| === ChanServ changed the topic of #ubuntu-security to: Twitter: @ubuntu_sec || https://usn.ubuntu.com || https://wiki.ubuntu.com/SecurityTeam || https://wiki.ubuntu.com/Security/Features || Community: mdeslaur | ||
| jdstrand_ | hey, I see that postfix was updated in https://ubuntu.com/security/notices/USN-6591-1 (thanks!). I noticed there is a refined patch to use 'smtpd_forbid_bare_newline = normalize' which improves compatibility while still closing the issue: https://www.postfix.org/announcements/postfix-3.8.5.html. Is Ubuntu planning on updating for this? | 14:49 |
|---|---|---|
| === jdstrand_ is now known as jdstrand | ||
| jdstrand | allenpthuang: ^ | 14:51 |
| sdeziel | it doesn't help discoverability that this refinement isn't mentioned in the timeline on https://www.postfix.org/smtp-smuggling.html | 14:53 |
| jdstrand | it doesn't | 14:53 |
| jdstrand | I saw it on oss-sec | 14:53 |
| amurray | hey (and thanks for the heads up) jdstrand - allenpthuang is on a training course but will take a look later today | 15:07 |
| jdstrand | amurray: ack, thanks! | 15:13 |
| === JanC_ is now known as JanC | ||
| allenpthuang | hey jdstrand (re: postfix patch) thanks for the heads up! I took a quick look and can confirm I was working on those updates based on the versions 3.8.4, 3.7.9, 3.6.13 and 3.5.23. And I now find they update the page (https://www.postfix.org/smtp-smuggling.html) with the newer version you mentioned. I'll have another further look to see what I can | 23:08 |
| allenpthuang | do tomorrow :) | 23:08 |
| jdstrand | allenpthuang: thanks! :) | 23:18 |
| allenpthuang | no problem at all! | 23:43 |
| === user03 is now known as gchound | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!