Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 511686 (CVE-2014-2957) - <mail-mta/exim-4.82.1: remote code execution flaw (CVE-2014-2957)
Summary: <mail-mta/exim-4.82.1: remote code execution flaw (CVE-2014-2957)
Alias: CVE-2014-2957
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
Whiteboard: ~1 [noglsa]
Depends on:
Reported: 2014-05-28 12:44 UTC by Vladimir Varlamov
Modified: 2014-05-29 16:49 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Varlamov 2014-05-28 12:44:53 UTC
CVE-2014-2957 fixed in 4.82.1, introduced in 4.82: used untrusted 
ata when parsing the From header in Experimental DMARC code and 
allowed macro expansion.

only for mail-mta/exim[dmarc]
4.82.1 released

Reproducible: Always
Comment 1 Agostino Sarubbo gentoo-dev 2014-05-28 13:13:15 UTC
Thanks for the report.
Comment 2 Yury German Gentoo Infrastructure gentoo-dev 2014-05-29 14:28:08 UTC
Since DMARC was only introduced in 4.82, and 4.82 is not stable. If we remove the vulnerable versions we should be good:

Please cleanup:

4.82 & 4.82-r1

Thank you
Comment 3 Fabian Groffen gentoo-dev 2014-05-29 16:47:25 UTC
4.82 and 4.82-r1 removed