blob: d22b85ccb5b68eea9cda9deb11b69dc5d2fb961a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
To: oss-security@lists.openwall.com, exim-users@exim.org,
exim-announce@exim.org
From: [ do not use a dmarc protected sender ]
*** Note: EMBARGO is still in effect ***
*** Distros must not publish any detail yet ***
Head up! Security release ahead!
CVE ID: CVE-2019-15846
Version(s): up to and including 4.92.1
Issue: A local or remote attacker can execute programs with root
privileges.
Details: Will be made public at CRD.
Coordinated Release Date (CRD) for Exim 4.92.2: 2019-09-06 10:00 UTC
Contact: security@exim.org
Proposed Timeline
=================
2019-09-03:
- initial notification to distros@openwall.org and
exim-maintainers@exim.org
2019-09-04: <-- NOW
- This Heads-up notice to oss-security@lists.openwall.com,
exim-users@exim.org, and exim-announce@exim.org
2019-09-06 10:00 UTC:
- Coordinated relase date
- Publish the patches in our official and public Git repositories
and the packages on our FTP server.
Downloads available starting at CRD
====================================
The downloads are not yet available. They will be made available
at the above mentioned CRD.
Release tarballs (exim-4.92.2):
https://ftp.exim.org/pub/exim/exim4/
The package files are signed with my GPG key.
The full Git repo:
https://git.exim.org/exim.git
https://github.com/Exim/exim [mirror of the above]
- tag exim-4.92.2
- branch exim-4.92.2+fixes
The tagged commit is the officially released version. The tag is signed
with my GPG key. The +fixes branch isn't officially maintained, but
contains useful patches *and* the security fix. The relevant commit is
signed with my GPG key. The old exim-4.92.1+fixes branch is being functionally
replaced by the new exim-4.92.2+fixes branch.
|