the standard configuration your Exim runtime configuration is. The
closer the better.
+Exim 4.92 is not vulnerable.
+
Next steps:
-* t0: Distros will get access to our non-public security Git repo
+* t0: Distros will get access to our non-public security Git repo
(access is granted based on the SSH keys that are known to us)
* t0+7d: Coordinated Release Date: Distros should push the patched
version to their repos. The Exim maintainers will publish
- the fixed source to the official and public Git repo.
+ the fixed source to the official and public Git repo.
-t0 is expected to be 2019-06-04, 10:00 UTC
+t0 is expected to be 2019-06-04, 10:00 UTC
+t0+7d is expected to be 2019-06-11, 10:00 UTC
Timeline
* 2019-05-29 CVE-2019-10149 assigned from Qualys via RedHat
* 2019-06-03 This announcement
-Updates will follow, here and on https://exim.org/security/CVE-2019-10149.txt
+Updates will follow, here and on
+http://www.exim.org/static/doc/security/CVE-2019-10149.txt
Best regards from Dresden/Germany
Viele Grüße aus Dresden