From bf3d7c753aae8288792a8b817669fab2bccacd46 Mon Sep 17 00:00:00 2001 From: "Heiko Schlittermann (HS12-RIPE)" Date: Wed, 7 Feb 2018 11:20:15 +0100 Subject: [PATCH] Add CVE-2018-6789 to security/ --- .../static/doc/security/CVE-2018-6789.txt | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 templates/static/doc/security/CVE-2018-6789.txt diff --git a/templates/static/doc/security/CVE-2018-6789.txt b/templates/static/doc/security/CVE-2018-6789.txt new file mode 100644 index 0000000..d883939 --- /dev/null +++ b/templates/static/doc/security/CVE-2018-6789.txt @@ -0,0 +1,28 @@ +CVE-2018-6789 +============= + +There is a buffer overflow in an utility function, if some pre-conditions +are met. Using a handcrafted message, remote code execution seems to be +possible. + +A patch exists already and is being tested. + +Currently we're unsure about the severity, we *believe*, an exploit +is difficult. A mitigation isn't known. + +Next steps: + +* t0: Distros will get access to our "security" non-public git repo + (based on the SSH keys known to us) +* t0 +7d: Patch will be published on the official public git repo + +t0 will be around 2018-02-08. + +Timeline +-------- + +* 2018-02-05 Report from Meh Chang via exim-security mailing list +* 2018-02-06 Request CVE on https://cveform.mitre.org/ (heiko) + CVE-2018-6789 +* 2018-02-07 Announcement to the public via exim-users, exim-maintainers + mailing lists and on oss-security mailing list -- 2.30.2