Sunday, May 02, 2021

Re: [embargoed security update] mail/exim -> 4.94.2

Index: Makefile
===================================================================
RCS file: /cvs/ports/mail/exim/Makefile,v
retrieving revision 1.133
diff -u -p -r1.133 Makefile
--- Makefile 27 Mar 2021 13:49:13 -0000 1.133
+++ Makefile 2 May 2021 08:47:29 -0000
@@ -3,14 +3,11 @@
COMMENT-main = flexible mail transfer agent
COMMENT-eximon = X11 monitor tool for Exim MTA

-VERSION = 4.94
+VERSION = 4.94.2
DISTNAME = exim-${VERSION}
PKGNAME-main = exim-${VERSION}
FULLPKGNAME-eximon = exim-eximon-${VERSION}
FULLPKGPATH-eximon = ${PKGPATH},-eximon
-
-REVISION = 0
-REVISION-main = 1

CATEGORIES = mail

Index: distinfo
===================================================================
RCS file: /cvs/ports/mail/exim/distinfo,v
retrieving revision 1.41
diff -u -p -r1.41 distinfo
--- distinfo 2 Jun 2020 12:44:19 -0000 1.41
+++ distinfo 2 May 2021 08:47:29 -0000
@@ -1,2 +1,2 @@
-SHA256 (exim-4.94.tar.gz) = X+Rdm8+mfZR9cHr8MWzTbFMUcPaLJAk0Ia26Sq+BC9k=
-SIZE (exim-4.94.tar.gz) = 2515734
+SHA256 (exim-4.94.2.tar.gz) = OpHNalQTyICEKlhIOW00wu5/l+XDONmOXV+xO2r/KjA=
+SIZE (exim-4.94.2.tar.gz) = 2528512
Hi,

There was a problem in exim 4.94.1, so there is now 4.94.2 which solves
the issue. Embargo dates are the same.

Best Regards

On 28/04/2021 08:53, Renaud Allard wrote:
> Hello,
>
> Here is an diff to update exim to 4.94.1. This is a very important
> security update.
>
> Unfortunately, this update is embargoed so that "distro" package
> maintainers have the time to publish the packages. This means the source
> tar.gz is not available before 2021-05-04 13:30 UTC. I don't know how we
> could provide packages for -stable before the tar is published. I can
> build them for 6.8, but I can't sign them or build for 6.9 yet.
>
> It solves the following CVE:
>
> - CVE-2020-28007
> - CVE-2020-28008
> - CVE-2020-28009
> - CVE-2020-28010
> - CVE-2020-28011
> - CVE-2020-28012
> - CVE-2020-28013
> - CVE-2020-28014
> - CVE-2020-28015
> - CVE-2020-28016
> - CVE-2020-28017
> - CVE-2020-28018
> - CVE-2020-28019
> - CVE-2020-28020
> - CVE-2020-28021
> - CVE-2020-28022
> - CVE-2020-28023
> - CVE-2020-28024
> - CVE-2020-28025
> - CVE-2020-28026
> - CVE-2021-27216
>
> Best Regards

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)