From 29ed6255443ddd8c3248415c80201169e4f2e8a4 Mon Sep 17 00:00:00 2001 From: Simon Arlott Date: Fri, 6 Oct 2023 09:08:22 +0200 Subject: [PATCH] clear statement on CVE-2023-42118 --- templates/static/doc/security/CVE-2023-zdi.txt | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/templates/static/doc/security/CVE-2023-zdi.txt b/templates/static/doc/security/CVE-2023-zdi.txt index 7e8b0fc..3b45efd 100644 --- a/templates/static/doc/security/CVE-2023-zdi.txt +++ b/templates/static/doc/security/CVE-2023-zdi.txt @@ -87,10 +87,8 @@ Subject: libspf2 Integer Underflow CVSS Score: 7.5 Mitigation: Do not use the `spf` condition in your ACL Subsystem: spf -Remark: It is debatable if this should be filed against - libspf2. There are hints (simon, #Exim IRC) that this - is related to - https://github.com/shevek/libspf2/pull/44 +Remark: This CVE should be filed against libspf2. + See: https://github.com/shevek/libspf2/issues/45 ZDI-23-1473 | ZDI-CAN-17643 | CVE-2023-42119 | Exim Bug 3033 ------------------------------------------------------------ -- 2.30.2