oss-sec mailing list archives
Exim security update ahead
From: Heiko Schlittermann <hs () nodmarc schlittermann de>
Date: Wed, 21 Apr 2021 13:48:55 +0200
Dear Exim-Users and maintainers, this is a *heads up* notice only. No action is required on your part right now. Abstract -------- Several exploitable vulnerabilities in Exim were reported to us and are fixed. We have prepared a security release, tagged as "exim-4.94.1". This release contains all changes on the exim-4.94+fixes branch plus security fixes. Schedule -------- 2021-04-27 13.30 UTC: Grant access to the security repos for distro maintainers 2021-05-04 13:30 UTC: Publish the release on the public repos/website/etc Repositories ------------ The sources *will* be available on our security repo: tarballs: git () git exim org:exim-packages-security.git source: git () git exim org:exim-security.git tag: exim-4.94.1 Access to these security Git repos will be granted for the known set of Exim maintainers and distro packagers first. Please reach out to us, if you need further details or if you think, you should be part of this set. One week after granting access to the distro packagers the release will be pushed to the well known public repos as usual. Details ------- The current Exim versions (and likely older versions too) suffer from several exploitable vulnerabilities. These vulnerabilities were reported by Qualys via security () exim org back in October 2020. Due to several internal reasons it took more time than usual for the Exim development team to work on these reported issues in a timely manner. We explicitly thank Qualys for reporting *and* for providing patches for most of the reported vulnerabilities. Thank you for using Exim. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --------------- key ID: F69376CE -
Attachment:
signature.asc
Description:
Current thread:
- Exim security update ahead Heiko Schlittermann (Apr 21)