Public bug reported:
Ubuntu's exim4 packages are based on Debian 4.82-8 and therefore missing
these two fixes:
exim4 (4.82.1-1) unstable; urgency=high
.
* New upstream security release, fixing CVE-2014-2957. This is a remote
code execution flaw in Exim version 4.82 (only) when built with DMARC
support. Debian's binary packages are not built with DMARC support and
therefore not vulnerable. However we want to fix this for people building
their own binaries based on Debian's packaging.
exim4 (4.82.1-2) unstable; urgency=high
.
* [87_double_expansion.diff] from upstream. Stop unwanted double expansion
of arguments to mathematical comparison operations.
CVE-2014-2972
Please sync with Debian unstable (or experimental).
thanks, cu Andreas
** Affects: exim4 (Ubuntu)
Importance: Undecided
Status: New
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-2972
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to exim4 in Ubuntu.
https://bugs.launchpad.net/bugs/1348074
Title:
sync with Debian - minor security fix
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1348074/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
