CVE-2017-1000369 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000369): Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89. Please note that at this time upstream has released a patch but does not plan a new release to address this issue.
Upstream patch: https://github.com/Exim/exim/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21
Fixed via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=81618852a1f9d12b4aeea8a85b9d0f37f81f05b9 @ Arches, please test and mark stable: =mail-mta/exim-4.89-r1
FWIW, as maintainer, ok, 4.89 is good to go stable, runs for a while without issues on my systems.
amd64 stable
x86 stable
ppc stable
ppc64 stable
ia64 stable
Stable on alpha.
sparc stable
Arches, please finish stabilizing hppa Gentoo Security Padawan ChrisADR
New GLSA Request filed. @hppa please finish stabilization, this stabilization request has been opened since two months ago. Thank you, Gentoo Security Padawan ChrisADR
This issue was resolved and addressed in GLSA 201709-19 at https://security.gentoo.org/glsa/201709-19 by GLSA coordinator Aaron Bauman (b-man).
re-opened for cleanup
Cleaned up as much as possible, left exim-4.88 in the key with only hppa's stable keyword.
Slyfox: Can you please stabilize or drop keywords for hppa for this, as it is preventing cleanup.
hppa stable
cleaned up 4.88
Thank you all. Gentoo Security Padawan ChrisADR