HI Andreas,

On Sun, Aug 15, 2021 at 07:21:40AM +0200, Andreas Metzler wrote:
> On 2021-08-14 Salvatore Bonaccorso <[email protected]> wrote:
> > Source: exim4
> > Version: 4.94.2-7
> > Severity: important
> > Tags: security upstream
> > X-Debbugs-Cc: [email protected], Debian Security Team 
> > <[email protected]>
> 
> > Hi,
> 
> > The following vulnerability was published for exim4, this is to start
> > tracking the issue downstream for us. Note that at time of writing [2]
> > gives still a 404.
> 
> > CVE-2021-38371[0]:
> > | The STARTTLS feature in Exim through 4.94.2 allows response injection
> > | (buffering) during MTA SMTP sending.
> [...]
> 
> IIRC that is mitigated in experimental (4.95 rc) by ALPN and unkown
> command related changes, I will not be able to check in detail for a
> week or so, though.

Ack thanks for the information. Let's wait to see what's written in de
advisory URL once it becomes public.

Thanks for your work on exim4 packages!

Regards,
Salvatore

Reply via email to