Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

exim: security update to 4.92.1 #1925

Closed
4 tasks done
KexyBiscuit opened this issue Jul 26, 2019 · 2 comments
Closed
4 tasks done

exim: security update to 4.92.1 #1925

KexyBiscuit opened this issue Jul 26, 2019 · 2 comments
Labels
security Topic/issue involves a security issue/fixed upgrade Topic/issue involves a package upgrade

Comments

@KexyBiscuit
Copy link
Member

KexyBiscuit commented Jul 26, 2019
edited by MingcongBai
Loading

CVE IDs: CVE-2019-13917

Other security advisory IDs: DSA-4488, USN-4075-1

Descriptions: Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).

Patches: https://git.exim.org/exim.git/commit/cf84d126bc1f04746eb7c8e8b3468f7e70add3ec

PoC(s): N/A

Architectural progress:

  • AMD64 amd64
  • AArch64 arm64
  • ARMv7 armel
  • PowerPC 64-bit BE ppc64
@KexyBiscuit KexyBiscuit added upgrade Topic/issue involves a package upgrade security Topic/issue involves a security issue/fixed to-stable labels Jul 26, 2019
@KexyBiscuit KexyBiscuit added this to the Summer 2019 milestone Jul 26, 2019
@KexyBiscuit KexyBiscuit changed the title exim: update to 4.92.1 exim: security update to 4.92.1 Jul 26, 2019
@KexyBiscuit KexyBiscuit mentioned this issue Aug 2, 2019
Closed
MingcongBai added a commit that referenced this issue Aug 2, 2019
@MingcongBai
exim: update to 4.92.1; #1925
dec6fe4
MingcongBai added a commit that referenced this issue Aug 7, 2019
@MingcongBai
exim: update to 4.92.1; #1925
01a3e18
@MingcongBai MingcongBai added the aosa-pending Pending AOSA (AOSC OS Security Advisory) assignment label Apr 20, 2020
@MingcongBai
Copy link
Member

All done. @l2dy Please assign an AOSA.

@MingcongBai MingcongBai removed the aosa-pending Pending AOSA (AOSC OS Security Advisory) assignment label Apr 20, 2020
@MingcongBai
Copy link
Member

This is actually superseded by #1986. Removing AOSA pending. @l2dy

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security Topic/issue involves a security issue/fixed upgrade Topic/issue involves a package upgrade
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MingcongBai @KexyBiscuit