Thanks for the schooling, jxself. I'm just an end user so I didn't realize
this.
Comparing distro package version numbers to upstream package version numbers
isn't the correct way to determine if a security vulnerability exists within
distro packages like this. Assuming that a program contains a security
problem they are commonly fixed by backporting only the actual
From to the link you posted:
"The patch arrived in OpenSMTPD 6.6.2 (6.6.2p1 if you are using the so-called
Portable source code intended for use on operating systems other that OpenBSD
itself)."
In Trisquel 8.0 LTS Fildas, the latest version is 5.7.3p2-1 amd64, according
to my apt
"using"? Trisquel has a number of MTAs available for people to use, including
OpenSMTPD but also Postix and Exim and...
One of my security news feeds just happened to mention a bug in OpenSMTPD:
https://nakedsecurity.sophos.com/2020/01/31/serious-security-how-special-case-code-blew-a-hole-in-opensmtpd/
As I'm getting all manner of unsolicited nasty-looking emails because of
past anti-spam activity, I wonder if I
