Source: opensmtpd Version: 7.7.0p0-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for opensmtpd. CVE-2025-62875[0]: | Denial-of-Service via UNIX Domain Socket Note that as mentioned in the SUSE report[1], 270e23a6eb upstream (7.7.0p0) made major changes to the message parsing code including the call to fatal(), but it is not excluded that earlier versions are affected by (a variant of this issue) as well. I have marked the issue as no-dsa for older releases, that is trixie and bookworm. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-62875 https://www.cve.org/CVERecord?id=CVE-2025-62875 [1] https://www.openwall.com/lists/oss-security/2025/10/31/3 [2] https://github.com/OpenSMTPD/OpenSMTPD/commit/653abf00f5283a2d3247eb9aabf8987d1b2f0510 Regards, Salvatore
