[exim-cvs] chg: add note about CVE-2021-38371 about not bein…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
 
 
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] chg: add note about CVE-2021-38371 about not being a problem
Gitweb: https://git.exim.org/exim-website.git/commitdiff/ba0da048589d0c808f3161ea03de19d3bb2adc17
Commit:     ba0da048589d0c808f3161ea03de19d3bb2adc17
Parent:     2fae8e2e6a9d5606ac7eb7c94003d59756a1281a
Author:     Heiko Schlittermann (HS12-RIPE) <hs@???>
AuthorDate: Mon Mar 20 11:14:19 2023 +0100
Committer:  Heiko Schlittermann (HS12-RIPE) <hs@???>
CommitDate: Mon Mar 20 11:14:30 2023 +0100


    chg: add note about CVE-2021-38371 about not being a problem
---
 templates/static/doc/security/CVE-2021-38371.txt | 3 +++
 1 file changed, 3 insertions(+)


diff --git a/templates/static/doc/security/CVE-2021-38371.txt b/templates/static/doc/security/CVE-2021-38371.txt
index dfb748b..f24609a 100644
--- a/templates/static/doc/security/CVE-2021-38371.txt
+++ b/templates/static/doc/security/CVE-2021-38371.txt
@@ -5,6 +5,9 @@ Reporter:   Damian Poddebniak, Fabian Ising, Hanno Böck, and Sebastian Schinzel
 Reference:  https://nostarttls.secvuln.info/
 Issue:      Possible MitM attack on STARTTLS when Exim is *sending* email.


+** The Exim developers do not consider this issue as a security problem.
+** Additionally, we do not have any feedback about a successful attack
+** using the scenario described below.

Conditions to be vulnerable
===========================

This message was posted to the following mailing lists:
exim-cvs
Mailing List Info | Nearby Messages		<-[exim-cvs] ACL: patterns for remove_headers. Bug 2985[exim-cvs] add: CVE-2021-38371->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)