From 4afe2c50eeb22d67679311f19f98e81ead822240 Mon Sep 17 00:00:00 2001 From: "Heiko Schlittermann (HS12-RIPE)" Date: Mon, 3 Jun 2019 15:50:12 +0200 Subject: [PATCH] Add CVE-2019-10149 --- .../static/doc/security/CVE-2019-10149.txt | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 templates/static/doc/security/CVE-2019-10149.txt diff --git a/templates/static/doc/security/CVE-2019-10149.txt b/templates/static/doc/security/CVE-2019-10149.txt new file mode 100644 index 0000000..cb5a646 --- /dev/null +++ b/templates/static/doc/security/CVE-2019-10149.txt @@ -0,0 +1,43 @@ +CVE-2019-10149 Exim 4.87 to 4.91 +================================ + +We received a report of a possible remote exploit. Currently there is no +evidenice of an active use of this exploit. + +A patch exists already, is being tested, and backported to all +versions we released since (and including) 4.87. + +The severity depends on your configuration. It depends on how close to +the standard configuration your Exim runtime configuration is. The +closer the better. + +Next steps: + +* t0: Distros will get access to our non-public security Git repo + (access is granted based on the SSH keys that are known to us) + +* t0+7d: Coordinated Release Date: Distros should push the patched + version to their repos. The Exim maintainers will publish + the fixed source to the official and public Git repo. + +t0 is expected to be 2019-06-04, 10:00 UTC + + +Timeline +-------- + +* 2019-05-27 Report from Qualys to exim-security list +* 2019-05-27 Patch provided by Jeremy Harris +* 2019-05-29 CVE-2019-10149 assigned from Qualys via RedHat +* 2019-06-03 This announcement + +Updates will follow, here and on https://exim.org/security/CVE-2019-10149.txt + + Best regards from Dresden/Germany + Viele Grüße aus Dresden + Heiko Schlittermann +-- + SCHLITTERMANN.de ---------------------------- internet & unix support - + Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - + gnupg encrypted messages are welcome --------------- key ID: F69376CE - + ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ - -- 2.30.2