From: Heiko Schlittermann (HS12-RIPE) Date: Wed, 7 Feb 2018 10:20:15 +0000 (+0100) Subject: Add CVE-2018-6789 to security/ X-Git-Url: https://git.exim.org/exim-website.git/commitdiff_plain/bf3d7c753aae8288792a8b817669fab2bccacd46 Add CVE-2018-6789 to security/ --- diff --git a/templates/static/doc/security/CVE-2018-6789.txt b/templates/static/doc/security/CVE-2018-6789.txt new file mode 100644 index 0000000..d883939 --- /dev/null +++ b/templates/static/doc/security/CVE-2018-6789.txt @@ -0,0 +1,28 @@ +CVE-2018-6789 +============= + +There is a buffer overflow in an utility function, if some pre-conditions +are met. Using a handcrafted message, remote code execution seems to be +possible. + +A patch exists already and is being tested. + +Currently we're unsure about the severity, we *believe*, an exploit +is difficult. A mitigation isn't known. + +Next steps: + +* t0: Distros will get access to our "security" non-public git repo + (based on the SSH keys known to us) +* t0 +7d: Patch will be published on the official public git repo + +t0 will be around 2018-02-08. + +Timeline +-------- + +* 2018-02-05 Report from Meh Chang via exim-security mailing list +* 2018-02-06 Request CVE on https://cveform.mitre.org/ (heiko) + CVE-2018-6789 +* 2018-02-07 Announcement to the public via exim-users, exim-maintainers + mailing lists and on oss-security mailing list