diff options
author | Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> | 2019-08-19 14:45:48 +0200 |
---|---|---|
committer | Jeremy Harris <jgh146exb@wizmail.org> | 2019-09-08 10:28:04 +0100 |
commit | c3aefacc72991f4960486052775ab47cd83c5fae (patch) | |
tree | 932b67f70af126441ce79a77fca08803f1324768 /doc/doc-txt/cve-2019-15846/posting-2.txt | |
parent | 2e860c7601c03eb8b1f02a5035deb1ca966f9cc0 (diff) |
string.c: do not interpret '\\' before '\0' (CVE-2019-15846)
Add documents about CVE-2019-15846
Add testcase for CVE-2019-15846
Update Changelog
Add Announcements
(cherry picked from commit 2600301ba6dbac5c9d640c87007a07ee6dcea1f4, 6693563381 and cdc7f9a966)
Diffstat (limited to 'doc/doc-txt/cve-2019-15846/posting-2.txt')
-rw-r--r-- | doc/doc-txt/cve-2019-15846/posting-2.txt | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/doc/doc-txt/cve-2019-15846/posting-2.txt b/doc/doc-txt/cve-2019-15846/posting-2.txt new file mode 100644 index 000000000..20037ddf3 --- /dev/null +++ b/doc/doc-txt/cve-2019-15846/posting-2.txt @@ -0,0 +1,44 @@ +To: exim-users@exim.org, exim-announce@exim.org, exim-maintainers@exim.org +From: [ do not use a dmarc protected sender ] + +CVE ID: CVE-2019-15846 +Credits: Zerons <sironhide0null@gmail.com>, Qualys +Version(s): all versions up to and including 4.92.1 +Issue: The SMTP Delivery process in all versions up to and + including Exim 4.92.1 has a Buffer Overflow. In the default + runtime configuration, this is exploitable with crafted Server + Name Indication (SNI) data during a TLS negotiation. In other + configurations, it is exploitable with a crafted client TLS certificate. +Details: doc/doc-txt/cve-2019-15846 in the downloaded source tree + +Coordinated Release Date (CRD) for Exim 4.92.2: + 2019-09-06 10:00 UTC + +Contact: security@exim.org + +We released Exim 4.92.2. This is a security update based on 4.92.1. + +Downloads +========= + +Starting at CRD the downloads will be available from the following +sources: + +Release tarballs (exim-4.92.2): + + https://ftp.exim.org/pub/exim/exim4/ + +The package files are signed with my GPG key. + +The full Git repo: + + https://git.exim.org/exim.git + https://github.com/Exim/exim [mirror of the above] + - tag exim-4.92.2 + - branch exim-4.92.2+fixes + +The tagged commit is the officially released version. The tag is signed +with my GPG key. The +fixes branch isn't officially maintained, but +contains useful patches *and* the security fix. The relevant commit is +signed with my GPG key. The old exim-4.92.1+fixes branch is being functionally +replaced by the new exim-4.92.2+fixes branch. |