exim: security update to 4.92.2 #1986

l2dy · 2019-09-07T11:36:48Z

CVE IDs: CVE-2019-15846

Other security advisory IDs: DSA-4517-1, USN-4124-1, GLSA 201909-06

Descriptions:
"Zerons" and Qualys discovered that a buffer overflow triggerable in the
TLS negotiation code of the Exim mail transport agent could result in the
execution of arbitrary code with root privileges.

PoC(s): N/A

Architectural progress:

AMD64 amd64
AArch64 arm64
ARMv7 armel
PowerPC 64-bit BE ppc64

The text was updated successfully, but these errors were encountered:

l2dy · 2019-09-07T11:38:03Z

Official advisory: https://www.exim.org/static/doc/security/CVE-2019-15846.txt

MingcongBai · 2020-04-20T05:48:25Z

Fixed with 303cad6.

MingcongBai · 2020-04-20T05:48:41Z

All done. @l2dy Please assign an AOSA.

l2dy · 2020-04-20T11:04:33Z

Use AOSA-2020-0051.

l2dy added upgrade Topic/issue involves a package upgrade security Topic/issue involves a security issue/fixed to-stable labels Sep 7, 2019

KexyBiscuit added this to the Summer 2019 milestone Sep 19, 2019

MingcongBai mentioned this issue Apr 20, 2020

exim: security update to 4.92.1 #1925

Closed

4 tasks

MingcongBai closed this as completed Apr 20, 2020

MingcongBai added the aosa-pending Pending AOSA (AOSC OS Security Advisory) assignment label Apr 20, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

exim: security update to 4.92.2 #1986

exim: security update to 4.92.2 #1986

l2dy commented Sep 7, 2019 •

edited by MingcongBai

Loading

l2dy commented Sep 7, 2019

MingcongBai commented Apr 20, 2020

MingcongBai commented Apr 20, 2020

l2dy commented Apr 20, 2020

exim: security update to 4.92.2 #1986

exim: security update to 4.92.2 #1986

Comments

l2dy commented Sep 7, 2019 • edited by MingcongBai Loading

l2dy commented Sep 7, 2019

MingcongBai commented Apr 20, 2020

MingcongBai commented Apr 20, 2020

l2dy commented Apr 20, 2020

l2dy commented Sep 7, 2019 •

edited by MingcongBai

Loading