Your message dated Wed, 14 Feb 2018 21:17:09 +0000
with message-id <e1em4qp-000e8h...@fasolo.debian.org>
and subject line Bug#890000: fixed in exim4 4.89-2+deb9u3
has caused the Debian Bug report #890000,
regarding exim4: CVE-2018-6789: Buffer overflow in an utility function
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
890000: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890000
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: exim4
Version: 4.90-1
Severity: grave
Tags: security upstream
Hi,
the following vulnerability was published for exim4 (actually not
really the details, filling the bug for having a tracking bug in the
BTS).
CVE-2018-6789[0]:
| An issue was discovered in the SMTP listener in Exim 4.90 and earlier.
| By sending a handcrafted message, a buffer overflow may happen in a
| specific function. This can be used to execute code remotely.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-6789
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6789
[1] https://exim.org/static/doc/security/CVE-2018-6789.txt
Please adjust the affected versions in the BTS as needed, when issue
goes public with details and possibly adjust severity.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: exim4
Source-Version: 4.89-2+deb9u3
We believe that the bug you reported is fixed in the latest version of
exim4, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 890...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated exim4 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 10 Feb 2018 09:26:05 +0100
Source: exim4
Binary: exim4-base exim4-config exim4-daemon-light exim4 exim4-daemon-heavy
eximon4 exim4-dbg exim4-daemon-light-dbg exim4-daemon-heavy-dbg exim4-dev
Architecture: source
Version: 4.89-2+deb9u3
Distribution: stretch-security
Urgency: high
Maintainer: Exim4 Maintainers <pkg-exim4-maintain...@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 890000
Description:
exim4 - metapackage to ease Exim MTA (v4) installation
exim4-base - support files for all Exim MTA (v4) packages
exim4-config - configuration for the Exim MTA (v4)
exim4-daemon-heavy - Exim MTA (v4) daemon with extended features, including
exiscan-ac
exim4-daemon-heavy-dbg - debugging symbols for the Exim MTA "heavy" daemon
exim4-daemon-light - lightweight Exim MTA (v4) daemon
exim4-daemon-light-dbg - debugging symbols for the Exim MTA "light" daemon
exim4-dbg - debugging symbols for the Exim MTA (utilities)
exim4-dev - header files for the Exim MTA (v4) packages
eximon4 - monitor application for the Exim MTA (v4) (X11 interface)
Changes:
exim4 (4.89-2+deb9u3) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix base64d() buffer size (CVE-2018-6789) (Closes: #890000)
Checksums-Sha1:
dbad576884736adda0d719408224b29b0ebe1264 2973 exim4_4.89-2+deb9u3.dsc
6c7133297ea15795a2377d30de6bd52a600df553 449860
exim4_4.89-2+deb9u3.debian.tar.xz
Checksums-Sha256:
3f289571d21fe4c8febd17e1c6e2e886f089e842ee2dfb090752ce4ba405b495 2973
exim4_4.89-2+deb9u3.dsc
18be4af54197b369c5c1ce19a3c0a1ad7699252d90f837e620a7c592c6842a66 449860
exim4_4.89-2+deb9u3.debian.tar.xz
Files:
36cfb76d9cae7b72a6053bd1af1cf1d6 2973 mail standard exim4_4.89-2+deb9u3.dsc
a077b49a39af9dbf31d9e6ea70eaa493 449860 mail standard
exim4_4.89-2+deb9u3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlp+9w5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EjUIP/jihWCdQ0yGUnQDuZDZyEB+9FLLonC3x
6Xsgo9p+MPw/wp12z2c2u0bmB+s+Y1KbEukCrIDndzfn5jUUvgfe8PKHAalR1VWY
QOw0AhqMWtLIWoW1dg39eoEPhvEy/92WuYsUYvzjpAC58hEkXPq9qb1sFDFk/n/I
TwSdU0c+k9X3m8xtK3QZ8V9LVhnrT67TlnEFsFuuOwjah5FG1Bnmic8eovSqR2sC
qvtjqfEzQuZ7zlfM+VAHjC+etCSQUbTwAdis+fOoaEERUXiOosrQNSFP1001QeGc
bq+PL0xOGhIAhmK4Im1gPbICDUw6oy7Tpn44JeCxVOug6dhQWYXX4+JZVbrcNbSP
6fpU7fpWgPdXmHISxpi9BeMY0z8v5qT7007vwmWx4bQ5STU3epIl9/+QN6XKH+Uk
k2QVnWQGYtkpwkvxMQ0rBxGqY4Uh5R0lyCxC/cGjSvIyinfRVTcefNrRHIGkMxdb
0qhTY+unhYwbppGlDdt82keciLEaV5ymSR4ru3kWMLd5d9nuO6It61dVoVSdkGIf
BSie+rvp78VKI1ggl1osA4z68v1HspTeU7gfFobcqYeZ+clF4FD2fB9oTZEAmkja
Fcii0IThgwYjhvA+CsIvvOBi+g7Q8cOSXL88bnx+x7YZo9PqMxznFcsq3SEMEyWF
N+lVu/1saHC6
=42HN
-----END PGP SIGNATURE-----
--- End Message ---
