[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2017-16943 CVE-2017-16944 (Was:RCE in Exim reported)
From: Heiko Schlittermann <hs () schlittermann ! de>
Date: 2017-11-28 21:43:59
Message-ID: 20171128214359.q4b7cmlxd4ayz7ct () jumper ! schlittermann ! de
[Download RAW message or body]
Phil Pennock <oss-security-phil@spodhuis.org> (Sa 25 Nov 2017 04:59:12 CET):
> In Post-Thanksgiving mail-catchup, I see that the Exim Project was
> gifted with a couple of surprises in our public bugtracker on Thursday
> morning. Complete with proof-of-concept small Python script.
>
> I've requested CVEs, don't have them yet.
>
> My mail to our announce list:
> https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
…
> Public bugtracker links:
>
> https://bugs.exim.org/show_bug.cgi?id=2199
> https://bugs.exim.org/show_bug.cgi?id=2201
Both issues are fixed now.
CVE-2017-16943 (RCE) Exim Bug 2199
master: 4e6ae6235c68de243b1c2419027472d7659aa2b4
exim-4_89+fixes: 4090d62a4b25782129cc1643596dc2f6e8f63bde
Fix done by Jeremy Harrys
CVE-2017-16944 (DoS) Exim Bug 2201
master: 178ecb70987f024f0e775d87c2f8b2cf587dd542
exim-4_89+fixes: 4804c62909a62a3ac12ec4777ebd48c541028965
Fix done by me.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic