exim4 4.82-3ubuntu2.1 source package in Ubuntu

Changelog

exim4 (4.82-3ubuntu2.1) trusty-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via crafted lookup value
    - debian/patches/CVE-2014-2972.patch: only expand integers for integer
      math once.
    - CVE-2014-2972
  * SECURITY UPDATE: privilege escalation when used with perl_startup
    - debian/patches/CVE-2016-1531.patch: add new add_environment and
      keep_environment configuration options.
    - debian/patches/CVE-2016-1531-2.patch: don't issue env warning if env
      is empty.
    - debian/patches/CVE-2016-1531-3.patch: store the initial working
      directory, expand $initial_cwd.
    - debian/patches/CVE-2016-1531-4.patch: delay chdir(/) until we opened
      the main config.
    - Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the
      new options. Set "keep_environment =" by default to avoid a runtime
      warning.
    - Bump exim4-config Breaks to exim4-daemon-* (<< 4.82-3ubuntu2.1).
    - debian/exim4-config.NEWS: Add entry to warn of potential breakage.
    - CVE-2016-1531
  * WARNING: This update may break existing installations.

 -- Marc Deslauriers <email address hidden>  Mon, 14 Mar 2016 12:57:00 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Trusty
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
mail
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
exim4_4.82.orig.tar.bz2 1.6 MiB 46dedfb6ced2aa4a1eddc5d8ce46a790a961508bd389faa2e215302ae80d91cf
exim4_4.82-3ubuntu2.1.debian.tar.gz 583.7 KiB 72a62e63e159bae5f41391e8345c5723f3fcb64a8f66b2ebbbdc4aa899571d4e
exim4_4.82-3ubuntu2.1.dsc 2.9 KiB 5817c5b7ffc57712ef76ed01db96fc8a040b3a77871ad5e01fa875d7b7fa4885

View changes file

Binary packages built by this source

exim4: metapackage to ease Exim MTA (v4) installation

 Exim (v4) is a mail transport agent. exim4 is the metapackage depending
 on the essential components for a basic exim4 installation.
 .
 The Debian exim4 packages have their own web page,
 http://wiki.debian.org/PkgExim4. There is also a Debian-specific
 FAQ list. Information about the way the Debian packages are
 configured can be found in
 /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
 information about the way the Debian binary packages are built. The
 very extensive upstream documentation is shipped in
 /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
 configuration process in a standard setup, invoke dpkg-reconfigure
 exim4-config. There is a Debian-centered mailing list,
 pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
 questions there, and only write to the upstream exim-users mailing
 list if you are sure that your question is not Debian-specific. You
 can find the subscription web page on
 http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users

exim4-base: support files for all Exim MTA (v4) packages

 Exim (v4) is a mail transport agent. exim4-base provides the support
 files needed by all exim4 daemon packages. You need an additional package
 containing the main executable. The available packages are:
 .
  exim4-daemon-light
  exim4-daemon-heavy
 .
 If you build exim4 from the source package locally, you can also
 build an exim4-daemon-custom package tailored to your own feature set.
 .
 The Debian exim4 packages have their own web page,
 http://wiki.debian.org/PkgExim4. There is also a Debian-specific
 FAQ list. Information about the way the Debian packages are
 configured can be found in
 /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
 information about the way the Debian binary packages are built. The
 very extensive upstream documentation is shipped in
 /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
 configuration process in a standard setup, invoke dpkg-reconfigure
 exim4-config. There is a Debian-centered mailing list,
 pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
 questions there, and only write to the upstream exim-users mailing
 list if you are sure that your question is not Debian-specific. You
 can find the subscription web page on
 http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users

exim4-base-dbgsym: debug symbols for package exim4-base

 Exim (v4) is a mail transport agent. exim4-base provides the support
 files needed by all exim4 daemon packages. You need an additional package
 containing the main executable. The available packages are:
 .
  exim4-daemon-light
  exim4-daemon-heavy
 .
 If you build exim4 from the source package locally, you can also
 build an exim4-daemon-custom package tailored to your own feature set.
 .
 The Debian exim4 packages have their own web page,
 http://wiki.debian.org/PkgExim4. There is also a Debian-specific
 FAQ list. Information about the way the Debian packages are
 configured can be found in
 /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
 information about the way the Debian binary packages are built. The
 very extensive upstream documentation is shipped in
 /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
 configuration process in a standard setup, invoke dpkg-reconfigure
 exim4-config. There is a Debian-centered mailing list,
 pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
 questions there, and only write to the upstream exim-users mailing
 list if you are sure that your question is not Debian-specific. You
 can find the subscription web page on
 http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users

exim4-config: configuration for the Exim MTA (v4)

 Exim (v4) is a mail transport agent. exim4-config provides the configuration
 for the exim4 daemon packages. The configuration framework has been split
 off the main package to allow sites to replace the configuration scheme
 with their own without having to change the actual exim4 packages.
 .
 Sites with special configuration needs (having a lot of identically
 configured machines for example) can use this to distribute their own
 custom configuration via the packaging system, using the magic
 available with dpkg's conffile handling, without having to do local
 changes on all of these machines.
 .
 The Debian exim4 packages have their own web page,
 http://wiki.debian.org/PkgExim4. There is also a Debian-specific
 FAQ list. Information about the way the Debian packages are
 configured can be found in
 /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
 information about the way the Debian binary packages are built. The
 very extensive upstream documentation is shipped in
 /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
 configuration process in a standard setup, invoke dpkg-reconfigure
 exim4-config. There is a Debian-centered mailing list,
 pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
 questions there, and only write to the upstream exim-users mailing
 list if you are sure that your question is not Debian-specific. You
 can find the subscription web page on
 http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users

exim4-daemon-heavy: Exim MTA (v4) daemon with extended features, including exiscan-acl

 Exim (v4) is a mail transport agent. This package contains the exim4
 daemon with extended features. In addition to the features already
 supported by exim4-daemon-light, exim4-daemon-heavy includes LDAP,
 sqlite, PostgreSQL and MySQL data lookups, SASL and SPA SMTP authentication,
 embedded Perl interpreter, and the content scanning extension
 (formerly known as "exiscan-acl") for integration of virus scanners
 and spamassassin.
 .
 The Debian exim4 packages have their own web page,
 http://wiki.debian.org/PkgExim4. There is also a Debian-specific
 FAQ list. Information about the way the Debian packages are
 configured can be found in
 /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
 information about the way the Debian binary packages are built. The
 very extensive upstream documentation is shipped in
 /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
 configuration process in a standard setup, invoke dpkg-reconfigure
 exim4-config. There is a Debian-centered mailing list,
 pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
 questions there, and only write to the upstream exim-users mailing
 list if you are sure that your question is not Debian-specific. You
 can find the subscription web page on
 http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users

exim4-daemon-heavy-dbg: debugging symbols for the Exim MTA "heavy" daemon

 Exim (v4) is a mail transport agent. This package contains
 debugging symbols for the binaries contained in the
 exim4-daemon-heavy package.
 .
 The Debian exim4 packages have their own web page,
 http://wiki.debian.org/PkgExim4. There is also a Debian-specific
 FAQ list. Information about the way the Debian packages are
 configured can be found in
 /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
 information about the way the Debian binary packages are built. The
 very extensive upstream documentation is shipped in
 /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
 configuration process in a standard setup, invoke dpkg-reconfigure
 exim4-config. There is a Debian-centered mailing list,
 pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
 questions there, and only write to the upstream exim-users mailing
 list if you are sure that your question is not Debian-specific. You
 can find the subscription web page on
 http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users

exim4-daemon-heavy-dbgsym: debug symbols for package exim4-daemon-heavy

 Exim (v4) is a mail transport agent. This package contains the exim4
 daemon with extended features. In addition to the features already
 supported by exim4-daemon-light, exim4-daemon-heavy includes LDAP,
 sqlite, PostgreSQL and MySQL data lookups, SASL and SPA SMTP authentication,
 embedded Perl interpreter, and the content scanning extension
 (formerly known as "exiscan-acl") for integration of virus scanners
 and spamassassin.
 .
 The Debian exim4 packages have their own web page,
 http://wiki.debian.org/PkgExim4. There is also a Debian-specific
 FAQ list. Information about the way the Debian packages are
 configured can be found in
 /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
 information about the way the Debian binary packages are built. The
 very extensive upstream documentation is shipped in
 /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
 configuration process in a standard setup, invoke dpkg-reconfigure
 exim4-config. There is a Debian-centered mailing list,
 pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
 questions there, and only write to the upstream exim-users mailing
 list if you are sure that your question is not Debian-specific. You
 can find the subscription web page on
 http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users

exim4-daemon-light: lightweight Exim MTA (v4) daemon

 Exim (v4) is a mail transport agent. This package contains the exim4
 daemon with only basic features enabled. It works well with the
 standard setups that are provided by Debian and includes support for
 TLS encryption and the dlopen patch to allow dynamic loading of a
 local_scan function.
 .
 The Debian exim4 packages have their own web page,
 http://wiki.debian.org/PkgExim4. There is also a Debian-specific
 FAQ list. Information about the way the Debian packages are
 configured can be found in
 /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
 information about the way the Debian binary packages are built. The
 very extensive upstream documentation is shipped in
 /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
 configuration process in a standard setup, invoke dpkg-reconfigure
 exim4-config. There is a Debian-centered mailing list,
 pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
 questions there, and only write to the upstream exim-users mailing
 list if you are sure that your question is not Debian-specific. You
 can find the subscription web page on
 http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users

exim4-daemon-light-dbg: debugging symbols for the Exim MTA "light" daemon

 Exim (v4) is a mail transport agent. This package contains
 debugging symbols for the binaries contained in the
 exim4-daemon-light package.
 .
 The Debian exim4 packages have their own web page,
 http://wiki.debian.org/PkgExim4. There is also a Debian-specific
 FAQ list. Information about the way the Debian packages are
 configured can be found in
 /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
 information about the way the Debian binary packages are built. The
 very extensive upstream documentation is shipped in
 /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
 configuration process in a standard setup, invoke dpkg-reconfigure
 exim4-config. There is a Debian-centered mailing list,
 pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
 questions there, and only write to the upstream exim-users mailing
 list if you are sure that your question is not Debian-specific. You
 can find the subscription web page on
 http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users

exim4-daemon-light-dbgsym: debug symbols for package exim4-daemon-light

 Exim (v4) is a mail transport agent. This package contains the exim4
 daemon with only basic features enabled. It works well with the
 standard setups that are provided by Debian and includes support for
 TLS encryption and the dlopen patch to allow dynamic loading of a
 local_scan function.
 .
 The Debian exim4 packages have their own web page,
 http://wiki.debian.org/PkgExim4. There is also a Debian-specific
 FAQ list. Information about the way the Debian packages are
 configured can be found in
 /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
 information about the way the Debian binary packages are built. The
 very extensive upstream documentation is shipped in
 /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
 configuration process in a standard setup, invoke dpkg-reconfigure
 exim4-config. There is a Debian-centered mailing list,
 pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
 questions there, and only write to the upstream exim-users mailing
 list if you are sure that your question is not Debian-specific. You
 can find the subscription web page on
 http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users

exim4-dbg: debugging symbols for the Exim MTA (utilities)

 Exim (v4) is a mail transport agent. This package contains
 debugging symbols for the binaries contained in the exim4
 packages. The daemon packages have their own debug package.
 .
 The Debian exim4 packages have their own web page,
 http://wiki.debian.org/PkgExim4. There is also a Debian-specific
 FAQ list. Information about the way the Debian packages are
 configured can be found in
 /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
 information about the way the Debian binary packages are built. The
 very extensive upstream documentation is shipped in
 /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
 configuration process in a standard setup, invoke dpkg-reconfigure
 exim4-config. There is a Debian-centered mailing list,
 pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
 questions there, and only write to the upstream exim-users mailing
 list if you are sure that your question is not Debian-specific. You
 can find the subscription web page on
 http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users

exim4-dev: header files for the Exim MTA (v4) packages

 Exim (v4) is a mail transport agent. This package contains header
 files that can be used to compile code that is then dynamically linked
 to exim's local_scan interface.
 .
 The Debian exim4 packages have their own web page,
 http://wiki.debian.org/PkgExim4. There is also a Debian-specific
 FAQ list. Information about the way the Debian packages are
 configured can be found in
 /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
 information about the way the Debian binary packages are built. The
 very extensive upstream documentation is shipped in
 /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
 configuration process in a standard setup, invoke dpkg-reconfigure
 exim4-config. There is a Debian-centered mailing list,
 pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
 questions there, and only write to the upstream exim-users mailing
 list if you are sure that your question is not Debian-specific. You
 can find the subscription web page on
 http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users

eximon4: monitor application for the Exim MTA (v4) (X11 interface)

 Eximon is a helper program for the Exim MTA (v4). It allows
 administrators to view the mail queue and logs, and perform a variety
 of actions on queued messages, such as freezing, bouncing and thawing
 messages.

eximon4-dbgsym: debug symbols for package eximon4

 Eximon is a helper program for the Exim MTA (v4). It allows
 administrators to view the mail queue and logs, and perform a variety
 of actions on queued messages, such as freezing, bouncing and thawing
 messages.