[exim-cvs] remove spurious file

Top Page
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
To: exim-cvs
Subject: [exim-cvs] remove spurious file
Gitweb: https://git.exim.org/exim-website.git/commitdiff/c86f98b0dcba3d26f2c1474db3a33e13a95e136e
Commit:     c86f98b0dcba3d26f2c1474db3a33e13a95e136e
Parent:     79e44f3d2205c0e9e2b52fb9a2bfc9853e2f2e33
Author:     Heiko Schlittermann (HS12-RIPE) <hs@???>
AuthorDate: Tue Mar 21 19:35:47 2023 +0100
Committer:  Heiko Schlittermann (HS12-RIPE) <hs@???>
CommitDate: Tue Mar 21 19:35:47 2023 +0100

    remove spurious file
 templates/static/doc/security/xx | 43 ----------------------------------------
 1 file changed, 43 deletions(-)

diff --git a/templates/static/doc/security/xx b/templates/static/doc/security/xx
deleted file mode 100644
index 2322c43..0000000
--- a/templates/static/doc/security/xx
+++ /dev/null
@@ -1,43 +0,0 @@
-CVE ID:     CVE-2021-38371
-Date:       2021-08-10
-Version(s): up to and including 4.94.2
-Reporter:   Damian Poddebniak, Fabian Ising, Hanno Böck, and Sebastian Schinzel
-Reference:  https://nostarttls.secvuln.info/
-Issue:      Possible MitM attack on STARTTLS when Exim is *sending* email.
-** The Exim developers do not consider this issue as a security problem.
-** Additionally, we do not have any feedback about a successful attack
-** using the scenario described below.
-Conditions to be vulnerable
-Versions up to (and including) 4.94.2 are vulnerable when
-*sending* emails via a connection encrypted via STARTTLS.
-When Exim acting as a mail client wishes to send a message,
-a Meddler-in-the-Middle (MitM) may respond to the STARTTLS command
-by also sending a response to the *next* command, which Exim will
-erroneously treat as a trusted response.
-Source fixed by
-commit 1b9ab35f323121aabf029f0496c7227818efad14
-Author: Jeremy Harris
-Date:   Thu Jul 30 20:16:01 2020 +0100
-There is - beside updating the server - no known mitigation.
-Download and build the fixed version 4.95 or a later version
-(4.96 was released in June 2022).