oss-sec mailing list archives
Re: CVE Request - Exim 4.69-4.87 - disclosure of private information
From: <cve-assign () mitre org>
Date: Fri, 16 Dec 2016 00:33:41 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Heiko Schlittermann - Exim developer https://bugs.exim.org/show_bug.cgi?id=1996 Versions: 4.69 -> 4.87 If several conditions are met, Exim leaks private information to a remote attacker.
Our guess is that a vendor's disclosure of an impact, product name, and affected versions means that this can be interpreted as a public security issue. Use CVE-2016-9963. http://oss-security.openwall.org/wiki/mailing-lists/oss-security says "List Content Guidelines ... Any security issues that you post to oss-security should be either already public or to be made public by your posting." It is uncommon to use oss-security as a CVE request channel when the amount of public information is minimal. (For other options, see the https://cveform.mitre.org and https://cve.mitre.org/cve/data_sources_product_coverage.html pages.) - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYU3xCAAoJEHb/MwWLVhi2qBcP/jPSJbi/fUupYnmT0UOE6bCl dcqr+7WdI4cuyBOtZiKtJbB5JsaPhuJlY2j+a1Qj9j/cPr03QjNcFuhX66hLFcvJ I7dJtvvSiLFZ49Ozr5r3HJi6FTmPbOaqRYgAZjcL3sMrn45al0dBY19NWUMZIpym NtSgkMEhnnABzOsyM3yMEircofLnZv9r3KPYkB1bKt4H3Zgo3/6j6dHZRd5ON+iT LN1d0fXLFUZABeanmWi1ccFlm83J0oaTFnU1U7MLuJtDaYxTSN8vYUpiPSVkctDL EFdNJokCOfQcn67wtgjW3871EuRqWanYptBgQuQmq4j51i0MKktxQnRzom8qNnKz 6faWLL6xIxgRsIBM0hVJBjWYyg6SAGb/V5i3b+tAJhyCxse+PHfXg4WHofQip9BN ZoM8UcQDhDn01TLHaTvsd5H3pucxlk0jdDoum9CWcZBOfcc5NUnKkYuYntJDQ/rR Us+5Aaw8X+B8ZPE47NEwX7hAXHU5PzHU48fg+j6x3yYl3N9nwyhVsSbSxIQjjRd6 iqAIMXGQGJ2KMZluEBjkhNNGAYSfXrLxi8rx6x0qj4y7RLBIp9B9M4eH5f3H/to4 4BtIzUA5ZYdP20YE8VtGyRFd2aOGUMFf7BuoPgXgDXzflxGLMs4tmLNeTxxpyhMB ooGshm7DABkZ59MHc1ww =Q/MO -----END PGP SIGNATURE-----
Current thread:
- CVE Request - Exim 4.69-4.87 - disclosure of private information Heiko Schlittermann (Dec 15)
- Re: CVE Request - Exim 4.69-4.87 - disclosure of private information cve-assign (Dec 15)
- CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 18)
- Re: CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 20)
- Re: CVE-2016-9963 Exim private information leak Kurt H Maier (Dec 21)
- Re: CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 21)
- Re: CVE-2016-9963 Exim private information leak Kurt H Maier (Dec 21)
- Re: CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 22)
- Re: CVE-2016-9963 Exim private information leak Jeffrey Walton (Dec 22)
- Re: CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 22)
- Re: CVE-2016-9963 Exim private information leak Jeffrey Walton (Dec 22)
- CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 18)
- Re: CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 22)
- Re: CVE Request - Exim 4.69-4.87 - disclosure of private information cve-assign (Dec 15)