opensmtpd (6.6.4p1-1) [PTS] [DDPO]

OK: VCS matches the version in the archive

Git: https://salsa.debian.org/debian/opensmtpd.git -b debian/sid
Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
The next upload will reset the information from the source package headers.
Branch: debian/sid
Path: debian/changelog
Browser: https://salsa.debian.org/debian/opensmtpd
Last scan: 2020-03-29 23:41:05+00
Next scan: 2020-04-07 19:03:00+00

Debian changelog in Git:

opensmtpd (6.6.4p1-1) unstable; urgency=high

  * New upstream release fixes critical security bug (Closes: #952453).
    Quoting from OpenBSD errata:

        An out of bounds read in smtpd allows an attacker to inject arbitrary
        commands into the envelope file which are then executed as root.

        Separately, missing privilege revocation in smtpctl allows arbitrary
        commands to be run with the _smtpq group.

  * Update copyright file with new copyright holders
  * Remove stale entries from Uploaders field

 -- Ryan Kavanagh <rak@debian.org>  Mon, 24 Feb 2020 12:20:52 -0500

This branch is even with tag debian/6.6.4p1-1