Control: found -1 5.7.3p2-1 This affects Debian versions since 5.7.3p2 (released upstream 2016-02-02). Quoting from the advisory:
This vulnerability, an out-of-bounds read introduced in December 2015 (commit 80c6a60c, "when peer outputs a multi-line response ..."), is exploitable remotely and leads to the execution of arbitrary shell commands: either as root, after May 2018 (commit a8e22235, "switch smtpd to new grammar"); or as any non-root user, before May 2018. https://www.openwall.com/lists/oss-security/2020/02/24/5 The other advisory fixed by the patches does not appear to affect Debian because /proc/sys/fs/protected_hardlinks is 1 by default: https://www.openwall.com/lists/oss-security/2020/02/24/4 -- |)|/ Ryan Kavanagh | GPG: 4E46 9519 ED67 7734 268F |\|\ https://rak.ac | BD95 8F7B F8FC 4A11 C97A
signature.asc
Description: PGP signature