Control: found -1 5.7.3p2-1 This affects Debian versions since 5.7.3p2 (released upstream 2016-02-02). Quoting from the advisory:
This vulnerability, an out-of-bounds read introduced in December
2015 (commit 80c6a60c, "when peer outputs a multi-line response
..."), is exploitable remotely and leads to the execution of
arbitrary shell commands: either as root, after May 2018 (commit
a8e22235, "switch smtpd to new grammar"); or as any non-root user,
before May 2018.
https://www.openwall.com/lists/oss-security/2020/02/24/5
The other advisory fixed by the patches does not appear to affect
Debian because /proc/sys/fs/protected_hardlinks is 1 by default:
https://www.openwall.com/lists/oss-security/2020/02/24/4
--
|)|/ Ryan Kavanagh | GPG: 4E46 9519 ED67 7734 268F
|\|\ https://rak.ac | BD95 8F7B F8FC 4A11 C97A
signature.asc
Description: PGP signature
