Gitweb:
https://git.exim.org/exim-website.git/commitdiff/29ed6255443ddd8c3248415c80201169e4f2e8a4
Commit: 29ed6255443ddd8c3248415c80201169e4f2e8a4
Parent: 2ccb90ffdf918dbef59a485afc3c98f46ce4360f
Author: Simon Arlott <simon@???>
AuthorDate: Fri Oct 6 09:08:22 2023 +0200
Committer: Heiko Schlittermann (HS12-RIPE) <hs@???>
CommitDate: Fri Oct 6 09:08:22 2023 +0200
clear statement on CVE-2023-42118
---
templates/static/doc/security/CVE-2023-zdi.txt | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/templates/static/doc/security/CVE-2023-zdi.txt b/templates/static/doc/security/CVE-2023-zdi.txt
index 7e8b0fc..3b45efd 100644
--- a/templates/static/doc/security/CVE-2023-zdi.txt
+++ b/templates/static/doc/security/CVE-2023-zdi.txt
@@ -87,10 +87,8 @@ Subject: libspf2 Integer Underflow
CVSS Score: 7.5
Mitigation: Do not use the `spf` condition in your ACL
Subsystem: spf
-Remark: It is debatable if this should be filed against
- libspf2. There are hints (simon, #Exim IRC) that this
- is related to
- https://github.com/shevek/libspf2/pull/44
+Remark: This CVE should be filed against libspf2.
+ See: https://github.com/shevek/libspf2/issues/45
ZDI-23-1473 | ZDI-CAN-17643 | CVE-2023-42119 | Exim Bug 3033
------------------------------------------------------------
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-cvs.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-cvs-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
