diff options
Diffstat (limited to 'doc/cve-2019-15846/posting-1.txt')
-rw-r--r-- | doc/cve-2019-15846/posting-1.txt | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/doc/cve-2019-15846/posting-1.txt b/doc/cve-2019-15846/posting-1.txt new file mode 100644 index 0000000..d22b85c --- /dev/null +++ b/doc/cve-2019-15846/posting-1.txt @@ -0,0 +1,59 @@ +To: oss-security@lists.openwall.com, exim-users@exim.org, + exim-announce@exim.org +From: [ do not use a dmarc protected sender ] + +*** Note: EMBARGO is still in effect *** +*** Distros must not publish any detail yet *** + +Head up! Security release ahead! + +CVE ID: CVE-2019-15846 +Version(s): up to and including 4.92.1 +Issue: A local or remote attacker can execute programs with root + privileges. +Details: Will be made public at CRD. + +Coordinated Release Date (CRD) for Exim 4.92.2: 2019-09-06 10:00 UTC + +Contact: security@exim.org + +Proposed Timeline +================= + +2019-09-03: + - initial notification to distros@openwall.org and + exim-maintainers@exim.org + +2019-09-04: <-- NOW + - This Heads-up notice to oss-security@lists.openwall.com, + exim-users@exim.org, and exim-announce@exim.org + +2019-09-06 10:00 UTC: + - Coordinated relase date + - Publish the patches in our official and public Git repositories + and the packages on our FTP server. + +Downloads available starting at CRD +==================================== + +The downloads are not yet available. They will be made available +at the above mentioned CRD. + +Release tarballs (exim-4.92.2): + + https://ftp.exim.org/pub/exim/exim4/ + +The package files are signed with my GPG key. + +The full Git repo: + + https://git.exim.org/exim.git + https://github.com/Exim/exim [mirror of the above] + - tag exim-4.92.2 + - branch exim-4.92.2+fixes + +The tagged commit is the officially released version. The tag is signed +with my GPG key. The +fixes branch isn't officially maintained, but +contains useful patches *and* the security fix. The relevant commit is +signed with my GPG key. The old exim-4.92.1+fixes branch is being functionally +replaced by the new exim-4.92.2+fixes branch. |