place a hint on the libspf2 issue

author Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>

Mon, 2 Oct 2023 06:44:40 +0000 (08:44 +0200)

committer Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>

Mon, 2 Oct 2023 06:44:40 +0000 (08:44 +0200)
author Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Mon, 2 Oct 2023 06:44:40 +0000 (08:44 +0200)
committer Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Mon, 2 Oct 2023 06:44:40 +0000 (08:44 +0200)
diff --git a/templates/static/doc/security/CVE-2023-zdi.txt b/templates/static/doc/security/CVE-2023-zdi.txt

index a9dc5383c59e067cf7a623cf4204048db02974b8..5edb2ec0bbf7c3c8fb864e85d03e502955589872 100644 (file)
--- a/templates/static/doc/security/CVE-2023-zdi.txt
+++ b/templates/static/doc/security/CVE-2023-zdi.txt
@@ -69,7 +69,9 @@ CVSS Score: 7.5
  Mitigation: Do not use the `spf` condition in your ACL
  Subsystem:  spf
  Remark:     It is debatable if this should be filed against
-            libspf2.
+            libspf2. There are hints (simon, #Exim IRC) that this
+           is related to
+           https://github.com/shevek/libspf2/pull/44
  
  ZDI-23-1473 | ZDI-CAN-17643 | CVE-2023-42219 | Exim Bug 3033
  ------------------------------------------------------------
author	Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
	Mon, 2 Oct 2023 06:44:40 +0000 (08:44 +0200)
committer	Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
	Mon, 2 Oct 2023 06:44:40 +0000 (08:44 +0200)