Bug#991119: postsrsd security update

Hi, On 14-07-2021 22:05, Oxan van Leeuwen wrote: Hi Tomasz, Another (low-severity) security update for postsrsd is required (see #994039). For bullseye, I've prepared a package in the master branch on Salsa. Can you upload that to unstable? Given the imminent freeze I've filed a

Bug#991120: buster-pu: package postsrsd/1.5-2+deb10u2

srsd (1.5-2+deb10u2) UNRELEASED; urgency=medium + + * Fix CVE-2021-35525: potential DoS when Postfix sends certain long data +fields such as multiple concatenated email addresses. Fix backported from +upstream commit 077be98d8c8. (Closes: #990439) + + -- Oxan van Leeuwen Wed, 14 Jul 2021 2

Bug#991119: unblock: postsrsd/1.10-2

) + + -- Oxan van Leeuwen Wed, 14 Jul 2021 21:21:11 +0200 + +postsrsd (1.10-1) unstable; urgency=medium * New upstream release (Closes: #975633) * Drop patches integrated upstream diff -Nru postsrsd-1.10/debian/patches/0002-SECURITY-Fix-DoS-on-overly-long-input-from-Postfix.patch postsrsd-1.10

Bug#977782: buster-pu: package postsrsd/1.5-2

Hi, On 30-01-2021 21:27, Salvatore Bonaccorso wrote: I noticed that today there was an upload to security-master for it. Given our previous discussion, was this an oversight? I just have rejected the package, could you please upload it for the upcoming point release instead to ftp-master? Ah,

Bug#977782: buster-pu: package postsrsd/1.5-2

0-35573: Ensure timestamp tags aren't too long before trying to +decode them, to protect against a potential denial-of-service attack +(backported from upstream commit 4733fb1). + + -- Oxan van Leeuwen Sat, 19 Dec 2020 01:36:37 +0100 + postsrsd (1.5-2) unstable; urgency=medium * Increase