X-Git-Url: https://git.exim.org/exim-website.git/blobdiff_plain/34b1e5ae83c5d8f79a32f514db1b9a09f42eb049..8180c0d5a3d0823641d65535c70fb52900926060:/templates/static/doc/security/CVE-2019-10149.txt?ds=sidebyside diff --git a/templates/static/doc/security/CVE-2019-10149.txt b/templates/static/doc/security/CVE-2019-10149.txt index 31a91b6..6710d8d 100644 --- a/templates/static/doc/security/CVE-2019-10149.txt +++ b/templates/static/doc/security/CVE-2019-10149.txt @@ -2,7 +2,7 @@ CVE-2019-10149 Exim 4.87 to 4.91 ================================ We received a report of a possible remote exploit. Currently there is no -evidenice of an active use of this exploit. +evidence of an active use of this exploit. A patch exists already, is being tested, and backported to all versions we released since (and including) 4.87. @@ -15,14 +15,17 @@ Exim 4.92 is not vulnerable. Next steps: -* t0: Distros will get access to our non-public security Git repo +* t0: Distros will get access to our non-public security Git repo (access is granted based on the SSH keys that are known to us) * t0+7d: Coordinated Release Date: Distros should push the patched version to their repos. The Exim maintainers will publish - the fixed source to the official and public Git repo. + the fixed source to the official and public Git repo. -t0 is expected to be 2019-06-04, 10:00 UTC +t0 is expected to be 2019-06-04, 10:00 UTC +t0+7d is expected to be 2019-06-11, 10:00 UTC + +UPDATE: Details leaked, CRD is re-scheduled to 2019-06-05 15:15 UTC. Timeline @@ -31,16 +34,7 @@ Timeline * 2019-05-27 Report from Qualys to exim-security list * 2019-05-27 Patch provided by Jeremy Harris * 2019-05-29 CVE-2019-10149 assigned from Qualys via RedHat -* 2019-06-03 This announcement - -Updates will follow, here and on -http://www.exim.org/static/doc/security/CVE-2019-10149.txt - - Best regards from Dresden/Germany - Viele Grüße aus Dresden - Heiko Schlittermann --- - SCHLITTERMANN.de ---------------------------- internet & unix support - - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - - gnupg encrypted messages are welcome --------------- key ID: F69376CE - - ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ - +* 2019-06-03 This announcement to exim-users, oss-security +* 2019-06-04 10:00 UTC Grant restricted access to the non-public Git repo. +* 2019-06-04 This announcement to exim-maintainers, exim-announce, distros +* 2019-06-05 15:15 UTC Release the fix to the public