Hi, Is there an ETA for the sources to appear on the download servers? I need those in order to update the package for Gentoo.
Thanks, Fabian On 25-07-2019 10:04:19 +0100, Jeremy Harris via Exim-announce wrote: > General release information > =========================== > > The code fix for this issue has been placed in the project > public git repository; the project website will be updated > in due course. > > > CVE ID: CVE-2019-13917 > OVE ID: OVE-20190718-0006 > Date: 2019-07-18 > Credits: Jeremy Harris > Version(s): 4.85 up to and including 4.92 > Issue: A local or remote attacker can execute programs with root > privileges - if you've an unusual configuration. For details > see below. > > Coordinated Release Date (CRD) for Exim 4.92.1: > Thu Jul 25 10:00:00 UTC 2019 > > Contact: [email protected] > > Details: > A vulnerability was discovered in the "sort" expansion operator: > The elements of the list were expanded, giving a possible attack > if the list included data supplied by an attacker. > > If the effective configuration file for exim does not use sort > then the system is trivially declarable as not being vulnerable. > Use this command to check: "exim -bP config | grep sort". > > -- > Cheers, > Jeremy -- Fabian Groffen Gentoo on a different level
signature.asc
Description: PGP signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
