[exim-cvs] Add more detail to the mitigation

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
 
 
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] Add more detail to the mitigation
Gitweb: https://git.exim.org/exim-website.git/commitdiff/b8fa12c85d8d08b7702a9b55fd73d2987720bd66
Commit:     b8fa12c85d8d08b7702a9b55fd73d2987720bd66
Parent:     8985012787adcd5c6c57f2cc19bc66da78ed8610
Author:     Heiko Schlittermann (HS12-RIPE) <hs@???>
AuthorDate: Fri Sep 6 13:18:14 2019 +0200
Committer:  Heiko Schlittermann (HS12-RIPE) <hs@???>
CommitDate: Fri Sep 6 13:18:14 2019 +0200


    Add more detail to the mitigation
---
 templates/static/doc/security/CVE-2019-15846.txt | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)


diff --git a/templates/static/doc/security/CVE-2019-15846.txt b/templates/static/doc/security/CVE-2019-15846.txt
index aabdf1d..386a1fa 100644
--- a/templates/static/doc/security/CVE-2019-15846.txt
+++ b/templates/static/doc/security/CVE-2019-15846.txt
@@ -29,8 +29,10 @@ Do not offer TLS. (This mitigation is not recommended.)

For a attacking SNI the following ACL snippet should work: 

-    # to be prepended to your mail acl (acl_smtp_mail)
+    # to be prepended to your mail acl (the ACL referenced
+    # by the acl_smtp_mail main config option)
     deny    condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_sni}}}}
+    deny    condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_peerdn}}}}


Fix
===

This message was posted to the following mailing lists:
exim-cvs
Mailing List Info | Nearby Messages		<-[exim-cvs] Add acl snippet as a mitigation method[exim-cvs] Better wording in CVE txt->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)