[exim-cvs] place a hint on the libspf2 issue

Pàgina inicial
Delete this message
Reply to this message
Autor: Exim Git Commits Mailing List
Data:  
A: exim-cvs
Assumpte: [exim-cvs] place a hint on the libspf2 issue
Gitweb: https://git.exim.org/exim-website.git/commitdiff/1971afc2ca8c0320a24bc2bd1b55b33b40174e5f
Commit:     1971afc2ca8c0320a24bc2bd1b55b33b40174e5f
Parent:     d5266ad069f428eb2bb5e4c6f3d0962e5378510e
Author:     Heiko Schlittermann (HS12-RIPE) <hs@???>
AuthorDate: Mon Oct 2 08:44:40 2023 +0200
Committer:  Heiko Schlittermann (HS12-RIPE) <hs@???>
CommitDate: Mon Oct 2 08:44:40 2023 +0200


    place a hint on the libspf2 issue
---
 templates/static/doc/security/CVE-2023-zdi.txt | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)


diff --git a/templates/static/doc/security/CVE-2023-zdi.txt b/templates/static/doc/security/CVE-2023-zdi.txt
index a9dc538..5edb2ec 100644
--- a/templates/static/doc/security/CVE-2023-zdi.txt
+++ b/templates/static/doc/security/CVE-2023-zdi.txt
@@ -69,7 +69,9 @@ CVSS Score: 7.5
 Mitigation: Do not use the `spf` condition in your ACL
 Subsystem:  spf
 Remark:     It is debatable if this should be filed against
-            libspf2.
+            libspf2. There are hints (simon, #Exim IRC) that this
+        is related to
+        https://github.com/shevek/libspf2/pull/44


ZDI-23-1473 | ZDI-CAN-17643 | CVE-2023-42219 | Exim Bug 3033
------------------------------------------------------------

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-cvs.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-cvs-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/