From: Heiko Schlittermann (HS12-RIPE) Date: Mon, 2 Oct 2023 06:44:40 +0000 (+0200) Subject: place a hint on the libspf2 issue X-Git-Url: https://git.exim.org/exim-website.git/commitdiff_plain/1971afc2ca8c0320a24bc2bd1b55b33b40174e5f place a hint on the libspf2 issue --- diff --git a/templates/static/doc/security/CVE-2023-zdi.txt b/templates/static/doc/security/CVE-2023-zdi.txt index a9dc538..5edb2ec 100644 --- a/templates/static/doc/security/CVE-2023-zdi.txt +++ b/templates/static/doc/security/CVE-2023-zdi.txt @@ -69,7 +69,9 @@ CVSS Score: 7.5 Mitigation: Do not use the `spf` condition in your ACL Subsystem: spf Remark: It is debatable if this should be filed against - libspf2. + libspf2. There are hints (simon, #Exim IRC) that this + is related to + https://github.com/shevek/libspf2/pull/44 ZDI-23-1473 | ZDI-CAN-17643 | CVE-2023-42219 | Exim Bug 3033 ------------------------------------------------------------