X-Git-Url: https://git.exim.org/exim-website.git/blobdiff_plain/ffa8e8b289446bd1ec330024231506afdb930b43..a5db00a3c48584409e216f56e136abf4c8488cba:/templates/static/doc/security/CVE-2019-10149.txt diff --git a/templates/static/doc/security/CVE-2019-10149.txt b/templates/static/doc/security/CVE-2019-10149.txt index 49e43a3..6710d8d 100644 --- a/templates/static/doc/security/CVE-2019-10149.txt +++ b/templates/static/doc/security/CVE-2019-10149.txt @@ -2,7 +2,7 @@ CVE-2019-10149 Exim 4.87 to 4.91 ================================ We received a report of a possible remote exploit. Currently there is no -evidenice of an active use of this exploit. +evidence of an active use of this exploit. A patch exists already, is being tested, and backported to all versions we released since (and including) 4.87. @@ -25,6 +25,8 @@ Next steps: t0 is expected to be 2019-06-04, 10:00 UTC t0+7d is expected to be 2019-06-11, 10:00 UTC +UPDATE: Details leaked, CRD is re-scheduled to 2019-06-05 15:15 UTC. + Timeline -------- @@ -32,16 +34,7 @@ Timeline * 2019-05-27 Report from Qualys to exim-security list * 2019-05-27 Patch provided by Jeremy Harris * 2019-05-29 CVE-2019-10149 assigned from Qualys via RedHat -* 2019-06-03 This announcement - -Updates will follow, here and on -http://www.exim.org/static/doc/security/CVE-2019-10149.txt - - Best regards from Dresden/Germany - Viele Grüße aus Dresden - Heiko Schlittermann --- - SCHLITTERMANN.de ---------------------------- internet & unix support - - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - - gnupg encrypted messages are welcome --------------- key ID: F69376CE - - ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ - +* 2019-06-03 This announcement to exim-users, oss-security +* 2019-06-04 10:00 UTC Grant restricted access to the non-public Git repo. +* 2019-06-04 This announcement to exim-maintainers, exim-announce, distros +* 2019-06-05 15:15 UTC Release the fix to the public