X-Git-Url: https://git.exim.org/exim-website.git/blobdiff_plain/972bf4cf321710c3273071dd73b02800c36bd389..29ed6255443ddd8c3248415c80201169e4f2e8a4:/templates/static/doc/security/CVE-2023-zdi.txt?ds=inline

diff --git a/templates/static/doc/security/CVE-2023-zdi.txt b/templates/static/doc/security/CVE-2023-zdi.txt
index ceb4313..3b45efd 100644
--- a/templates/static/doc/security/CVE-2023-zdi.txt
+++ b/templates/static/doc/security/CVE-2023-zdi.txt
@@ -20,10 +20,15 @@ on or off.
   resolver (which does validation of the data it receives), you're not
   affected. We're working on a fix.
 
-Schedule
+Timeline
 --------
-The available fixes will be published on Monday, Oct 2nd, 12:00 UTC.
-A security release exim-4.96.1 will be published at the same time.
+- 2023-10-03 12:00 UTC 
+  - The available fixes are published.
+  - A security release exim-4.96.1 is published.
+  - The major distributions follow.
+
+More patches will follow (coordinated with the major distros) as soon as
+they're available.
 
 Distribution points:
 --------------------
@@ -82,12 +87,10 @@ Subject:    libspf2 Integer Underflow
 CVSS Score: 7.5
 Mitigation: Do not use the `spf` condition in your ACL
 Subsystem:  spf
-Remark:     It is debatable if this should be filed against
-            libspf2. There are hints (simon, #Exim IRC) that this
-	    is related to
-	    https://github.com/shevek/libspf2/pull/44
+Remark:     This CVE should be filed against libspf2.
+            See: https://github.com/shevek/libspf2/issues/45
 
-ZDI-23-1473 | ZDI-CAN-17643 | CVE-2023-42219 | Exim Bug 3033
+ZDI-23-1473 | ZDI-CAN-17643 | CVE-2023-42119 | Exim Bug 3033
 ------------------------------------------------------------
 Subject:    dnsdb Out-Of-Bounds Read
 CVSS Score: 3.1