From ba0da048589d0c808f3161ea03de19d3bb2adc17 Mon Sep 17 00:00:00 2001 From: "Heiko Schlittermann (HS12-RIPE)" Date: Mon, 20 Mar 2023 11:14:19 +0100 Subject: [PATCH] chg: add note about CVE-2021-38371 about not being a problem --- templates/static/doc/security/CVE-2021-38371.txt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/static/doc/security/CVE-2021-38371.txt b/templates/static/doc/security/CVE-2021-38371.txt index dfb748b..f24609a 100644 --- a/templates/static/doc/security/CVE-2021-38371.txt +++ b/templates/static/doc/security/CVE-2021-38371.txt @@ -5,6 +5,9 @@ Reporter: Damian Poddebniak, Fabian Ising, Hanno Böck, and Sebastian Schinzel Reference: https://nostarttls.secvuln.info/ Issue: Possible MitM attack on STARTTLS when Exim is *sending* email. +** The Exim developers do not consider this issue as a security problem. +** Additionally, we do not have any feedback about a successful attack +** using the scenario described below. Conditions to be vulnerable =========================== -- 2.30.2