oss-sec mailing list archives
Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit
From: Heiko Schlittermann <hs () nodmarc schlittermann de>
Date: Wed, 5 Jun 2019 17:19:44 +0200
The fix for CVE-2019-10149 is public now. https://git.exim.org/exim.git Branch exim-4_91+fixes. Thank you to - Qualys for reporting it. - Jeremy for fixing it. - you for using Exim. Sorry for confusion about the public release. We were forced to react, as details leaked. The patch should apply cleanly to all affected versions (4.87->4.91). We do not do a security release, as the official Exim version is at 4.92 already and older releases are considered to be outdated and not supported by the developers anymore. Please do not hesitate to contact us if you need help backporting the fix. Details of the commit: |commit d740d2111f189760593a303124ff6b9b1f83453d |gpg: Signature made Di 04 Jun 2019 11:27:33 CEST |gpg: using RSA key D0BFD6B9ECA5694A6F149DCEAF4CC676A6B6C142 |gpg: issuer "hs () schlittermann de" |gpg: Good signature from "Heiko Schlittermann (Dresden) <hs () schlittermann de>" [full] |gpg: aka "Heiko Schlittermann (HS12-RIPE) <hs () schlittermann de>" [full] |gpg: aka "[jpeg image of size 4759]" [full] |gpg: aka "Heiko Schlittermann (Exim MTA Maintainer) <heiko () exim org>" [full] |gpg: aka "Heiko Schlittermann (HS12-RIPE) <hs () nodmarc schlittermann de>" [undefined] |Author: Jeremy Harris <jgh146exb () wizmail org> |Date: Mon May 27 21:57:31 2019 +0100 | | Fix CVE-2019-10149 Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --------------- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
Attachment:
signature.asc
Description:
Current thread:
- CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit Heiko Schlittermann (Jun 04)
- Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit Simon McVittie (Jun 04)
- Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit Heiko Schlittermann (Jun 04)
- Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit Heiko Schlittermann (Jun 04)
- Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit Solar Designer (Jun 04)
- Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit Heiko Schlittermann (Jun 04)
- Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit Heiko Schlittermann (Jun 05)
- Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit Heiko Schlittermann (Jun 05)
- Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit Qualys Security Advisory (Jun 05)
- Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit Qualys Security Advisory (Jun 06)
- Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit Simon McVittie (Jun 04)