* SECURITY UPDATE: local privilege escalation via alternate config file (LP: #697934) - debian/patches/80_CVE-2010-4345.patch: backport massive behaviour- altering changes from upstream git to fix issue. - debian/patches/81_CVE-2010-4345-docs.patch: backport documentation changes. - debian/patches/67_unnecessaryCopt.dpatch: Do not use exim's -C option in utility scripts. This would not work with ALT_CONFIG_PREFIX. Patch obtained from Debian's 4.69-9+lenny2. - Build with WHITELIST_D_MACROS=OUTGOING. After this security update, exim will not regain root privileges (usually necessary for local delivery) if the -D option was used. Macro identifiers listed in WHITELIST_D_MACROS are exempted from this restriction. mailscanner (4.79.11-2.2) uses -DOUTGOING. - Build with TRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs. After this security update, exim will not re-gain root privileges (usually necessary for local delivery) if the -C option was used. This makes it impossible to start a fully functional damon with an alternate configuration file. /etc/exim4/trusted_configs (can) contain a list of filenames (one per line, full path given) to which this restriction does not apply. - debian/exim4-daemon-*.NEWS: Add description of changes. Thanks to Debian and Andreas Metzler for the text. - CVE-2010-4345 * SECURITY UPDATE: arbitrary file append via symlink attack (LP: #708023) - debian/patches/82_CVE-2011-0017.patch: check setuid and setgid return codes in src/exim.c, src/log.c. - CVE-2011-0017 * SECURITY UPDATE: denial of service and possible arbitrary code execution via hard link to another user's file (LP: #609620) - debian/patches/CVE-2010-2023.patch: check for links in src/transports/appendfile.c. - CVE-2010-2023 * SECURITY UPDATE: denial of service and possible arbitrary code execution via symlink on a lock file (LP: #609620) - debian/patches/CVE-2010-2024.patch: improve lock file handling in src/exim_lock.c, src/transports/appendfile.c. - CVE-2010-2024 * debian/rules: disable debconf-updatepo so the security update doesn't alter translations.