Launchpad has imported 10 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=869953.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2012-10-25T08:25:23+00:00 huzaifas wrote: A heap-buffer overflow was found in the DKIM DNS decode logic, used by exim. A remote attacker could use this flaw to execute arbitrary code on the mail server running Exim. This is fixed in version 4.80.1 Reply at: https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1071694/comments/0 ------------------------------------------------------------------------ On 2012-10-25T08:26:41+00:00 huzaifas wrote: Created attachment 633222 dkim-dns-buffer-overflow-protection-patch Reply at: https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1071694/comments/1 ------------------------------------------------------------------------ On 2012-10-25T08:31:16+00:00 huzaifas wrote: Support for DKIM (DomainKeys Identified Mail) in exim was introduced in version 4.70. Also version 4.69 had experimental support. More details available at: http://wiki.exim.org/DKIM Red Hat Enterprise Linux 5, ships version exim-4.63, which does not contain the vulnerable DKIM code. Hence the version of exim shipped with Red Hat Enterprise Linux 5 is not vulnerable to this issue. Reply at: https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1071694/comments/2 ------------------------------------------------------------------------ On 2012-10-25T08:32:12+00:00 huzaifas wrote: Statement: Not Vulnerable. This issue does not affect the version of exim as shipped with Red Hat Enterprise Linux 5. Reply at: https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1071694/comments/3 ------------------------------------------------------------------------ On 2012-10-25T08:34:18+00:00 huzaifas wrote: This issue affects the version of exim as shipped with Fedora 16 and Fedora 17. The issue affects the version of exim as shipped with EPEL-6. Reply at: https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1071694/comments/4 ------------------------------------------------------------------------ On 2012-10-26T08:31:38+00:00 jlieskov wrote: Public via: https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html Reply at: https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1071694/comments/5 ------------------------------------------------------------------------ On 2012-10-26T08:33:48+00:00 jlieskov wrote: Created exim tracking bugs for this issue Affects: fedora-all [bug 870347] Affects: epel-6 [bug 870348] Reply at: https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1071694/comments/6 ------------------------------------------------------------------------ On 2012-10-26T15:01:55+00:00 vdanen wrote: *** Bug 870356 has been marked as a duplicate of this bug. *** Reply at: https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1071694/comments/11 ------------------------------------------------------------------------ On 2013-02-25T15:19:15+00:00 customercare wrote: Can this be closed? It was fixed for FC 16 / 17 and FC 18 comes with 4.80.1 Reply at: https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1071694/comments/12 ------------------------------------------------------------------------ On 2013-02-25T15:27:40+00:00 thoger wrote: Yes, closing, thank you! Reply at: https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1071694/comments/13 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1071694 Title: CVE-2012-5671: Heap-buffer overflow in DNS decode logic used for DKIM To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1071694/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
