Author: jmm Date: 2017-11-25 11:44:02 +0000 (Sat, 25 Nov 2017) New Revision: 58016
Modified: data/CVE/list Log: add note for exim Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-25 10:42:39 UTC (rev 58015) +++ data/CVE/list 2017-11-25 11:44:02 UTC (rev 58016) @@ -3,7 +3,8 @@ [jessie] - exim4 <not-affected> (ESMTP CHUNKING extension introduced in 4.88) [wheezy] - exim4 <not-affected> (ESMTP CHUNKING extension introduced in 4.88) NOTE: https://bugs.exim.org/show_bug.cgi?id=2201 - NOTE: https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.htm + NOTE: https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html + NOTE: 4.89-10 adds a workaround which disables the affected code by default CVE-2017-XXXX [Exim use-after-free vulnerability while reading mail header] - exim4 <unfixed> (bug #882648) [jessie] - exim4 <not-affected> (ESMTP CHUNKING extension introduced in 4.88) @@ -11,6 +12,7 @@ NOTE: https://bugs.exim.org/show_bug.cgi?id=2199 NOTE: https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html NOTE: https://twitter.com/philpennock/status/934270613811875840 + NOTE: 4.89-10 adds a workaround which disables the affected code by default CVE-2017-16941 (** DISPUTED ** October CMS through 1.0.428 does not prevent use of ...) TODO: check CVE-2017-16940 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits