Opened 6 years ago

Closed 6 years ago

#9386 closed defect (fixed)

exim security fix for CVE-2017-1000369

Reported by: Pierre Labastie Owned by: Pierre Labastie
Priority: high Milestone: 8.1
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

As explained in this message, exim is not touched itself by the stack/heap smash, but may be used as a vector to generate a smash. As said in the message, there is a fix, which I join

Attachments (1)

0001-Cleanup-prevent-repeated-use-of-p-oMr-to-avoid-mem-l.patch (2.4 KB ) - added by Pierre Labastie 6 years ago.

Download all attachments as: .zip

Change History (4)

comment:1 by Pierre Labastie, 6 years ago

Owner: changed from blfs-book@… to Pierre Labastie
Status: newassigned
Summary: exime security fix for CVE-2017-1000369exim security fix for CVE-2017-1000369

comment:2 by Pierre Labastie, 6 years ago

The file spec.xft (referenced in the patch), is not present in the exim-4.89 tarball. The other part of the patch applies with an offset, provided src/src/ is changed to just src/

comment:3 by Pierre Labastie, 6 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r18848

Note: See TracTickets for help on using tickets.