This is about a perl security issue that was not accepted directly into
exim in July/August 2016.
Patch 915 does not apply cleanly to exim 4.89_RC3
(which adds "use warnings;" in the same place the change made by 915).
A suitable alternative is:
--- src/eximstats.src.CVE-2016-1238 2017-02-10 02:50:40.000000000 +0000
+++ src/eximstats.src 2017-02-10 12:54:28.235197704 +0000
@@ -547,6 +547,8 @@
=cut
+BEGIN { pop @INC if $INC[-1] eq '.' }
+
use warnings;
use integer;
use strict;
On Mon, 25 Jul 2016, admin@??? wrote:
> https://bugs.exim.org/show_bug.cgi?id=1864
>
> Bug ID: 1864
> Summary: CVE-2016-1238: Important unsafe module load path flaw
> Product: Exim
> Version: 4.87
> Hardware: x86
> OS: Linux
> Status: NEW
> Severity: bug
> Priority: medium
> Component: Eximstats
> Assignee: nigel@???
> Reporter: eximusers@???
> CC: exim-dev@???
>
> Created attachment 915
> --> https://bugs.exim.org/attachment.cgi?id=915&action=edit
> patch used by Debian 4.84.2-1+deb8u1
>
> Hello,
>
> as part of fixing CVE-2016-1238 in DSA 3628-1 Debian has applied the attached
> patch to eximstats.
>
> Please review and apply. TIA
