================================
We received a report of a possible remote exploit. Currently there is no
-evidenice of an active use of this exploit.
+evidence of an active use of this exploit.
A patch exists already, is being tested, and backported to all
versions we released since (and including) 4.87.
the fixed source to the official and public Git repo.
t0 is expected to be 2019-06-04, 10:00 UTC
-t0+7d is expected to be 2019-06-04, 10:00 UTC
+t0+7d is expected to be 2019-06-11, 10:00 UTC
+
+UPDATE: Details leaked, CRD is re-scheduled to 2019-06-05 15:15 UTC.
Timeline
* 2019-05-27 Report from Qualys to exim-security list
* 2019-05-27 Patch provided by Jeremy Harris
* 2019-05-29 CVE-2019-10149 assigned from Qualys via RedHat
-* 2019-06-03 This announcement
-
-Updates will follow, here and on
-http://www.exim.org/static/doc/security/CVE-2019-10149.txt
-
- Best regards from Dresden/Germany
- Viele Grüße aus Dresden
- Heiko Schlittermann
---
- SCHLITTERMANN.de ---------------------------- internet & unix support -
- Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
- gnupg encrypted messages are welcome --------------- key ID: F69376CE -
- ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
+* 2019-06-03 This announcement to exim-users, oss-security
+* 2019-06-04 10:00 UTC Grant restricted access to the non-public Git repo.
+* 2019-06-04 This announcement to exim-maintainers, exim-announce, distros
+* 2019-06-05 15:15 UTC Release the fix to the public
git://git.exim.org / exim-website.git / blobdiff