From: Simon Arlott <simon@arlott.org>
Date: Fri, 6 Oct 2023 07:08:22 +0000 (+0200)
Subject: clear statement on CVE-2023-42118
X-Git-Url: https://git.exim.org/exim-website.git/commitdiff_plain/29ed6255443ddd8c3248415c80201169e4f2e8a4

clear statement on CVE-2023-42118
---

diff --git a/templates/static/doc/security/CVE-2023-zdi.txt b/templates/static/doc/security/CVE-2023-zdi.txt
index 7e8b0fc..3b45efd 100644
--- a/templates/static/doc/security/CVE-2023-zdi.txt
+++ b/templates/static/doc/security/CVE-2023-zdi.txt
@@ -87,10 +87,8 @@ Subject:    libspf2 Integer Underflow
 CVSS Score: 7.5
 Mitigation: Do not use the `spf` condition in your ACL
 Subsystem:  spf
-Remark:     It is debatable if this should be filed against
-            libspf2. There are hints (simon, #Exim IRC) that this
-	    is related to
-	    https://github.com/shevek/libspf2/pull/44
+Remark:     This CVE should be filed against libspf2.
+            See: https://github.com/shevek/libspf2/issues/45
 
 ZDI-23-1473 | ZDI-CAN-17643 | CVE-2023-42119 | Exim Bug 3033
 ------------------------------------------------------------