Bug#1053310: exim4-base: Various severe CVE reports are outstanding

Andreas Metzler ametzler at bebt.de
Sun Oct 1 14:01:07 BST 2023


On 2023-10-01 Rainer Dorsch <ml at bokomoko.de> wrote:
> Package: exim4-base
> Version: 4.94.2-7
> Severity: critical
> Justification: breaks the whole system

> Dear Maintainer,

> *** Reporter, please consider answering these questions, where appropriate ***

> There are various CVE report with a rating of 9.8/10.

> CVE-2023-42119
> CVE-2023-42118
> CVE-2023-42117
> CVE-2023-42116
> CVE-2023-42115
> CVE-2023-42114

> It would help if there would be a statement by the Debian exim
> maintainer team, by when updates are expected to arrive.

> This would at least help to judge, if I should migrate my systems to
> postfix or if I can wait for a bugfix.
[...]

Hello Rainer,

Upstream is coordinating with various Linux distribution on the timing
of the update. I cannot publish these confidential communications.

cu Andreas



More information about the Pkg-exim4-maintainers mailing list