Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#52221 - [exim] 4.87 has a security issue (CVE-2016-9963 Exim private information leak)
Attached to Project:
Community Packages
Opened by Filip Frackiewicz (notreallyhere) - Wednesday, 21 December 2016, 02:44 GMT
Last edited by Levente Polyak (anthraxx) - Friday, 20 January 2017, 17:42 GMT
Opened by Filip Frackiewicz (notreallyhere) - Wednesday, 21 December 2016, 02:44 GMT
Last edited by Levente Polyak (anthraxx) - Friday, 20 January 2017, 17:42 GMT
|
DetailsOne of the developers of Exim has reported that Exim, under the right conditions, will leak private information:
http://seclists.org/oss-sec/2016/q4/693 Actual CVE: http://seclists.org/oss-sec/2016/q4/703 As of right now, the only patch that may mitigate the problem would be the latest 4.88 release candidate: https://github.com/Exim/exim/releases/tag/exim-4_88_RC6 |
This task depends upon
Closed by Levente Polyak (anthraxx)
Friday, 20 January 2017, 17:42 GMT
Reason for closing: Fixed
Additional comments about closing: 4.88-1
Friday, 20 January 2017, 17:42 GMT
Reason for closing: Fixed
Additional comments about closing: 4.88-1