We released Exim 4.90.1 just now.
---------------------------------
This is mainly a security release to fix CVE-2018-6789, a buffer
overflow in base64d(). Please update your systems to 4.90.1. The
reporter of the bug claims to have a working exploit. See
http://exim.org/static/doc/security/CVE-2018-6789.txt for the timeline.
This release contains some other important bug fixes since 4.90, but no
additional features. Please see the ChangeLog
ftp://ftp.exim.org/pub/exim/exim4/ChangeLog
The Distros should have built packages already.
The sources can be obtained directly from the Git repos
git://git.exim.org/exim.git tag: exim-4_90_1
git://git.exim.org/exim.git tag: exim-4_90_1
The tag is signed with my GPG key¹.
Alternativly you may fetch the tarballs from the mirrors listed
on
https://www.exim.org/mirmon/ftp_mirrors.html
or directly from
ftp://ftp.exim.org/pub/exim/exim4/
https://ftp.exim.org/pub/exim/exim4/
The tarballs are signed with my GPG key¹. Next to the tarballs you will
find a sha512sum.txt, in case you are happy with simple integrity check
only.
¹) If you get a "key expired" message, please refresh my key from
the public keyservers.
Thank you for using Exim.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
---------------------------------
This is mainly a security release to fix CVE-2018-6789, a buffer
overflow in base64d(). Please update your systems to 4.90.1. The
reporter of the bug claims to have a working exploit. See
http://exim.org/static/doc/security/CVE-2018-6789.txt for the timeline.
This release contains some other important bug fixes since 4.90, but no
additional features. Please see the ChangeLog
ftp://ftp.exim.org/pub/exim/exim4/ChangeLog
The Distros should have built packages already.
The sources can be obtained directly from the Git repos
git://git.exim.org/exim.git tag: exim-4_90_1
git://git.exim.org/exim.git tag: exim-4_90_1
The tag is signed with my GPG key¹.
Alternativly you may fetch the tarballs from the mirrors listed
on
https://www.exim.org/mirmon/ftp_mirrors.html
or directly from
ftp://ftp.exim.org/pub/exim/exim4/
https://ftp.exim.org/pub/exim/exim4/
The tarballs are signed with my GPG key¹. Next to the tarballs you will
find a sha512sum.txt, in case you are happy with simple integrity check
only.
¹) If you get a "key expired" message, please refresh my key from
the public keyservers.
Thank you for using Exim.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
Attached Files:
-
signature.asc (0.48 KB)