Your message dated Mon, 03 Nov 2025 21:36:13 +0000
with message-id <[email protected]>
and subject line Bug#1119840: fixed in opensmtpd 7.8.0p0-1
has caused the Debian Bug report #1119840,
regarding opensmtpd: CVE-2025-62875
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1119840: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119840
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: opensmtpd
Version: 7.7.0p0-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for opensmtpd.
CVE-2025-62875[0]:
| Denial-of-Service via UNIX Domain Socket
Note that as mentioned in the SUSE report[1], 270e23a6eb upstream
(7.7.0p0) made major changes to the message parsing code including the
call to fatal(), but it is not excluded that earlier versions are
affected by (a variant of this issue) as well. I have marked the issue
as no-dsa for older releases, that is trixie and bookworm.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-62875
https://www.cve.org/CVERecord?id=CVE-2025-62875
[1] https://www.openwall.com/lists/oss-security/2025/10/31/3
[2]
https://github.com/OpenSMTPD/OpenSMTPD/commit/653abf00f5283a2d3247eb9aabf8987d1b2f0510
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: opensmtpd
Source-Version: 7.8.0p0-1
Done: Ryan Kavanagh <[email protected]>
We believe that the bug you reported is fixed in the latest version of
opensmtpd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ryan Kavanagh <[email protected]> (supplier of updated opensmtpd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 03 Nov 2025 15:53:08 -0500
Source: opensmtpd
Architecture: source
Version: 7.8.0p0-1
Distribution: unstable
Urgency: medium
Maintainer: Ryan Kavanagh <[email protected]>
Changed-By: Ryan Kavanagh <[email protected]>
Closes: 1106765 1119840
Changes:
opensmtpd (7.8.0p0-1) unstable; urgency=medium
.
[ Ryan Kavanagh ]
* New upstream release
+ Fixes CVE-2025-62875 (Closes: #1119840)
.
[ Carles Pina i Estany ]
* Added po-debconf Catalan translation (Closes: #1106765)
Checksums-Sha1:
85e03007a4e44c57f0fe0845e6f201519431552a 1964 opensmtpd_7.8.0p0-1.dsc
9ff00a5997e7c5f6869e082b02b2b65d2a0112c2 744995 opensmtpd_7.8.0p0.orig.tar.gz
63e889ecaa3c8baaa6f7e2a50f0d25ff4188f5bf 24892
opensmtpd_7.8.0p0-1.debian.tar.xz
46f85ec110d4ace50826ada0e2ca63c6f506ea73 6153
opensmtpd_7.8.0p0-1_amd64.buildinfo
Checksums-Sha256:
9b1223a7524707dd077022db70a68d3531be319096d638ac23f0fe5966d2b482 1964
opensmtpd_7.8.0p0-1.dsc
4034de2e92c61fa83eedadb1d8d8bdfe65e57eb50ce9679e0140950e34ca4ab7 744995
opensmtpd_7.8.0p0.orig.tar.gz
7b997043bb05067737140372921a8a40d58d29f827acda906dd6b58b63fd21f4 24892
opensmtpd_7.8.0p0-1.debian.tar.xz
c5df5b8f430f6f97eecd99b245fdbab0b6a3f32afe0532d47f3185870d76595f 6153
opensmtpd_7.8.0p0-1_amd64.buildinfo
Files:
811089f154bf9c292e3c88c264a8442c 1964 mail optional opensmtpd_7.8.0p0-1.dsc
718695afdb11322d3ff7354c77b3c110 744995 mail optional
opensmtpd_7.8.0p0.orig.tar.gz
3b17d9262e901d861b75c8981d7e1367 24892 mail optional
opensmtpd_7.8.0p0-1.debian.tar.xz
5eab08030788bf49a67a222845247ca3 6153 mail optional
opensmtpd_7.8.0p0-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEEP7FHOW9as2zJ9q6CWXuniu1D+jAFAmkJGiEPHHJha0BkZWJp
YW4ub3JnAAoJEFl7p4rtQ/ow6K4P/Rt4vOesUJY9Q06SO8/IctsxYYVjq9nRafTw
QyEOkGCHswH+Pjwj2+uJ1mp2Us5NyOY8iSiiFtL9v+tL0MqlRexFjoyhapkik4vU
gjfAa1zEO9X8MeQzC66RPafp989PHYJRerzlOoDTx+QpLfvHzmfZnN68rXPJaFaO
/PO95Pajgo1KbeaMi1gYGxcHhQVdSHp+983aE+bZdSRe+N5ttnTAu6efPrGMhyp0
UzTVdHN8Mi6DSKy9BbnBlOwu61tqWQjkE46++IIk15JMiGI7fYwers+7MIXULSu4
ySHoeSGWK0b0snDODwzo+R0qR+WwPsUJ9ORUDKGMwLzSQeqJyA7HCjDEE1CezuRt
NuhIw0/SoVjljyIaXz/poJAxtOcml8VSesSc+wUoUN9t6cXZJsh24oGKXiEfVF7B
YutnaSUziTN0+bUtbtaOqEWnGuIsdN++e0GwkSg7SHfoBkoUe49+rK9QMl6QlO3X
IuwT+W5x6F8CZE2yf1YfZd5p3qp5Qw0E9Kfy0/vtOljLr7hwCNT0LN8Vl6N4U4hL
yBpk4Tw6kVBayV8fdpgXkqNd2U2E9oZOVA389CT+LFcq2ZRPFGHDHCfN3gzuy3xh
fkW1f2R+xrV1gPZ7b+OHVYc5faRVfbDFyXOvhf4qqpceQ7CIBv38m4HAzznJCZNI
mzxI4QaN
=dNiF
-----END PGP SIGNATURE-----
pgp51EuxyXtqp.pgp
Description: PGP signature
--- End Message ---
