Re: Severe vulnerability in Exim 4.87 through 4.91

To: debian-user@lists.debian.org
Subject: Re: Severe vulnerability in Exim 4.87 through 4.91
From: Curt <curty@free.fr>
Date: Mon, 10 Jun 2019 13:19:54 -0000 (UTC)
Message-id: <[🔎] slrnqfsm7q.254.curty@einstein.electron.org>
References: <[🔎] slrnqfnppu.33b.curty@einstein.electron.org> <[🔎] 20190610125348.GI1434@eeg.ccf.org>

On 2019-06-10, Greg Wooledge <wooledg@eeg.ccf.org> wrote:
> On Sat, Jun 08, 2019 at 04:50:06PM -0000, Curt wrote:
>> https://lwn.net/Articles/790553/
>> 
>> I was actually going to point to another article on the subject, but as
>> it revealed the exact modus operandi for the (local) exploit (which is
>> trivial to an extreme) I thought better of it.
>
> https://www.debian.org/security/2019/dsa-4456
>
> https://security-tracker.debian.org/tracker/CVE-2019-10149
>
>

Okay, thank you, so fixed in Stretch with the package update to 4.89-2+deb9u4
a few days ago (other releases not vulnerable).


-- 
“Decisions are never really made – at best they manage to emerge, from a chaos
of peeves, whims, hallucinations and all around assholery.” – Thomas Pynchon

Reply to:

References:
- Severe vulnerability in Exim 4.87 through 4.91
  - From: Curt <curty@free.fr>
- Re: Severe vulnerability in Exim 4.87 through 4.91
  - From: Greg Wooledge <wooledg@eeg.ccf.org>

Prev by Date: Re: Severe vulnerability in Exim 4.87 through 4.91
Next by Date: Re: What is agetty, and why can't it be stopped?
Previous by thread: Re: Severe vulnerability in Exim 4.87 through 4.91
Next by thread: Can any setting be changed after an "install Buster from scratch"-procedure?
Index(es):
- Date
- Thread