Both issues are fixed now.
CVE-2017-16943 (RCE) Exim Bug 2199
master: 4e6ae6235c68de243b1c2419027472d7659aa2b4
exim-4_89+fixes: 4090d62a4b25782129cc1643596dc2f6e8f63bde
Fix done by Jeremy Harris
CVE-2017-16944 (DoS) Exim Bug 2201
master: 178ecb70987f024f0e775d87c2f8b2cf587dd542
exim-4_89+fixes: 4804c62909a62a3ac12ec4777ebd48c541028965
Fix done by me.
We'll prepare a 4.89.1 release including these two fixes,
even though 4.90 is quite close.
If you can't update now, you should disable the chunking extension.
chunking_advertise_hosts =
Distros are advised to include these commits.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -