| Release | Version |
|---|---|
| buster | 6.0.3p1-5+deb10u4 |
| bullseye | 6.8.0p2-3 |
| bookworm | 6.8.0p2-4 |
| trixie | 7.4.0p1-1 |
| sid | 7.4.0p1-1 |
| Bug | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2023-29323 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 ... |
| CVE-2020-35680 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurati ... |
| CVE-2020-35679 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, whi ... |
| Bug | Description |
|---|---|
| TEMP-0950121-6A81FC | opensmtpd DoS via opportunistic TLS downgrade |
| TEMP-0000000-E57E4E | Remotely triggerable buffer overflow in OpenSMTPD |
| CVE-2020-8794 | OpenSMTPD before 6.6.4 allows remote code execution because of an out- ... |
| CVE-2020-8793 | OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g ... |
| CVE-2020-7247 | smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6 ... |
| CVE-2015-7687 | Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote a ... |
| CVE-2013-2125 | OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which al ... |
| DSA / DLA | Description |
|---|---|
| DSA-4634-1 | opensmtpd - security update |
| DSA-4611-1 | opensmtpd - security update |