For bionic (6.0.3p1-1build1) and eoan (6.0.3p1-6), you'll want to cherry-pick the following two commits from debian/buster branch from the opensmtpd git packaging repo in Debian:
2483c1fceb8225a89e93901e9b5d182d576ac488 8cfa5131f89b8d454b65d152d98dfb863e00295a https://salsa.debian.org/debian/opensmtpd/tree/debian/buster I'm attaching these two commits as patches. ** Patch added: "0001-Fix-potential-denial-of-service-attack-018_smtpd_tls.patch" https://bugs.launchpad.net/debian/+source/opensmtpd/+bug/1861242/+attachment/5323905/+files/0001-Fix-potential-denial-of-service-attack-018_smtpd_tls.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861242 Title: Major vulnerabilities in opensmtpd resulting in RCE and DOS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensmtpd/+bug/1861242/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
