X-Git-Url: https://git.exim.org/exim-website.git/blobdiff_plain/1ee9ce7fc935acb50611b975a940f68e23eaf42d..bd11ece7f9bcdafc7e12b1f085b9b03645cafbf9:/templates/static/doc/security/CVE-2018-6789.txt diff --git a/templates/static/doc/security/CVE-2018-6789.txt b/templates/static/doc/security/CVE-2018-6789.txt index c881b67..3db7935 100644 --- a/templates/static/doc/security/CVE-2018-6789.txt +++ b/templates/static/doc/security/CVE-2018-6789.txt @@ -1,28 +1,16 @@ CVE-2018-6789 ============= -There is a buffer overflow in an utility function, if some pre-conditions -are met. Using a handcrafted message, remote code execution seems to be -possible. +There is a buffer overflow in base64d(), if some pre-conditions are met. +Using a handcrafted message, remote code execution seems to be possible. A patch exists already and is being tested. Currently we're unsure about the severity, we *believe*, an exploit is difficult. A mitigation isn't known. -Next steps: - -* t0: Distros will get access to our non-public security git repo - (based on the SSH keys known to us) - - ssh://git@exim.org/exim.git tag: exim-4_90_1 - ssh://git@exim.org/exim-packages.git tag: exim-4_90_1 - -* t0 +7d: Patch will be published on the official public git repo - - Timeline (UTC) --------- +-------------- * 2018-02-05 Report from Meh Chang via exim-security mailing list * 2018-02-06 Request CVE on https://cveform.mitre.org/ (heiko) @@ -31,6 +19,5 @@ Timeline (UTC) mailing lists and on oss-security mailing list * 2018-02-08 16:50 Grant restricted access to the security repo for distro maintainers - -scheduled: -* 2018-02-15 16:50 Grant public access to the our official git repo. +* 2018-02-09 One distro breaks the embargo +* 2018-02-10 18:00 Grant public access to the our official git repo.