Bug#988086: Exim delivery process crashes on each mail with NULL-pointer
halfdog
me at halfdog.net
Wed May 5 13:40:20 BST 2021
Adam D. Barratt writes:
> On Wed, 2021-05-05 at 11:07 +0000, halfdog wrote:
>> This is weird: I have only bullseye/bullseye-updates/bullseye-
>> security
>> in my sources list. I applied all updates on 2nd of May with
>> no Exim package available. Then after the 21nails disclosure
>> I run the updates (timestamps in UTC):
>>
>> 2021-05-02 07:05:31 status installed initramfs-tools:all 0.140
>> ...
>> 2021-05-04 16:49:48 upgrade exim4-daemon-light:amd64 4.94-17 4.94-19
>>
>> But there is no transaction for 4.94-19 in PTS between these
>> two dates, next is
> >
>> [2021-05-05] exim4 4.94-19 MIGRATED to testing (Debian testing
>> watch)
>
> The "testing watch" script only runs daily, in the early morning UTC.
> The 4.94-19 package actually migrated on the morning of the 4th (again
> UTC):
>
> 20210504101451|control-suite|dak|added|testing|exim4 4.94-19 source
>
> The upload including the 21nails fixes is:
>
> 20210504134823|process-upload|dak|ACCEPT|exim4_4.94.2-1_multi.changes
Thanks, that explains the timeline.
I am now at
ii exim4-daemon-light 4.94.2-1 amd64 lightweight Exim MTA (v4) daemon
At least it does not segfault on locally generated messages as
the 4.94-19 package did. What a weird coincidence that the 4.94-19
seemed to crash exactly around that part of code that seemed
to related to CVE-2020-28007.
Regards,
hd
More information about the Pkg-exim4-maintainers
mailing list