Bug#992172: exim4: CVE-2021-38371
Andreas Metzler
ametzler at bebt.de
Sun Aug 15 06:21:40 BST 2021
On 2021-08-14 Salvatore Bonaccorso <carnil at debian.org> wrote:
> Source: exim4
> Version: 4.94.2-7
> Severity: important
> Tags: security upstream
> X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
> Hi,
> The following vulnerability was published for exim4, this is to start
> tracking the issue downstream for us. Note that at time of writing [2]
> gives still a 404.
> CVE-2021-38371[0]:
> | The STARTTLS feature in Exim through 4.94.2 allows response injection
> | (buffering) during MTA SMTP sending.
[...]
IIRC that is mitigated in experimental (4.95 rc) by ALPN and unkown
command related changes, I will not be able to check in detail for a
week or so, though.
cu Andreas
More information about the Pkg-exim4-maintainers
mailing list