Re: [exim] CVE-2019-15846 ..Exim Vulnerability

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Heiko Schlittermann
Datum:  
To: exim-users
Betreff: Re: [exim] CVE-2019-15846 ..Exim Vulnerability
Richard Jones via Exim-users <exim-users@???> (Do 12 Sep 2019 14:36:41 CEST):
> On Sep 12, Heiko Schlittermann via Exim-users wrote
> > If you're out of luck, either upgrade your Debian system to a recent
> > one, or prepare to compile Exim on your own. (This is not as hard as it
> > seems, but you have to care about further updates manually).
>
> I don't suppose anyone has magical instructions on how to do this for
> exim4-daemon-heavy?


If you only want to backport the CVE patch, this should be simple, if
you're experience somewhat in re-building Debian packages.

From my mind:

    # cd $WORKSPACE
    apt source exim4-daemon-heavy
    apt install build-depends exim4-daemon-heavy


    # chdir into to the new created exim-<version> directory
    # apply the patch (it is a one liner in src/string.c)


    # edit debian/changelog     # there exist tools for doing it, like dch
                                # take care to create a new incremented
                                # version not conflicting with further
                                # versions from Upstream


    dpkg-buildpackage -uc -us   # rebuild, do not sign anything


    cd ..


Be happy with your fresh created *deb files

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
--
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -