| Package | python-aiosmtpd |
|---|---|
| Version | 1.2-3+deb10u1 (buster) |
| Related CVEs | CVE-2024-27305 CVE-2024-34083 |
Two vulnerabilities have been fixed in python-aiosmtpd, an asyncio based SMTP server.
CVE-2024-27305
SMTP smuggling with non-standard line endings
CVE-2024-34083
STARTTLS unencrypted command injection
For Debian 10 buster, these problems have been fixed in version 1.2-3+deb10u1.
We recommend that you upgrade your python-aiosmtpd packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.