chg: add note about CVE-2021-38371 about not being a problem

author Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>

Mon, 20 Mar 2023 10:14:19 +0000 (11:14 +0100)

committer Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>

Mon, 20 Mar 2023 10:14:30 +0000 (11:14 +0100)
author Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Mon, 20 Mar 2023 10:14:19 +0000 (11:14 +0100)
committer Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Mon, 20 Mar 2023 10:14:30 +0000 (11:14 +0100)
diff --git a/templates/static/doc/security/CVE-2021-38371.txt b/templates/static/doc/security/CVE-2021-38371.txt

index dfb748ba9004ee573690f6c2d223a32b4b8d8dec..f24609a22022e366807be193aa534e236d0a5c5b 100644 (file)
--- a/templates/static/doc/security/CVE-2021-38371.txt
+++ b/templates/static/doc/security/CVE-2021-38371.txt
@@ -5,6 +5,9 @@ Reporter:   Damian Poddebniak, Fabian Ising, Hanno Böck, and Sebastian Schinzel
  Reference:  https://nostarttls.secvuln.info/
  Issue:      Possible MitM attack on STARTTLS when Exim is *sending* email.
  
+** The Exim developers do not consider this issue as a security problem.
+** Additionally, we do not have any feedback about a successful attack
+** using the scenario described below.
  
  Conditions to be vulnerable
  ===========================
author	Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
	Mon, 20 Mar 2023 10:14:19 +0000 (11:14 +0100)
committer	Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
	Mon, 20 Mar 2023 10:14:30 +0000 (11:14 +0100)