[Secure-testing-commits] r58016 - data/CVE

Sat, 25 Nov 2017 03:44:38 -0800 

Author: jmm
Date: 2017-11-25 11:44:02 +0000 (Sat, 25 Nov 2017)
New Revision: 58016

Modified:
   data/CVE/list
Log:
add note for exim


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-11-25 10:42:39 UTC (rev 58015)
+++ data/CVE/list       2017-11-25 11:44:02 UTC (rev 58016)
@@ -3,7 +3,8 @@
        [jessie] - exim4 <not-affected> (ESMTP CHUNKING extension introduced in 
4.88)
        [wheezy] - exim4 <not-affected> (ESMTP CHUNKING extension introduced in 
4.88)
        NOTE: https://bugs.exim.org/show_bug.cgi?id=2201
-       NOTE: 
https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.htm
+       NOTE: 
https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
+       NOTE: 4.89-10 adds a workaround which disables the affected code by 
default
 CVE-2017-XXXX [Exim use-after-free vulnerability while reading mail header]
        - exim4 <unfixed> (bug #882648)
        [jessie] - exim4 <not-affected> (ESMTP CHUNKING extension introduced in 
4.88)
@@ -11,6 +12,7 @@
        NOTE: https://bugs.exim.org/show_bug.cgi?id=2199
        NOTE: 
https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
        NOTE: https://twitter.com/philpennock/status/934270613811875840
+       NOTE: 4.89-10 adds a workaround which disables the affected code by 
default
 CVE-2017-16941 (** DISPUTED ** October CMS through 1.0.428 does not prevent 
use of ...)
        TODO: check
 CVE-2017-16940


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to