Author: Thomas Hager Date: To: exim-users Subject: Re: [exim] CVE-2019-10149: already vulnerable ?
On June 22, 2019 10:44:43 AM GMT+02:00, Andreas Metzler via Exim-users <exim-users@???> wrote: >Hello Hi Andreas,
>the log-files on a try to exploit CVE-2019-10149 will look exactly the
>same
>for a vulnerable and for a fixed exim.
>
>CVE-2019-10149 is not that it is possible to submit a mail that ends
>up frozen in the queue. CVE is a remote command execution
>vulnerabilty. The fix for CVE-2019-10149 does not remove the
>possibility to generate frozen mails in the queue, it stops the remote
>command execution. Thanks for the clarification. I thought so, but it's way better to know ;-)
Cheers,
Tom.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.