Bug 225808 - mail/exim: update 4.90 -> 4.90.1
Summary: mail/exim: update 4.90 -> 4.90.1
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Vsevolod Stakhov
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-02-10 18:17 UTC by Kurt Jaeger
Modified: 2018-02-10 19:41 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (vsevolod)
pi: merge-quarterly?


Attachments
patch (971 bytes, patch)
2018-02-10 18:17 UTC, Kurt Jaeger
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Kurt Jaeger freebsd_committer 2018-02-10 18:17:30 UTC
Created attachment 190485 [details]
patch

pending testbuilds
Comment 1 Kurt Jaeger freebsd_committer 2018-02-10 18:27:12 UTC
The update contains a security fix for a possible remote exploit (!), see

http://exim.org/static/doc/security/CVE-2018-6789.txt

and

ftp://ftp.exim.org/pub/exim/exim4/ChangeLog

and

https://lists.exim.org/lurker/message/20180210.180351.bc65dc61.en.html
which says:
The reporter of the bug claims to have a working exploit.

Testbuilds are fine.
Comment 2 Vsevolod Stakhov freebsd_committer 2018-02-10 19:41:36 UTC
I have been working on the fix at the same time. It should be resolved now.