exim4 4.96-3ubuntu1.1 source package in Ubuntu

Changelog

exim4 (4.96-3ubuntu1.1) kinetic-security; urgency=medium

  * SECURITY UPDATE: use after free in regex handler
    - debian/patches/CVE-2022-3559-1.patch: properly clear references in
      src/exim.c, src/expand.c, src/functions.h, src/globals.c,
      src/regex.c, src/smtp_in.c.
    - debian/patches/CVE-2022-3559-2.patch: fix non-WITH_CONTENT_SCAN build
      in src/exim.c, src/regex.c.
    - debian/patches/CVE-2022-3559-3.patch: fix non-WITH_CONTENT_SCAN build
      in src/exim.c, src/functions.h, src/globals.h, src/regex.c,
      src/smtp_in.c.
    - debian/patches/CVE-2022-3559-4.patch: fix non-WITH_CONTENT_SCAN build
      in src/expand.c.
    - CVE-2022-3559

 -- Marc Deslauriers <email address hidden>  Wed, 23 Nov 2022 10:48:18 -0500

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Kinetic
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
mail
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Kinetic security main mail

Downloads

File Size SHA-256 Checksum
exim4_4.96.orig.tar.xz 1.8 MiB 299a56927b2eb3477daafd3c5bda02bc67e5c4e5898a7aeaf2740875278cf1a3
exim4_4.96.orig.tar.xz.asc 508 bytes 9d868dbe6ef823dd563371dc0aadbe58475cd6e42ac8998bfb2b922db3f0fdd0
exim4_4.96-3ubuntu1.1.debian.tar.xz 464.1 KiB b3c0e1565135a289573129e24eacf72a4a7e9256f0b0a22e99c651e26ea2b8cd
exim4_4.96-3ubuntu1.1.dsc 2.9 KiB 78dc3a3b17ef75833592ad919d9aa843192a56d092c4768319d65c12969299d9

View changes file

Binary packages built by this source

exim4: metapackage to ease Exim MTA (v4) installation

 Exim (v4) is a mail transport agent. exim4 is the metapackage depending
 on the essential components for a basic exim4 installation.
 .
 The Debian exim4 packages have their own web page,
 http://wiki.debian.org/PkgExim4. There is also a Debian-specific
 FAQ list. Information about the way the Debian packages are
 configured can be found in
 /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
 information about the way the Debian binary packages are built. The
 very extensive upstream documentation is shipped in
 /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
 configuration process in a standard setup, invoke dpkg-reconfigure
 exim4-config. There is a Debian-centered mailing list,
 pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
 questions there, and only write to the upstream exim-users mailing
 list if you are sure that your question is not Debian-specific. You
 can find the subscription web page on
 http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users

exim4-base: support files for all Exim MTA (v4) packages

 Exim (v4) is a mail transport agent. exim4-base provides the support
 files needed by all exim4 daemon packages. You need an additional package
 containing the main executable. The available packages are:
 .
  exim4-daemon-light
  exim4-daemon-heavy
 .
 If you build exim4 from the source package locally, you can also
 build an exim4-daemon-custom package tailored to your own feature set.
 .
 The Debian exim4 packages have their own web page,
 http://wiki.debian.org/PkgExim4. There is also a Debian-specific
 FAQ list. Information about the way the Debian packages are
 configured can be found in
 /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
 information about the way the Debian binary packages are built. The
 very extensive upstream documentation is shipped in
 /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
 configuration process in a standard setup, invoke dpkg-reconfigure
 exim4-config. There is a Debian-centered mailing list,
 pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
 questions there, and only write to the upstream exim-users mailing
 list if you are sure that your question is not Debian-specific. You
 can find the subscription web page on
 http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users

exim4-base-dbgsym: debug symbols for exim4-base
exim4-config: configuration for the Exim MTA (v4)

 Exim (v4) is a mail transport agent. exim4-config provides the configuration
 for the exim4 daemon packages. The configuration framework has been split
 off the main package to allow sites to replace the configuration scheme
 with their own without having to change the actual exim4 packages.
 .
 Sites with special configuration needs (having a lot of identically
 configured machines for example) can use this to distribute their own
 custom configuration via the packaging system, using the magic
 available with dpkg's conffile handling, without having to do local
 changes on all of these machines.
 .
 The Debian exim4 packages have their own web page,
 http://wiki.debian.org/PkgExim4. There is also a Debian-specific
 FAQ list. Information about the way the Debian packages are
 configured can be found in
 /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
 information about the way the Debian binary packages are built. The
 very extensive upstream documentation is shipped in
 /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
 configuration process in a standard setup, invoke dpkg-reconfigure
 exim4-config. There is a Debian-centered mailing list,
 pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
 questions there, and only write to the upstream exim-users mailing
 list if you are sure that your question is not Debian-specific. You
 can find the subscription web page on
 http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users

exim4-daemon-heavy: Exim MTA (v4) daemon with extended features, including exiscan-acl

 Exim (v4) is a mail transport agent. This package contains the exim4
 daemon with extended features. In addition to the features already
 supported by exim4-daemon-light, exim4-daemon-heavy includes LDAP,
 sqlite, PostgreSQL and MySQL data lookups, SASL and SPA SMTP authentication,
 embedded Perl interpreter, and the content scanning extension
 (formerly known as "exiscan-acl") for integration of virus scanners
 and spamassassin.
 .
 The Debian exim4 packages have their own web page,
 http://wiki.debian.org/PkgExim4. There is also a Debian-specific
 FAQ list. Information about the way the Debian packages are
 configured can be found in
 /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
 information about the way the Debian binary packages are built. The
 very extensive upstream documentation is shipped in
 /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
 configuration process in a standard setup, invoke dpkg-reconfigure
 exim4-config. There is a Debian-centered mailing list,
 pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
 questions there, and only write to the upstream exim-users mailing
 list if you are sure that your question is not Debian-specific. You
 can find the subscription web page on
 http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users

exim4-daemon-heavy-dbgsym: debug symbols for exim4-daemon-heavy
exim4-daemon-light: lightweight Exim MTA (v4) daemon

 Exim (v4) is a mail transport agent. This package contains the exim4
 daemon with only basic features enabled. It works well with the
 standard setups that are provided by Debian and includes support for
 TLS encryption and the dlopen patch to allow dynamic loading of a
 local_scan function.
 .
 The Debian exim4 packages have their own web page,
 http://wiki.debian.org/PkgExim4. There is also a Debian-specific
 FAQ list. Information about the way the Debian packages are
 configured can be found in
 /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
 information about the way the Debian binary packages are built. The
 very extensive upstream documentation is shipped in
 /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
 configuration process in a standard setup, invoke dpkg-reconfigure
 exim4-config. There is a Debian-centered mailing list,
 pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
 questions there, and only write to the upstream exim-users mailing
 list if you are sure that your question is not Debian-specific. You
 can find the subscription web page on
 http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users

exim4-daemon-light-dbgsym: debug symbols for exim4-daemon-light
exim4-dev: header files for the Exim MTA (v4) packages

 Exim (v4) is a mail transport agent. This package contains header
 files that can be used to compile code that is then dynamically linked
 to exim's local_scan interface.
 .
 The Debian exim4 packages have their own web page,
 http://wiki.debian.org/PkgExim4. There is also a Debian-specific
 FAQ list. Information about the way the Debian packages are
 configured can be found in
 /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
 information about the way the Debian binary packages are built. The
 very extensive upstream documentation is shipped in
 /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
 configuration process in a standard setup, invoke dpkg-reconfigure
 exim4-config. There is a Debian-centered mailing list,
 pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
 questions there, and only write to the upstream exim-users mailing
 list if you are sure that your question is not Debian-specific. You
 can find the subscription web page on
 http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users

eximon4: monitor application for the Exim MTA (v4) (X11 interface)

 Eximon is a helper program for the Exim MTA (v4). It allows
 administrators to view the mail queue and logs, and perform a variety
 of actions on queued messages, such as freezing, bouncing and thawing
 messages.

eximon4-dbgsym: debug symbols for eximon4