Mantis - exim
|
|||||
Viewing Issue Advanced Details | |||||
|
|||||
ID: | Category: | Severity: | Reproducibility: | Date Submitted: | Last Update: |
5317 | upgrade | major | unable to reproduce | 2018-03-09 16:32 | 2019-07-11 14:51 |
|
|||||
Reporter: | barlavento | Platform: | |||
Assigned To: | OS: | ||||
Priority: | normal | OS Version: | |||
Status: | new | Product Version: | |||
Product Build: | Resolution: | open | |||
Projection: | none | ||||
ETA: | none | Fixed in Version: | |||
|
|||||
Summary: | 0005317: EXIM CVE-2018-6789 | ||||
Description: |
CVE-2018-6789 ============= There is a buffer overflow in base64d(), if some pre-conditions are met. Using a handcrafted message, remote code execution seems to be possible. A patch exists already and is being tested. Currently we're unsure about the severity, we *believe*, an exploit is difficult. A mitigation isn't known. Timeline (UTC) -------------- * 2018-02-05 Report from Meh Chang <meh@devco.re> via exim-security mailing list * 2018-02-06 Request CVE on https://cveform.mitre.org/ [^] (heiko) CVE-2018-6789 * 2018-02-07 Announcement to the public via exim-users, exim-maintainers mailing lists and on oss-security mailing list * 2018-02-08 16:50 Grant restricted access to the security repo for distro maintainers * 2018-02-09 One distro breaks the embargo * 2018-02-10 18:00 Grant public access to the our official git repo. |
||||
Steps To Reproduce: | |||||
Additional Information: |
Would it be possible to re-package to the latest new version? Would fix other vulnerabilities and bugs as well :-) |
||||
Relationships | |||||
Attached Files: |
514.gz [^] (10,334 bytes) 2018-12-04 10:32 130.pdf [^] (29,446 bytes) 2019-07-11 14:51 |
||||
|
|||||
Issue History | |||||
Date Modified | Username | Field | Change | ||
2018-03-09 16:32 | barlavento | New Issue | |||
2018-03-20 11:04 | dam | Note Added: 0011270 | |||
2018-03-21 08:31 | barlavento | Note Added: 0011271 | |||
2018-03-21 09:28 | dam | Note Added: 0011272 | |||
2018-03-21 16:31 | barlavento | Note Added: 0011273 | |||
2018-12-04 10:32 | Markus34 | File Added: 514.gz | |||
2018-12-17 12:47 | Markus34 | Note Added: 0011287 | |||
2018-12-17 12:50 | dam | Note Deleted: 0011287 | |||
2018-12-17 13:42 | barlavento | Note Added: 0011288 | |||
2019-07-11 14:51 | tomplatz | File Added: 130.pdf |
Notes | |||||
|
|||||
|
|
||||
|
|||||
|
|
||||
|
|||||
|
|
||||
|
|||||
|
|
||||
|
|||||
|
|