From: Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Date: Mon, 20 Mar 2023 10:14:19 +0000 (+0100)
Subject: chg: add note about CVE-2021-38371 about not being a problem
X-Git-Url: https://git.exim.org/exim-website.git/commitdiff_plain/ba0da048589d0c808f3161ea03de19d3bb2adc17

chg: add note about CVE-2021-38371 about not being a problem
---

diff --git a/templates/static/doc/security/CVE-2021-38371.txt b/templates/static/doc/security/CVE-2021-38371.txt
index dfb748b..f24609a 100644
--- a/templates/static/doc/security/CVE-2021-38371.txt
+++ b/templates/static/doc/security/CVE-2021-38371.txt
@@ -5,6 +5,9 @@ Reporter:   Damian Poddebniak, Fabian Ising, Hanno Böck, and Sebastian Schinzel
 Reference:  https://nostarttls.secvuln.info/
 Issue:      Possible MitM attack on STARTTLS when Exim is *sending* email.
 
+** The Exim developers do not consider this issue as a security problem.
+** Additionally, we do not have any feedback about a successful attack
+** using the scenario described below.
 
 Conditions to be vulnerable
 ===========================