CVE ID: CVE-2019-15846
Version(s): up to and including 4.92.1
Issue: A local or remote attacker can execute programs with root
Details: Will be made public at CRD. Currently there is no known
exploit, but a rudimentary POC exists.
Coordinated Release Date (CRD) for Exim 4.92.2:
2019-09-06 10:00 UTC
- initial notification to distros@...nwall.org and
2019-09-04: <-- NOW
- This Heads-up notice to oss-security@...ts.openwall.com,
exim-users@...m.org, and exim-announce@...m.org
2019-09-06 10:00 UTC:
- Coordinated relase date
- Notice to oss-security, exim-users, and exim-announce
- Publish the patches in our official and public Git repositories
and the packages on our FTP server.
Downloads available starting at CRD (not yet)
The downloads are not yet available. They will be made available
at the above mentioned CRD.
The bug has been referenced in the following commit(s):
Author: Thomas Deutschmann <email@example.com>
AuthorDate: 2019-09-06 13:16:23 +0000
Commit: Thomas Deutschmann <firstname.lastname@example.org>
CommitDate: 2019-09-06 13:17:49 +0000
mail-mta/exim: bump to v4.92.2 (CVE-2019-15846)
- EAPI bumped to EAPI=7
Package-Manager: Portage-2.3.75, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <email@example.com>
mail-mta/exim/Manifest | 2 +
mail-mta/exim/exim-4.92.2.ebuild | 582 +++++++++++++++++++++++++++++++++++++++
2 files changed, 584 insertions(+)
Added to an existing GLSA.
This issue was resolved and addressed in
GLSA 201909-06 at https://security.gentoo.org/glsa/201909-06
by GLSA coordinator Thomas Deutschmann (whissi).
Re-opening for remaining architectures.