oss-sec mailing list archives
CVE-2016-9963 (Was: CVE Request - Exim 4.69-4.87 - disclosure of private information)
From: Heiko Schlittermann <hs () schlittermann de>
Date: Fri, 23 Dec 2016 11:59:06 +0100
Hello, Heiko Schlittermann <hs () schlittermann de> (Fr 16 Dez 2016 00:36:45 CET): …
Product: Exim Versions: 4.69 -> 4.87 Impact: Possible leak of private information to a remote attacker Reference: https://bugs.exim.org/show_bug.cgi?id=1996 (placeholder currently) Requester: Heiko Schlittermann <hs () schlittermann de> (Exim Developer) Credits: Bjoern Jacke <bjoern () j3e de> If several conditions are met, Exim leaks private information to a remote attacker.
… As at least one major distro isn't ready yet, we'll keep our initial schedule and release the fixed versions on Dec, 25th, 10:00 UTC. You'll find the versions in the usual places git://git.exim.org/exim.git Tags exim-4_88, exim-4_87_1 ftp://ftp.exim.org/pub/exim/exim4/ 4.88 ftp://ftp.exim.org/pub/exim/exim4/old/ 4.87.1 If you have older versions running, you should to at least 4.87.1. We're sorry for the release date. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --------------- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
Attachment:
signature.asc
Description: Digital signature
Current thread:
- Re: CVE-2016-9963 Exim private information leak, (continued)
- Re: CVE-2016-9963 Exim private information leak Kurt H Maier (Dec 21)
- Re: CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 21)
- Re: CVE-2016-9963 Exim private information leak Kurt H Maier (Dec 21)
- Re: CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 22)
- Re: CVE-2016-9963 Exim private information leak Jeffrey Walton (Dec 22)
- Re: CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 22)
- Re: CVE-2016-9963 Exim private information leak Jeffrey Walton (Dec 22)
- Re: CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 22)
- Re: CVE-2016-9963 Exim private information leak Kurt Seifried (Dec 22)
- Re: CVE-2016-9963 Exim private information leak Johannes Segitz (Dec 22)
- CVE-2016-9963 | Exim 4.87.1 released (Was: CVE Request - Exim 4.69-4.87) - disclosure of private information) Heiko Schlittermann (Dec 25)