+CVE-2019-10149 Exim 4.87 to 4.91
+================================
+
+We received a report of a possible remote exploit. Currently there is no
+evidence of an active use of this exploit.
+
+A patch exists already, is being tested, and backported to all
+versions we released since (and including) 4.87.
+
+The severity depends on your configuration. It depends on how close to
+the standard configuration your Exim runtime configuration is. The
+closer the better.
+
+Exim 4.92 is not vulnerable.
+
+Next steps:
+
+* t0: Distros will get access to our non-public security Git repo
+ (access is granted based on the SSH keys that are known to us)
+
+* t0+7d: Coordinated Release Date: Distros should push the patched
+ version to their repos. The Exim maintainers will publish
+ the fixed source to the official and public Git repo.
+
+t0 is expected to be 2019-06-04, 10:00 UTC
+t0+7d is expected to be 2019-06-11, 10:00 UTC
+
+
+Timeline
+--------
+
+* 2019-05-27 Report from Qualys to exim-security list
+* 2019-05-27 Patch provided by Jeremy Harris
+* 2019-05-29 CVE-2019-10149 assigned from Qualys via RedHat
+* 2019-06-03 This announcement
+* 2019-06-04 10:00 UTC Grant access to the non-public security Git repo