[Secure-testing-commits] r58016 - data/CVE

Sat Nov 25 11:44:02 UTC 2017

Author: jmm
Date: 2017-11-25 11:44:02 +0000 (Sat, 25 Nov 2017)
New Revision: 58016

Modified:
   data/CVE/list
Log:
add note for exim


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-11-25 10:42:39 UTC (rev 58015)
+++ data/CVE/list	2017-11-25 11:44:02 UTC (rev 58016)
@@ -3,7 +3,8 @@
 	[jessie] - exim4 <not-affected> (ESMTP CHUNKING extension introduced in 4.88)
 	[wheezy] - exim4 <not-affected> (ESMTP CHUNKING extension introduced in 4.88)
 	NOTE: https://bugs.exim.org/show_bug.cgi?id=2201
-	NOTE: https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.htm
+	NOTE: https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
+	NOTE: 4.89-10 adds a workaround which disables the affected code by default
 CVE-2017-XXXX [Exim use-after-free vulnerability while reading mail header]
 	- exim4 <unfixed> (bug #882648)
 	[jessie] - exim4 <not-affected> (ESMTP CHUNKING extension introduced in 4.88)
@@ -11,6 +12,7 @@
 	NOTE: https://bugs.exim.org/show_bug.cgi?id=2199
 	NOTE: https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
 	NOTE: https://twitter.com/philpennock/status/934270613811875840
+	NOTE: 4.89-10 adds a workaround which disables the affected code by default
 CVE-2017-16941 (** DISPUTED ** October CMS through 1.0.428 does not prevent use of ...)
 	TODO: check
 CVE-2017-16940


