From noreply at opencsw.org Mon Dec 17 12:47:13 2018 From: noreply at opencsw.org (Mantis Bug Tracker) Date: Mon, 17 Dec 2018 12:47:13 +0100 Subject: [exim 0005317]: EXIM CVE-2018-6789 In-Reply-To: <603921662774d622a4b96622c8eb8d54> Message-ID: <7a7e1b2c8120857121dd504910969018@www.opencsw.org> A NOTE has been added to this issue. ====================================================================== https://www.opencsw.org/mantis/view.php?id=5317 ====================================================================== Reported By: barlavento Assigned To: ====================================================================== Project: exim Issue ID: 5317 Category: upgrade Reproducibility: unable to reproduce Severity: major Priority: normal Status: new ====================================================================== Date Submitted: 2018-03-09 16:32 CET Last Modified: 2018-12-17 12:47 CET ====================================================================== Summary: EXIM CVE-2018-6789 Description: CVE-2018-6789 ============= There is a buffer overflow in base64d(), if some pre-conditions are met. Using a handcrafted message, remote code execution seems to be possible. A patch exists already and is being tested. Currently we're unsure about the severity, we *believe*, an exploit is difficult. A mitigation isn't known. Timeline (UTC) -------------- * 2018-02-05 Report from Meh Chang via exim-security mailing list * 2018-02-06 Request CVE on https://cveform.mitre.org/ (heiko) CVE-2018-6789 * 2018-02-07 Announcement to the public via exim-users, exim-maintainers mailing lists and on oss-security mailing list * 2018-02-08 16:50 Grant restricted access to the security repo for distro maintainers * 2018-02-09 One distro breaks the embargo * 2018-02-10 18:00 Grant public access to the our official git repo. ====================================================================== ---------------------------------------------------------------------- (0011287) Markus34 (reporter) - 2018-12-17 12:47 https://www.opencsw.org/mantis/view.php?id=5317#c11287 ---------------------------------------------------------------------- Hi guys. It is a new information for me too so if you have more please share with me. __________ https://www.opencsw.org/mantis/view.php?id=5317 https://goo.gl/4148dE From noreply at opencsw.org Mon Dec 17 13:42:43 2018 From: noreply at opencsw.org (Mantis Bug Tracker) Date: Mon, 17 Dec 2018 13:42:43 +0100 Subject: [exim 0005317]: EXIM CVE-2018-6789 In-Reply-To: <603921662774d622a4b96622c8eb8d54> Message-ID: A NOTE has been added to this issue. ====================================================================== https://www.opencsw.org/mantis/view.php?id=5317 ====================================================================== Reported By: barlavento Assigned To: ====================================================================== Project: exim Issue ID: 5317 Category: upgrade Reproducibility: unable to reproduce Severity: major Priority: normal Status: new ====================================================================== Date Submitted: 2018-03-09 16:32 CET Last Modified: 2018-12-17 13:42 CET ====================================================================== Summary: EXIM CVE-2018-6789 Description: CVE-2018-6789 ============= There is a buffer overflow in base64d(), if some pre-conditions are met. Using a handcrafted message, remote code execution seems to be possible. A patch exists already and is being tested. Currently we're unsure about the severity, we *believe*, an exploit is difficult. A mitigation isn't known. Timeline (UTC) -------------- * 2018-02-05 Report from Meh Chang via exim-security mailing list * 2018-02-06 Request CVE on https://cveform.mitre.org/ (heiko) CVE-2018-6789 * 2018-02-07 Announcement to the public via exim-users, exim-maintainers mailing lists and on oss-security mailing list * 2018-02-08 16:50 Grant restricted access to the security repo for distro maintainers * 2018-02-09 One distro breaks the embargo * 2018-02-10 18:00 Grant public access to the our official git repo. ====================================================================== ---------------------------------------------------------------------- (0011288) barlavento (reporter) - 2018-12-17 13:42 https://www.opencsw.org/mantis/view.php?id=5317#c11288 ---------------------------------------------------------------------- It is unfortunate I cannot create a new (Solaris 10 or newer) package. I do not have any experience with the build environment.