Bug#1059387: exim4: CVE-2023-51766

2024-01-01 Thread Dave Page
On Sun, 31 Dec 2023 13:21:09 +0100 Andreas Metzler wrote: > Disable CHUNKING advertisement for incoming connections. > Disable PIPELINING advertisement for incoming connections. It's worth noting in this bug report that these can be achieved by the following lines in an Exim config:

Bug#1059387: exim4: CVE-2023-51766

2024-01-01 Thread Andreas Metzler
On 2024-01-01 Salvatore Bonaccorso wrote: > On Mon, Jan 01, 2024 at 04:45:24PM +0100, Andreas Metzler wrote: [...] > > I have prepared updates for either DSA or stable update. (I will be on my > > dayjob again tomorrow, so I will not be that responsive on workdays.) > Happy new year to you.

Bug#1059387: exim4: CVE-2023-51766

2024-01-01 Thread Salvatore Bonaccorso
HI Andreas, On Mon, Jan 01, 2024 at 04:45:24PM +0100, Andreas Metzler wrote: > On 2023-12-30 Salvatore Bonaccorso wrote: > [...] > > If so, will you work as well on the bullseye-security update? > > Hello, > > I have prepared updates for either DSA or stable update. (I will be on my > dayjob

Bug#1059387: exim4: CVE-2023-51766

2024-01-01 Thread Andreas Metzler
On 2023-12-30 Salvatore Bonaccorso wrote: [...] > If so, will you work as well on the bullseye-security update? Hello, I have prepared updates for either DSA or stable update. (I will be on my dayjob again tomorrow, so I will not be that responsive on workdays.) cu Andreas -- `What a good

Bug#1059387: exim4: CVE-2023-51766

2023-12-31 Thread Andreas Metzler
On 2023-12-30 Salvatore Bonaccorso wrote: > On Sat, Dec 30, 2023 at 03:40:42PM +0100, Andreas Metzler wrote: > > are you going to release a DSA (I can start preparing one) or should I > > aim for another stable update? > We certainly can do. We have not fully evaluated yet, but it can be >

Bug#1059387: exim4: CVE-2023-51766

2023-12-30 Thread Salvatore Bonaccorso
Hi Andreas, On Sat, Dec 30, 2023 at 03:40:42PM +0100, Andreas Metzler wrote: > On 2023-12-24 Salvatore Bonaccorso wrote: > > Source: exim4 > > Version: 4.97-2 > > Severity: important > > Tags: security upstream > > Forwarded: https://bugs.exim.org/show_bug.cgi?id=3063 > [...] > > The following

Bug#1059387: exim4: CVE-2023-51766

2023-12-30 Thread Andreas Metzler
On 2023-12-24 Salvatore Bonaccorso wrote: > Source: exim4 > Version: 4.97-2 > Severity: important > Tags: security upstream > Forwarded: https://bugs.exim.org/show_bug.cgi?id=3063 [...] > The following vulnerability was published for exim4. > CVE-2023-51766[0]: > | Exim through 4.97 allows SMTP

Bug#1059387: exim4: CVE-2023-51766

2023-12-24 Thread Salvatore Bonaccorso
Source: exim4 Version: 4.97-2 Severity: important Tags: security upstream Forwarded: https://bugs.exim.org/show_bug.cgi?id=3063 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for exim4. CVE-2023-51766[0]: | Exim through 4.97 allows SMTP