[exim-dev] [Bug 2449] Heap Overflow
https://bugs.exim.org/show_bug.cgi?id=2449 Git Commit changed: What|Removed |Added CC||g...@exim.org --- Comment #8 from Git Commit --- Git commit: https://git.exim.org/exim.git/commitdiff/a9f4f5d741fa0414a4a3e30aabde179dba3fb1ef commit a9f4f5d741fa0414a4a3e30aabde179dba3fb1ef Author: Jeremy Harris AuthorDate: Fri Sep 27 12:21:49 2019 +0100 Commit: Jeremy Harris CommitDate: Fri Sep 27 15:44:36 2019 +0100 Testsuite: regression-test for bug. Bug 2449 --- test/scripts/-Basic/0214 | 11 +++ test/stdout/0214 | 7 +++ 2 files changed, 18 insertions(+) diff --git a/test/scripts/-Basic/0214 b/test/scripts/-Basic/0214 index fa2a533..7a58a62 100644 --- a/test/scripts/-Basic/0214 +++ b/test/scripts/-Basic/0214 @@ -41,4 +41,15 @@ To: bad@address;bad@address;bad@address;bad@address;bad@address;bad@address; quit ??? 221 +# +# +# +client 127.0.0.1 PORT_D +??? 220 +EHLO
[exim-dev] [Bug 2449] Heap Overflow
https://bugs.exim.org/show_bug.cgi?id=2449 Heiko Schlittermann changed: What|Removed |Added Group|exim-security | -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2449] Heap Overflow
https://bugs.exim.org/show_bug.cgi?id=2449 Heiko Schlittermann changed: What|Removed |Added Status|ASSIGNED|RESOLVED Severity|bug |security Priority|high|critical Resolution|--- |FIXED --- Comment #7 from Heiko Schlittermann --- exim-4.92.3 released -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2449] Heap Overflow
https://bugs.exim.org/show_bug.cgi?id=2449 --- Comment #6 from ar...@outlook.com --- Thank you! -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2449] Heap Overflow
https://bugs.exim.org/show_bug.cgi?id=2449 --- Comment #5 from Heiko Schlittermann --- (In reply to areuu from comment #4) > Please credit my team QAX A-TEAM. The statement in the source will start as shown below. CVE ID: CVE-2019-16928 Date: 2019-09-27 (CVE assigned) Version(s): from 4.92 up to and including 4.92.2 Reporter: QAX-A-TEAM Reference: https://bugs.exim.org/show_bug.cgi?id=2449 Issue: Heap-based buffer overflow in string_vformat, remote code execution seems to be possible -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2449] Heap Overflow
https://bugs.exim.org/show_bug.cgi?id=2449 --- Comment #4 from ar...@outlook.com --- Please credit my team QAX A-TEAM. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2449] Heap Overflow
https://bugs.exim.org/show_bug.cgi?id=2449 --- Comment #3 from Jeremy Harris --- Affected releases: 4.92 4.92.1 4.92.2 (4.91 not affected by this). -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2449] Heap Overflow
https://bugs.exim.org/show_bug.cgi?id=2449 --- Comment #2 from Jeremy Harris --- It's a simple coding error, not growing a string by enough. One-line fix. The code section was rewritten in the above commit, hence the fix there. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2449] Heap Overflow
https://bugs.exim.org/show_bug.cgi?id=2449 Jeremy Harris changed: What|Removed |Added Assignee|unalloca...@exim.org|jgh146...@wizmail.org Priority|medium |high --- Comment #1 from Jeremy Harris --- Seemingly fixed by f3ebb786e4 in mainline, though that's fairly unhelpful as it is a massive feature-patch -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2449] Heap Overflow
https://bugs.exim.org/show_bug.cgi?id=2449 Jeremy Harris changed: What|Removed |Added Status|NEW |ASSIGNED -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2449] Heap Overflow
https://bugs.exim.org/show_bug.cgi?id=2449 Jeremy Harris changed: What|Removed |Added Group||exim-security -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##