https://bugs.exim.org/show_bug.cgi?id=2835
Lexen <lexenluis@???> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|SPAM |---
--- Comment #1 from Lexen <lexenluis@???> ---
here is a buffer overflow in an utility function, if some pre-conditions
are met. Using a handcrafted message, remote code execution seems to be
possible.
A patch exists already and is being tested.
Currently we're unsure about the severity, we *believe*, an exploit
is difficult. A mitigation isn't known.
https://emospace.net
Next steps:
* t0: Distros will get access to our "security" non-public git repo
(based on the SSH keys known to us)
* t0 +7d: Patch will be published on the official public git repo
--
You are receiving this mail because:
You are on the CC list for the bug.
