New Debian amavisd-new 1:2.11.0-6.1+deb10u1A~5.0.9.202501071113 fixes: This update addresses the following issue: 1:2.11.0-6.1+deb10u1 (Thu, 26 Dec 2024 18:00:55 +0100) * Non-maintainer upload by the ELTS Security Team. * CVE-2024-28054: Amavis, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some mail user agents) when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware. * Add Salsa CI configuration.
--- mirror/ftp/pool/main/a/amavisd-new/amavisd-new_2.11.0-6.1A~5.0.0.202203011949.dsc +++ apt/ucs_5.0-0-errata5.0-9/source/amavisd-new_2.11.0-6.1+deb10u1A~5.0.9.202501071113.dsc @@ -1,7 +1,17 @@ -1:2.11.0-6.1A~5.0.0.202203011949 [Tue, 01 Mar 2022 19:49:19 +0100] Univention builddaemon <buildd@univention.de>: +1:2.11.0-6.1+deb10u1A~5.0.9.202501071113 [Tue, 07 Jan 2025 11:13:32 -0000] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package - 01-silence-cronjob-output + 01-silence-cronjob-output.patch + +1:2.11.0-6.1+deb10u1 [Thu, 26 Dec 2024 18:00:55 +0100] Sylvain Beucler <beuc@debian.org>: + + * Non-maintainer upload by the ELTS Security Team. + * CVE-2024-28054: Amavis, in part because of its use of MIME-tools, has + an Interpretation Conflict (relative to some mail user agents) when + there are multiple boundary parameters in a MIME email + message. Consequently, there can be an incorrect check for banned + files or malware. + * Add Salsa CI configuration. 1:2.11.0-6.1 [Fri, 05 Apr 2019 18:04:57 +0200] Tobias Frost <tobi@debian.org>: <http://piuparts.knut.univention.de/5.0-9/#8419866208099329681>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-9] a8191bba7f Bug #57823: amavisd-new 1:2.11.0-6.1+deb10u1A~5.0.9.202501071113 doc/errata/staging/amavisd-new.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x1196>