X-Git-Url: https://git.exim.org/exim-website.git/blobdiff_plain/dafbf397e6d3462ef3c8a7d356b269604d9e044f..23ffb224862d37e6fa8dd8e192120efaa35e5a98:/templates/static/doc/security/CVE-2019-10149.txt diff --git a/templates/static/doc/security/CVE-2019-10149.txt b/templates/static/doc/security/CVE-2019-10149.txt index d24cd86..6710d8d 100644 --- a/templates/static/doc/security/CVE-2019-10149.txt +++ b/templates/static/doc/security/CVE-2019-10149.txt @@ -2,7 +2,7 @@ CVE-2019-10149 Exim 4.87 to 4.91 ================================ We received a report of a possible remote exploit. Currently there is no -evidenice of an active use of this exploit. +evidence of an active use of this exploit. A patch exists already, is being tested, and backported to all versions we released since (and including) 4.87. @@ -23,7 +23,9 @@ Next steps: the fixed source to the official and public Git repo. t0 is expected to be 2019-06-04, 10:00 UTC -t0+7d is expected to be 2019-06-04, 10:00 UTC +t0+7d is expected to be 2019-06-11, 10:00 UTC + +UPDATE: Details leaked, CRD is re-scheduled to 2019-06-05 15:15 UTC. Timeline @@ -32,16 +34,7 @@ Timeline * 2019-05-27 Report from Qualys to exim-security list * 2019-05-27 Patch provided by Jeremy Harris * 2019-05-29 CVE-2019-10149 assigned from Qualys via RedHat -* 2019-06-03 This announcement - -Updates will follow, here and on -http://www.exim.org/static/doc/security/CVE-2019-10149.txt - - Best regards from Dresden/Germany - Viele Grüße aus Dresden - Heiko Schlittermann --- - SCHLITTERMANN.de ---------------------------- internet & unix support - - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - - gnupg encrypted messages are welcome --------------- key ID: F69376CE - - ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ - +* 2019-06-03 This announcement to exim-users, oss-security +* 2019-06-04 10:00 UTC Grant restricted access to the non-public Git repo. +* 2019-06-04 This announcement to exim-maintainers, exim-announce, distros +* 2019-06-05 15:15 UTC Release the fix to the public