| Release | Version |
|---|---|
| jessie | 1.2.10-5+deb8u2 |
| stretch | 1.2.10-7+deb9u2 |
| buster | 1.2.10-7.1~deb10u1 |
| bullseye | 1.2.10-7.1~deb11u1 |
| bookworm | 1.2.10-7.2 |
| trixie | 1.2.10-8 |
| sid | 1.2.10-8.2 |
| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-42118 | vulnerable | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable | vulnerable | Exim libspf2 Integer Underflow Remote Code Execution Vulnerability |
| Bug | Description |
|---|---|
| CVE-2021-33913 | libspf2 before 1.2.11 has a heap-based buffer overflow that might allo ... |
| CVE-2021-33912 | libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that ... |
| CVE-2021-20314 | Stack buffer overflow in libspf2 versions below 1.2.11 when processing ... |
| CVE-2008-2469 | Heap-based buffer overflow in the SPF_dns_resolv_lookup function in Sp ... |
| DSA / DLA | Description |
|---|---|
| DLA-2890-1 | libspf2 - security update |
| ELA-544-1 | libspf2 - security update |
| DSA-4955-1 | libspf2 - security update |
| DLA-2739-1 | libspf2 - security update |
| ELA-477-1 | libspf2 - security update |
| DSA-1659-1 | libspf2 - potential remote code execution |