From: Heiko Schlittermann (HS12-RIPE) Date: Mon, 20 Mar 2023 10:14:19 +0000 (+0100) Subject: chg: add note about CVE-2021-38371 about not being a problem X-Git-Url: https://git.exim.org/exim-website.git/commitdiff_plain/ba0da048589d0c808f3161ea03de19d3bb2adc17 chg: add note about CVE-2021-38371 about not being a problem --- diff --git a/templates/static/doc/security/CVE-2021-38371.txt b/templates/static/doc/security/CVE-2021-38371.txt index dfb748b..f24609a 100644 --- a/templates/static/doc/security/CVE-2021-38371.txt +++ b/templates/static/doc/security/CVE-2021-38371.txt @@ -5,6 +5,9 @@ Reporter: Damian Poddebniak, Fabian Ising, Hanno Böck, and Sebastian Schinzel Reference: https://nostarttls.secvuln.info/ Issue: Possible MitM attack on STARTTLS when Exim is *sending* email. +** The Exim developers do not consider this issue as a security problem. +** Additionally, we do not have any feedback about a successful attack +** using the scenario described below. Conditions to be vulnerable ===========================