Bug 240912
| Summary: | mail/exim: upgrade 4.92.2 -> 4.92.3 to fix CVE-2019-16928 RCE | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Kurt Jaeger <pi> | ||||
| Component: | Individual Port(s) | Assignee: | Vsevolod Stakhov <vsevolod> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | CC: | pi | ||||
| Priority: | --- | Flags: | pi:
maintainer-feedback+
|
||||
| Version: | Latest | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| URL: | https://bugs.exim.org/show_bug.cgi?id=2449 | ||||||
| Attachments: |
|
||||||
|
Description
Kurt Jaeger
2019-09-29 06:57:00 UTC
A commit references this bug: Author: vsevolod Date: Sun Sep 29 08:33:29 UTC 2019 New revision: 513206 URL: https://svnweb.freebsd.org/changeset/ports/513206 Log: - Update to 4.92.3 to fix CVE-2019-16928 PR: 240912 Submitted by: pi MFH: 2019Q3 Security: e917caba-e291-11e9-89f1-152fed202bb7 Changes: head/mail/exim/Makefile head/mail/exim/distinfo All done, MFH request is pending for approval. Thanks! According to https://www.freebsd.org/doc/en/articles/committers-guide/ports.html#ports-qa-misc-request-mfh says: The following blanket approvals for merging to the quarterly branches are in effect: [...] Backport of security and reliability fixes which only result in PORTREVISION bumps and no changes to enabled features. for example, adding a patch fixing a buffer overflow. [...] So I think you can just commit that update. One item below my quote the handbook says: Minor version changes that do nothing but fix security or crash-related issues. So, I guess MFH is fine. A commit references this bug: Author: vsevolod Date: Sun Sep 29 09:49:09 UTC 2019 New revision: 513213 URL: https://svnweb.freebsd.org/changeset/ports/513213 Log: MFH: r513206 - Update to 4.92.3 to fix CVE-2019-16928 PR: 240912 Submitted by: pi Security: e917caba-e291-11e9-89f1-152fed202bb7 Approved by: ports-secteam (blanket) Changes: _U branches/2019Q3/ branches/2019Q3/mail/exim/Makefile branches/2019Q3/mail/exim/distinfo |