[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2016-9963 (Was: CVE Request - Exim 4.69-4.87 - disclosure of private information)
From:       Heiko Schlittermann <hs () schlittermann ! de>
Date:       2016-12-23 10:59:06
Message-ID: 20161223105906.GO5082 () jumper ! schlittermann ! de
[Download RAW message or body]


Hello,

Heiko Schlittermann <hs@schlittermann.de> (Fr 16 Dez 2016 00:36:45 CET):
…
> Product:    Exim
> Versions:   4.69 -> 4.87
> Impact:     Possible leak of private information to a remote attacker
> Reference:  https://bugs.exim.org/show_bug.cgi?id=1996 (placeholder currently)
> Requester:  Heiko Schlittermann <hs@schlittermann.de> (Exim Developer)
> Credits:    Bjoern Jacke <bjoern@j3e.de>
> 
> If several conditions are met, Exim leaks private information to
> a remote attacker.
…

As at least one major distro isn't ready yet, we'll keep our initial schedule
and release the fixed versions on Dec, 25th, 10:00 UTC.

You'll find the versions in the usual places

    git://git.exim.org/exim.git         Tags exim-4_88, exim-4_87_1
    ftp://ftp.exim.org/pub/exim/exim4/          4.88
    ftp://ftp.exim.org/pub/exim/exim4/old/      4.87.1

If you have older versions running, you should to at least 4.87.1.

We're sorry for the release date.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]