Re: [exim] CVE-2019-10149: already vulnerable ?

[Thomas Hager via Exim-users]

On June 22, 2019 10:44:43 AM GMT+02:00, Andreas Metzler via Exim-users 
<exim-users@exim.org> wrote:
>Hello
Hi Andreas,

>the log-files on a try to exploit CVE-2019-10149 will look exactly the
>same
>for a vulnerable and for a fixed exim.
>
>CVE-2019-10149 is not that it is possible to submit a mail that ends
>up frozen in the queue. CVE is a remote command execution
>vulnerabilty. The fix for CVE-2019-10149 does not remove the
>possibility to generate frozen mails in the queue, it stops the remote
>command execution.
Thanks for the clarification. I thought so, but it's way better to know ;-)

Cheers,
Tom.

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/