Summary: | mail/exim: remote code execution (CVE-2017-16943) | ||
---|---|---|---|
Product: | Ports & Packages | Reporter: | Gary <freebsd-bugzilla> |
Component: | Individual Port(s) | Assignee: | Vsevolod Stakhov <vsevolod> |
Status: | Closed FIXED | ||
Severity: | Affects Many People | CC: | freebsd-bugzilla, pi |
Priority: | --- | Flags: | pi:
maintainer-feedback+
|
Version: | Latest | ||
Hardware: | Any | ||
OS: | Any |
Description
Gary
2017-11-25 18:51:07 UTC
A commit references this bug: Author: vsevolod Date: Mon Nov 27 07:55:18 UTC 2017 New revision: 454936 URL: https://svnweb.freebsd.org/changeset/ports/454936 Log: - Fix RCE vulnerability: The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands. PR: 223870 Submitted by: Gary MFH: 2017Q4 Security: CVE-2017-16943 Changes: head/mail/exim/Makefile head/mail/exim/files/patch-CVE-2017-16943 A commit references this bug: Author: vsevolod Date: Tue Nov 28 08:54:00 UTC 2017 New revision: 455024 URL: https://svnweb.freebsd.org/changeset/ports/455024 Log: MFH: r454936 - Fix RCE vulnerability: The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands. PR: 223870 Submitted by: Gary Security: 68b29058-d348-11e7-b9fe-c13eb7bcbf4f Approved by: ports-secteam (swills) Changes: _U branches/2017Q4/ branches/2017Q4/mail/exim/Makefile branches/2017Q4/mail/exim/files/patch-CVE-2017-16943 |