Re: [exim] CVE-2022-37452

Top Page
Delete this message
Reply to this message
Author: Ken Olum
Date:  
To: exim-users
CC: kdo
Subject: Re: [exim] CVE-2022-37452
I found out about CVE-2022-37452 when I got this notice from Ubuntu
security: https://ubuntu.com/security/notices/USN-5574-1 . It says
"Exim could be made to execute arbitrary code", though in the details it
says "possibly". Naturally this worried me, and I was alarmed that I
hadn't heard of it before through exim channels. If there is really a
remote code execution flaw, it would be vital to warn people. If there
really is no such flaw, it would be nice to reassure people that it is
not an emergency. In any case, given the above announcement it seems
that this is prominent enough that it would be good to make it easy for
people to get accurate information.

Thanks.

                                        Ken