Re: [exim-dev] [Bug 1864] New: CVE-2016-1238: Important unsafe module load path flaw

Andrew C Aitchison Fri, 10 Feb 2017 16:10:27 -0800

This is about a perl security issue that was not accepted directly intoexim in July/August 2016.


Patch 915 does not apply cleanly to exim 4.89_RC3
(which adds "use warnings;" in the same place the change made by 915).
A suitable alternative is:

--- src/eximstats.src.CVE-2016-1238     2017-02-10 02:50:40.000000000 +0000
+++ src/eximstats.src   2017-02-10 12:54:28.235197704 +0000
@@ -547,6 +547,8 @@

 =cut

+BEGIN { pop @INC if $INC[-1] eq '.' }
+
 use warnings;
 use integer;
 use strict;



On Mon, 25 Jul 2016, [email protected] wrote:

https://bugs.exim.org/show_bug.cgi?id=1864

           Bug ID: 1864
          Summary: CVE-2016-1238: Important unsafe module load path flaw
          Product: Exim
          Version: 4.87
         Hardware: x86
               OS: Linux
           Status: NEW
         Severity: bug
         Priority: medium
        Component: Eximstats
         Assignee: [email protected]
         Reporter: [email protected]
               CC: [email protected]

Created attachment 915
 --> https://bugs.exim.org/attachment.cgi?id=915&action=edit
patch used by Debian 4.84.2-1+deb8u1

Hello,

as part of fixing CVE-2016-1238 in DSA 3628-1 Debian has applied the attached
patch to eximstats.

Please review and apply. TIA



--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

Re: [exim-dev] [Bug 1864] New: CVE-2016-1238: Important unsafe module load path flaw

Reply via email to