Gitweb:
https://git.exim.org/exim-website.git/commitdiff/b8fa12c85d8d08b7702a9b55fd73d2987720bd66
Commit: b8fa12c85d8d08b7702a9b55fd73d2987720bd66
Parent: 8985012787adcd5c6c57f2cc19bc66da78ed8610
Author: Heiko Schlittermann (HS12-RIPE) <hs@???>
AuthorDate: Fri Sep 6 13:18:14 2019 +0200
Committer: Heiko Schlittermann (HS12-RIPE) <hs@???>
CommitDate: Fri Sep 6 13:18:14 2019 +0200
Add more detail to the mitigation
---
templates/static/doc/security/CVE-2019-15846.txt | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/templates/static/doc/security/CVE-2019-15846.txt b/templates/static/doc/security/CVE-2019-15846.txt
index aabdf1d..386a1fa 100644
--- a/templates/static/doc/security/CVE-2019-15846.txt
+++ b/templates/static/doc/security/CVE-2019-15846.txt
@@ -29,8 +29,10 @@ Do not offer TLS. (This mitigation is not recommended.)
For a attacking SNI the following ACL snippet should work:
- # to be prepended to your mail acl (acl_smtp_mail)
+ # to be prepended to your mail acl (the ACL referenced
+ # by the acl_smtp_mail main config option)
deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_sni}}}}
+ deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_peerdn}}}}
Fix
===