diff options
Diffstat (limited to 'debian/changelog')
-rw-r--r-- | debian/changelog | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 8a5db3f..c6c8749 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,22 @@ +postfix (3.4.23-0+deb10u2) buster-security; urgency=medium + + [Bastien Roucariès] + + * Non-maintainer upload by the LTS Security Team. + * Allow to build with kernel from backport + + [Wietse Venema] + + * Fix CVE-2023-51764: Postfix allowed SMTP smuggling + unless configured with + smtpd_data_restrictions=reject_unauth_pipelining and + smtpd_discard_ehlo_keywords=chunking. + Remote attackers can use a published exploitation technique + to inject e-mail messages with a spoofed MAIL FROM address, + allowing bypass of an SPF protection mechanism. + + -- Bastien Roucariès <rouca@debian.org> Sun, 28 Jan 2024 13:40:18 +0000 + postfix (3.4.23-0+deb10u1) buster; urgency=medium [Scott Kitterman] |