Bug#992172: exim4: CVE-2021-38371

2023-03-16 Thread Andreas Metzler
On 2023-03-15 Moritz Mühlenhoff wrote: > Am Sun, Aug 15, 2021 at 07:21:40AM +0200 schrieb Andreas Metzler: > > On 2021-08-14 Salvatore Bonaccorso wrote: [...] > > > CVE-2021-38371[0]: > > > | The STARTTLS feature in Exim through 4.94.2 allows response injection > > > | (buffering) during MTA SMTP

Bug#992172: exim4: CVE-2021-38371

2023-03-15 Thread Heiko Schlittermann
[not encrypted, I'm not able to find the key of Moritz] Hi, Salvatore Bonaccorso (Mi 15 Mär 2023 20:49:01 CET): > Looks the planned advisory at > https://www.exim.org/static/doc/security/CVE-2021-38371.txt is not > online. I found the message from last year on the list, and the today's messages

Bug#992172: exim4: CVE-2021-38371

2023-03-15 Thread Salvatore Bonaccorso
Hello Andreas and Moritz, On Wed, Mar 15, 2023 at 05:18:15PM +0100, Moritz Mühlenhoff wrote: > Am Sun, Aug 15, 2021 at 07:21:40AM +0200 schrieb Andreas Metzler: > > On 2021-08-14 Salvatore Bonaccorso wrote: > > > Source: exim4 > > > Version: 4.94.2-7 > > > Severity: important > > > Tags: security

Bug#992172: exim4: CVE-2021-38371

2023-03-15 Thread Moritz Mühlenhoff
Am Sun, Aug 15, 2021 at 07:21:40AM +0200 schrieb Andreas Metzler: > On 2021-08-14 Salvatore Bonaccorso wrote: > > Source: exim4 > > Version: 4.94.2-7 > > Severity: important > > Tags: security upstream > > X-Debbugs-Cc: car...@debian.org, Debian Security Team > > > > > Hi, > > > The following

Bug#992172: exim4: CVE-2021-38371

2021-08-15 Thread Salvatore Bonaccorso
HI Andreas, On Sun, Aug 15, 2021 at 07:21:40AM +0200, Andreas Metzler wrote: > On 2021-08-14 Salvatore Bonaccorso wrote: > > Source: exim4 > > Version: 4.94.2-7 > > Severity: important > > Tags: security upstream > > X-Debbugs-Cc: car...@debian.org, Debian Security Team > > > > > Hi, > > > Th

Bug#992172: exim4: CVE-2021-38371

2021-08-14 Thread Andreas Metzler
On 2021-08-14 Salvatore Bonaccorso wrote: > Source: exim4 > Version: 4.94.2-7 > Severity: important > Tags: security upstream > X-Debbugs-Cc: car...@debian.org, Debian Security Team > > Hi, > The following vulnerability was published for exim4, this is to start > tracking the issue downstream

Bug#992172: exim4: CVE-2021-38371

2021-08-14 Thread Salvatore Bonaccorso
Source: exim4 Version: 4.94.2-7 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for exim4, this is to start tracking the issue downstream for us. Note that at time of writing [2] gives still a 404. C