From 1971afc2ca8c0320a24bc2bd1b55b33b40174e5f Mon Sep 17 00:00:00 2001
From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de>
Date: Mon, 2 Oct 2023 08:44:40 +0200
Subject: [PATCH] place a hint on the libspf2 issue

---
 templates/static/doc/security/CVE-2023-zdi.txt | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/templates/static/doc/security/CVE-2023-zdi.txt b/templates/static/doc/security/CVE-2023-zdi.txt
index a9dc538..5edb2ec 100644
--- a/templates/static/doc/security/CVE-2023-zdi.txt
+++ b/templates/static/doc/security/CVE-2023-zdi.txt
@@ -69,7 +69,9 @@ CVSS Score: 7.5
 Mitigation: Do not use the `spf` condition in your ACL
 Subsystem:  spf
 Remark:     It is debatable if this should be filed against
-            libspf2.
+            libspf2. There are hints (simon, #Exim IRC) that this
+	    is related to
+	    https://github.com/shevek/libspf2/pull/44
 
 ZDI-23-1473 | ZDI-CAN-17643 | CVE-2023-42219 | Exim Bug 3033
 ------------------------------------------------------------
-- 
2.30.2