Mailing List Archive

https://bugs.exim.org/show_bug.cgi?id=2835

Lexen <lexenluis@gmail.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|SPAM |---

--- Comment #1 from Lexen <lexenluis@gmail.com> ---
here is a buffer overflow in an utility function, if some pre-conditions
are met. Using a handcrafted message, remote code execution seems to be
possible.

A patch exists already and is being tested.

Currently we're unsure about the severity, we *believe*, an exploit
is difficult. A mitigation isn't known. https://emospace.net

Next steps:

* t0: Distros will get access to our "security" non-public git repo
(based on the SSH keys known to us)
* t0 +7d: Patch will be published on the official public git repo

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

https://bugs.exim.org/show_bug.cgi?id=2835

Graeme Fowler <graeme@graemef.net> changed:

What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |INVALID
Status|REOPENED |RESOLVED

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

https://bugs.exim.org/show_bug.cgi?id=2835

Graeme Fowler <graeme@graemef.net> changed:

What |Removed |Added
----------------------------------------------------------------------------
Group| |exim-security,
| |exim-restrictedcomments-acc
| |ess

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##