On 2023-12-24 Salvatore Bonaccorso <car...@debian.org> wrote: > Source: exim4 > Version: 4.97-2 > Severity: important > Tags: security upstream > Forwarded: https://bugs.exim.org/show_bug.cgi?id=3063 [...] > The following vulnerability was published for exim4.
> CVE-2023-51766[0]: > | Exim through 4.97 allows SMTP smuggling in certain configurations. > | Remote attackers can use a published exploitation technique to > | inject e-mail messages that appear to originate from the Exim > | server, allowing bypass of an SPF protection mechanism. This occurs > | because Exim supports <LF>.<CR><LF> but some other popular e-mail > | servers do not. Hello Salvatore, are you going to release a DSA (I can start preparing one) or should I aim for another stable update? TIA, cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
signature.asc
Description: PGP signature
