Patch to source: https://git.exim.org/exim.git/commitdiff/4e6ae6235c68de243b1c2419027472d7659aa2b4 Bug: https://bugs.exim.org/show_bug.cgi?id=2199
A commit references this bug: Author: vsevolod Date: Mon Nov 27 07:55:18 UTC 2017 New revision: 454936 URL: https://svnweb.freebsd.org/changeset/ports/454936 Log: - Fix RCE vulnerability: The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands. PR: 223870 Submitted by: Gary MFH: 2017Q4 Security: CVE-2017-16943 Changes: head/mail/exim/Makefile head/mail/exim/files/patch-CVE-2017-16943
A commit references this bug: Author: vsevolod Date: Tue Nov 28 08:54:00 UTC 2017 New revision: 455024 URL: https://svnweb.freebsd.org/changeset/ports/455024 Log: MFH: r454936 - Fix RCE vulnerability: The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands. PR: 223870 Submitted by: Gary Security: 68b29058-d348-11e7-b9fe-c13eb7bcbf4f Approved by: ports-secteam (swills) Changes: _U branches/2017Q4/ branches/2017Q4/mail/exim/Makefile branches/2017Q4/mail/exim/files/patch-CVE-2017-16943