summaryrefslogtreecommitdiffstats
path: root/debian/changelog
diff options
context:
space:
mode:
Diffstat (limited to 'debian/changelog')
-rw-r--r--debian/changelog19
1 files changed, 19 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 8a5db3f..c6c8749 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,22 @@
+postfix (3.4.23-0+deb10u2) buster-security; urgency=medium
+
+ [Bastien Roucariès]
+
+ * Non-maintainer upload by the LTS Security Team.
+ * Allow to build with kernel from backport
+
+ [Wietse Venema]
+
+ * Fix CVE-2023-51764: Postfix allowed SMTP smuggling
+ unless configured with
+ smtpd_data_restrictions=reject_unauth_pipelining and
+ smtpd_discard_ehlo_keywords=chunking.
+ Remote attackers can use a published exploitation technique
+ to inject e-mail messages with a spoofed MAIL FROM address,
+ allowing bypass of an SPF protection mechanism.
+
+ -- Bastien Roucariès <rouca@debian.org> Sun, 28 Jan 2024 13:40:18 +0000
+
postfix (3.4.23-0+deb10u1) buster; urgency=medium
[Scott Kitterman]