1 To: distros@vs.openwall.org, exim-maintainers@exim.org
2 From: [ do not use a dmarc protected sender ]
4 ** EMBARGO *** This information is not public yet.
7 OVE ID: OVE-20190718-0006
10 Version(s): 4.85 up to and including 4.92
11 Issue: A local or remote attacker can execute programs with root
12 privileges - if you've an unusual configuration. For details
15 Contact: exim-security@exim.org
21 - this notice to distros@vs.openwall.org and exim-maintainers@exim.org
22 - open limited access to our security Git repo. See below.
24 t0+~4d: Mon Jul 22 10:00:00 UTC 2019
25 - head-up notice to oss-security@lists.openwall.com,
26 exim-users@exim.org, and exim-announce@exim.org
28 t0+~7d: Thu Jul 25 10:00:00 UTC 2019
29 - Coordinated relase date
30 - publish the patches in our official and public Git repositories
31 and the packages on our FTP server.
36 For release tarballs (exim-4.92.1):
38 git clone --depth 1 ssh://git@exim.org/exim-packages
40 The package files are signed with my GPG key.
42 For the full Git repo:
44 git clone ssh://git@exim.org/exim
46 - branch exim-4.92+fixes
48 The tagged commit is the officially released version. The tag is signed
49 with my GPG key. The +fixes branch isn't officially maintained, but
50 contains useful patches *and* the security fix. The relevant commit
51 is signed with my GPG key.
53 If you need help backporting the patch, please contact us directly.
55 Conditions to be vulnerable
56 ===========================
58 If your configuration uses the ${sort } expansion for items that can be
59 controlled by an attacker (e.g. $local_part, $domain). The default
60 config, as shipped by the Exim developers, does not contain ${sort }.
65 The vulnerability is exploitable either remotely or locally and could
66 be used to execute other programs with root privilege. The ${sort }
67 expansion re-evaluates its items.
72 Do not use ${sort } in your configuration.
git://git.exim.org / exim.git / blob