oss-sec mailing list archives
CVE-2016-9963 | Exim 4.87.1 released (Was: CVE Request - Exim 4.69-4.87) - disclosure of private information)
From: Heiko Schlittermann <hs () schlittermann de>
Date: Sun, 25 Dec 2016 11:44:10 +0100
I've uploaded Exim 4.87.1 to: ftp://ftp.exim.org/pub/exim/exim4/old/ git://git.exim.org/exim.git (tag exim-4_87_1) Whilst this release is superseeded by 4.88 already, you're urged to upgrade to 4.87.1, if 4.88 isn't an option for you yet. No features are added or removed. This release contains just a fix for CVE-2016-9963 - Fix CVE-2016-9963 - Info leak from DKIM. When signing DKIM, if either LMTP or PRDR was used for delivery, the key could appear in logs. Additionally, if the experimental feature "DSN_INFO" was used, it could appear in DSN messages (and be sent offsite). For details about the CVE please see https://exim.org/static/doc/CVE-2016-9963.txt The release files for 4.87.1 are signed with the PGP key 0xF69376CE, which has a uid "Heiko Schlittermann (HS12-RIPE) <hs () schlittermann de>". Please use your own discretion in assessing what trust paths you might have to this uid. In case on any problems please contact us on exim-users () exim org or on the IRC channel #exim at freenode. Sorry for the release date. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --------------- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
Attachment:
signature.asc
Description: Digital signature
Current thread:
- Re: CVE-2016-9963 Exim private information leak, (continued)
- Re: CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 21)
- Re: CVE-2016-9963 Exim private information leak Kurt H Maier (Dec 21)
- Re: CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 22)
- Re: CVE-2016-9963 Exim private information leak Jeffrey Walton (Dec 22)
- Re: CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 22)
- Re: CVE-2016-9963 Exim private information leak Jeffrey Walton (Dec 22)
- Re: CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 22)
- Re: CVE-2016-9963 Exim private information leak Kurt Seifried (Dec 22)
- Re: CVE-2016-9963 Exim private information leak Johannes Segitz (Dec 22)
- CVE-2016-9963 | Exim 4.87.1 released (Was: CVE Request - Exim 4.69-4.87) - disclosure of private information) Heiko Schlittermann (Dec 25)