debbugs-Cc: n...@packages.debian.org, alexandre.deti...@gmail.com Control: affects -1 + src:nxcl Please remove nxcl from the archive. It is orphaned since 2014 and dead upstream. It also has a very low popcon, so it is most probably unused. With nx-libs, there is a maintained alternative. Am 15.01.24 um 12:14 schrieb Alexandre Detiste: $ apt rdepends libnxcl1 libnxcl1 Reverse Depends: Depends: libnxcl-dev (= 0.9-3.1+b1) Depends: libnxcl-bin https://qa.debian.org/popcon.php?package=nxcl
Processing of poco_1.11.0-4_source.changes
poco_1.11.0-4_source.changes uploaded successfully to localhost along with the files: poco_1.11.0-4.dsc poco_1.11.0.orig.tar.bz2 poco_1.11.0-4.debian.tar.xz poco_1.11.0-4_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
