UbuntuUpdates.org

Package "postfix-sqlite"

Name: postfix-sqlite

Description:

SQLite map support for Postfix
Latest version: 3.6.4-1ubuntu1.4
Release: jammy (22.04)
Level: security
Repository: universe
Head package: postfix
Homepage: http://www.postfix.org

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "postfix-sqlite"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "postfix-sqlite" in Jammy

Repository Area Version
base universe 3.6.4-1ubuntu1
updates universe 3.6.4-1ubuntu1.4

Changelog

Version: 3.6.4-1ubuntu1.4 2026-05-07 15:07:34 UTC

  postfix (3.6.4-1ubuntu1.4) jammy-security; urgency=medium

  * SECURITY UPDATE: crash via an enhanced status code that lacks text after the
    third number
    - debian/patches/CVE-2026-43964.patch: fix buffer over-read when an enhanced
      status code is not followed by other text in src/global/dsn_util.c.
    - CVE-2026-43964

 -- Marc Deslauriers <email address hidden> Tue, 05 May 2026 11:48:07 -0400
Source diff to previous version
CVE-2026-43964 Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code th

Version: 3.6.4-1ubuntu1.3 2024-01-31 11:09:44 UTC

  postfix (3.6.4-1ubuntu1.3) jammy-security; urgency=medium

  * SECURITY UPDATE: SMTP smuggling (LP: #2049337)
    - debian/patches/CVE-2023-51764-2.patch: improved fix with reduced
      risks of regression. Introduced
      "smtpd_forbid_bare_newline = normalize".
    - CVE-2023-51764

 -- Allen Huang <email address hidden> Mon, 29 Jan 2024 16:02:43 +0800
Source diff to previous version
2049337 CVE-2023-51764: SMTP smuggling
CVE-2023-51764 Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=c

Version: 3.6.4-1ubuntu1.2 2024-01-22 13:06:50 UTC

  postfix (3.6.4-1ubuntu1.2) jammy-security; urgency=medium

  * SECURITY UPDATE: SMTP smuggling (LP: #2049337)
    - debian/patches/CVE-2023-51764.patch: introduced
      `smtpd_forbid_bare_newline`. With "smtpd_forbid_bare_newline = yes",
       the Postfix SMTP server disconnects a remote SMTP client that
       sends a line ending in a 'bare newline'.
    - CVE-2023-51764

 -- Allen Huang <email address hidden> Tue, 16 Jan 2024 15:11:43 +0000
2049337 CVE-2023-51764: SMTP smuggling
CVE-2023-51764 Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=c


About   -   Send Feedback to @ubuntu_updates