clear statement on CVE-2023-42118

author Simon Arlott <simon@arlott.org>

Fri, 6 Oct 2023 07:08:22 +0000 (09:08 +0200)

committer Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>

Fri, 6 Oct 2023 07:08:22 +0000 (09:08 +0200)
author Simon Arlott <simon@arlott.org>
Fri, 6 Oct 2023 07:08:22 +0000 (09:08 +0200)
committer Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Fri, 6 Oct 2023 07:08:22 +0000 (09:08 +0200)
diff --git a/templates/static/doc/security/CVE-2023-zdi.txt b/templates/static/doc/security/CVE-2023-zdi.txt

index 7e8b0fc79cb0a4fe9d316ec988dfff19703e26de..3b45efd74aef496f368e82dcd8bd5245a936fd3e 100644 (file)
--- a/templates/static/doc/security/CVE-2023-zdi.txt
+++ b/templates/static/doc/security/CVE-2023-zdi.txt
@@ -87,10 +87,8 @@ Subject:    libspf2 Integer Underflow
  CVSS Score: 7.5
  Mitigation: Do not use the `spf` condition in your ACL
  Subsystem:  spf
-Remark:     It is debatable if this should be filed against
-            libspf2. There are hints (simon, #Exim IRC) that this
-           is related to
-           https://github.com/shevek/libspf2/pull/44
+Remark:     This CVE should be filed against libspf2.
+            See: https://github.com/shevek/libspf2/issues/45
  
  ZDI-23-1473 | ZDI-CAN-17643 | CVE-2023-42119 | Exim Bug 3033
  ------------------------------------------------------------
author	Simon Arlott <simon@arlott.org>
	Fri, 6 Oct 2023 07:08:22 +0000 (09:08 +0200)
committer	Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
	Fri, 6 Oct 2023 07:08:22 +0000 (09:08 +0200)