Ubuntu
postfix package

  1. Bug #2049337
  2. Comment #2

Comment 2 for bug 2049337

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package postfix - 3.6.4-1ubuntu1.2

---------------
postfix (3.6.4-1ubuntu1.2) jammy-security; urgency=medium

  * SECURITY UPDATE: SMTP smuggling (LP: #2049337)
    - debian/patches/CVE-2023-51764.patch: introduced
      `smtpd_forbid_bare_newline`. With "smtpd_forbid_bare_newline = yes",
       the Postfix SMTP server disconnects a remote SMTP client that
       sends a line ending in a 'bare newline'.
    - CVE-2023-51764

 -- Allen Huang <email address hidden> Tue, 16 Jan 2024 15:11:43 +0000