Versions: 4.69 -> 4.87
Impact: Possible leak of private information to a remote attacker
Reference: https://bugs.exim.org/show_bug.cgi?id=1996 (placeholder currently)
Requester: Heiko Schlittermann <email@example.com> (Exim Developer)
Credits: Bjoern Jacke <firstname.lastname@example.org>
If several conditions are met, Exim leaks private information to
a remote attacker.
A patch exists and is under testing already.
Backports to older versions are under development.
As soon as the tests are passed we'll send an announcement
to the "Operating system distribution security contacts list" and
ask for packaging fixed versions.
Upstream announced they released 4.88, but will make it public on the 25th, so no way for us to test/prepare. I hope we can bump ASAP given this inconvenient time planning.
exim-4.88 is now in the tree.
please test and mark stable: =mail-mta/exim-4.88
There's also exim-4.87.1 which has no feature changes but only the CVE patched.
Stable on alpha.
Stable for HPPA.
GLSA Vote: No
@ Maintainer(s): Please cleanup and drop <mail-mta/exim-4.88!