Bug#890000: exim4: CVE-2018-6789
Salvatore Bonaccorso
carnil at debian.org
Fri Feb 9 21:01:03 UTC 2018
Source: exim4
Version: 4.90-1
Severity: grave
Tags: security upstream
Hi,
the following vulnerability was published for exim4 (actually not
really the details, filling the bug for having a tracking bug in the
BTS).
CVE-2018-6789[0]:
| An issue was discovered in the SMTP listener in Exim 4.90 and earlier.
| By sending a handcrafted message, a buffer overflow may happen in a
| specific function. This can be used to execute code remotely.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-6789
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6789
[1] https://exim.org/static/doc/security/CVE-2018-6789.txt
Please adjust the affected versions in the BTS as needed, when issue
goes public with details and possibly adjust severity.
Regards,
Salvatore
More information about the Pkg-exim4-maintainers
mailing list