X-Git-Url: https://git.exim.org/exim-website.git/blobdiff_plain/1971afc2ca8c0320a24bc2bd1b55b33b40174e5f..29ed6255443ddd8c3248415c80201169e4f2e8a4:/templates/static/doc/security/CVE-2023-zdi.txt?ds=sidebyside diff --git a/templates/static/doc/security/CVE-2023-zdi.txt b/templates/static/doc/security/CVE-2023-zdi.txt index 5edb2ec..3b45efd 100644 --- a/templates/static/doc/security/CVE-2023-zdi.txt +++ b/templates/static/doc/security/CVE-2023-zdi.txt @@ -20,11 +20,30 @@ on or off. resolver (which does validation of the data it receives), you're not affected. We're working on a fix. -Schedule +Timeline -------- -Currently we're in contact with the major distros and aim to release -those fixes that are available as soon as possible. (Aiming Monday, Oct -2nd.) +- 2023-10-03 12:00 UTC + - The available fixes are published. + - A security release exim-4.96.1 is published. + - The major distributions follow. + +More patches will follow (coordinated with the major distros) as soon as +they're available. + +Distribution points: +-------------------- +- git://git.exim.org + branches: + - spa-auth-fixes (based on the current master) [commit IDs: 7bb5bc2c6 0519dcfb5 e17b8b0f1 04107e98d] + - exim-4.96+security (based on exim-4.96) [gpg signed] + - exim-4.96.1+fixes (based on exim-4.96.1 with the fixes from exim-4.96+fixes) [gpg signed] + tags: + - exim-4.96.1 [gpg signed] + +- tarballs for exim-4.96.1: https://ftp.exim.org/pub/exim/exim4/ [gpg signed] + +GPG signatures are made by me (hs@schlittermann.de, or Jeremy Harris +jgh@wizmail.org). More Details @@ -68,12 +87,10 @@ Subject: libspf2 Integer Underflow CVSS Score: 7.5 Mitigation: Do not use the `spf` condition in your ACL Subsystem: spf -Remark: It is debatable if this should be filed against - libspf2. There are hints (simon, #Exim IRC) that this - is related to - https://github.com/shevek/libspf2/pull/44 +Remark: This CVE should be filed against libspf2. + See: https://github.com/shevek/libspf2/issues/45 -ZDI-23-1473 | ZDI-CAN-17643 | CVE-2023-42219 | Exim Bug 3033 +ZDI-23-1473 | ZDI-CAN-17643 | CVE-2023-42119 | Exim Bug 3033 ------------------------------------------------------------ Subject: dnsdb Out-Of-Bounds Read CVSS Score: 3.1