[Secure-testing-commits] r58014 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Nov 25 09:38:26 UTC 2017
Author: carnil
Date: 2017-11-25 09:38:26 +0000 (Sat, 25 Nov 2017)
New Revision: 58014
Modified:
data/CVE/list
Log:
Split up exim4 entry to two, since upstream requested two CVEs and are two different bugs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-25 09:35:40 UTC (rev 58013)
+++ data/CVE/list 2017-11-25 09:38:26 UTC (rev 58014)
@@ -1,9 +1,14 @@
-CVE-2017-XXXX [exim4: remote code execution in chunking]
+CVE-2017-XXXX [Exim handles BDAT data incorrectly and leads to crash]
+ - exim4 <unfixed>
+ NOTE: https://bugs.exim.org/show_bug.cgi?id=2201
+ NOTE: https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.htm
+CVE-2017-XXXX [Exim use-after-free vulnerability while reading mail header]
- exim4 <unfixed> (bug #882648)
[jessie] - exim4 <not-affected> (ESMTP CHUNKING extension introduced in 4.88)
[wheezy] - exim4 <not-affected> (ESMTP CHUNKING extension introduced in 4.88)
+ NOTE: https://bugs.exim.org/show_bug.cgi?id=2199
NOTE: https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
- NOTE: https://twitter.com/philpennock/status/934270613811875840
+ NOTE: https://twitter.com/philpennock/status/934270613811875840
CVE-2017-16941 (** DISPUTED ** October CMS through 1.0.428 does not prevent use of ...)
TODO: check
CVE-2017-16940
More information about the Secure-testing-commits
mailing list