Re: [exim] CVE-2019-10149: 4.87 to 4.91 are vulnerable

Top Page
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: exim-users
Subject: Re: [exim] CVE-2019-10149: 4.87 to 4.91 are vulnerable
Russell King via Exim-users <exim-users@???> (Di 11 Jun 2019 16:08:28 CEST):
>
> As I stated in my original post, I've tried subsituting the " " with
> both + and %2b. I was using Firefox, I've also used elinks as well.
> Nothing works to get a commitdiff.
>
> >    https://git.exim.org/exim.git/shortlog/refs/heads/exim-4_91%2Bfixes

>
> That URL is not a problem - getting the shortlog is not a problem.
> Following any of the links from the shortlog _is_ a problem as my
> original post stated.


Hm. Starting with the link you describe here (using %2B) an can follow
many, if not all (didn't test *all*) links, shortlog -> commitdiff
works.

Using Chromium.
--
Heiko