Bug#606612: marked as done (exim4: Exploitable memory corruption vulnerability (CVE-2010-4344))

Fri, 10 Dec 2010 07:33:50 -0800 

Your message dated Fri, 10 Dec 2010 16:31:11 +0100
with message-id <20101210153111.gi2...@patate.is-a-geek.org>
and subject line Re: Bug#606612: exim4: Exploitable memory corruption 
vulnerability
has caused the Debian Bug report #606612,
regarding exim4: Exploitable memory corruption vulnerability (CVE-2010-4344)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
606612: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606612
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: exim4
Version: 4.69-9
Severity: critical
Tags: security
Justification: root security hole

There is a discussion on exim-dev[0] relating to an incident of root-level
compromise owing to a couple of bugs. The first (the remote attack)
appears[1] to be related to a bug already fixed in mainline[2].

[0] <http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html>
[1] 
<http://www.exim.org/lurker/message/20101210.071922.233697ac.en.html#exim-dev>
[2] <http://bugs.exim.org/show_bug.cgi?id=787>

I hadn't seen any response from any Debian people on this (publically
at least) so I thought it would be worth filing this bug, to make
sure the right people are aware of the issue.

Cheers,
Dominic.

--- End Message ---
--- Begin Message --- 
Version: 4.69-9+lenny1

On Fri, Dec 10, 2010 at 11:01:09 +0000, Dominic Hargreaves wrote:

> Package: exim4
> Version: 4.69-9
> Severity: critical
> Tags: security
> Justification: root security hole
> 
> There is a discussion on exim-dev[0] relating to an incident of root-level
> compromise owing to a couple of bugs. The first (the remote attack)
> appears[1] to be related to a bug already fixed in mainline[2].
> 
Fixed in DSA 2131-1.

Cheers,
Julien

Attachment: signature.asc
Description: Digital signature


--- End Message ---

Reply via email to