Opened 7 years ago
Closed 7 years ago
#9386 closed defect (fixed)
exim security fix for CVE-2017-1000369
| Reported by: | Pierre Labastie | Owned by: | Pierre Labastie |
|---|---|---|---|
| Priority: | high | Milestone: | 8.1 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
As explained in this message, exim is not touched itself by the stack/heap smash, but may be used as a vector to generate a smash. As said in the message, there is a fix, which I join
Attachments (1)
Change History (4)
by , 7 years ago
| Attachment: | 0001-Cleanup-prevent-repeated-use-of-p-oMr-to-avoid-mem-l.patch added |
|---|
comment:1 by , 7 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
| Summary: | exime security fix for CVE-2017-1000369 → exim security fix for CVE-2017-1000369 |
comment:2 by , 7 years ago
Note:
See TracTickets
for help on using tickets.
The file spec.xft (referenced in the patch), is not present in the exim-4.89 tarball. The other part of the patch applies with an offset, provided src/src/ is changed to just src/