X-Git-Url: https://git.exim.org/exim-website.git/blobdiff_plain/bf3d7c753aae8288792a8b817669fab2bccacd46..HEAD:/templates/static/doc/security/CVE-2018-6789.txt

diff --git a/templates/static/doc/security/CVE-2018-6789.txt b/templates/static/doc/security/CVE-2018-6789.txt
index d883939..3db7935 100644
--- a/templates/static/doc/security/CVE-2018-6789.txt
+++ b/templates/static/doc/security/CVE-2018-6789.txt
@@ -1,28 +1,23 @@
 CVE-2018-6789
 =============
 
-There is a buffer overflow in an utility function, if some pre-conditions
-are met.  Using a handcrafted message, remote code execution seems to be
-possible.
+There is a buffer overflow in base64d(), if some pre-conditions are met.
+Using a handcrafted message, remote code execution seems to be possible.
 
 A patch exists already and is being tested.
 
 Currently we're unsure about the severity, we *believe*, an exploit
 is difficult. A mitigation isn't known.
 
-Next steps:
-
-* t0:     Distros will get access to our "security" non-public git repo
-          (based on the SSH keys known to us)
-* t0 +7d: Patch will be published on the official public git repo
-
-t0 will be around 2018-02-08.
-
-Timeline
---------
+Timeline (UTC)
+--------------
 
 * 2018-02-05 Report from Meh Chang <meh@devco.re> via exim-security mailing list
 * 2018-02-06 Request CVE on https://cveform.mitre.org/ (heiko)
              CVE-2018-6789
 * 2018-02-07 Announcement to the public via exim-users, exim-maintainers
              mailing lists and on oss-security mailing list
+* 2018-02-08 16:50 Grant restricted access to the security repo for
+             distro maintainers
+* 2018-02-09 One distro breaks the embargo
+* 2018-02-10 18:00 Grant public access to the our official git repo.