Your message dated Sat, 10 Feb 2018 18:19:49 +0000 with message-id <e1ekzkb-0001cu...@fasolo.debian.org> and subject line Bug#890000: fixed in exim4 4.90.1-1 has caused the Debian Bug report #890000, regarding exim4: CVE-2018-6789: Buffer overflow in an utility function to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 890000: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890000 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: exim4 Version: 4.90-1 Severity: grave Tags: security upstream Hi, the following vulnerability was published for exim4 (actually not really the details, filling the bug for having a tracking bug in the BTS). CVE-2018-6789[0]: | An issue was discovered in the SMTP listener in Exim 4.90 and earlier. | By sending a handcrafted message, a buffer overflow may happen in a | specific function. This can be used to execute code remotely. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-6789 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6789 [1] https://exim.org/static/doc/security/CVE-2018-6789.txt Please adjust the affected versions in the BTS as needed, when issue goes public with details and possibly adjust severity. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: exim4 Source-Version: 4.90.1-1 We believe that the bug you reported is fixed in the latest version of exim4, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 890...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Metzler <ametz...@debian.org> (supplier of updated exim4 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 10 Feb 2018 13:45:40 +0100 Source: exim4 Binary: exim4-base exim4-config exim4-daemon-light exim4 exim4-daemon-heavy eximon4 exim4-dev Architecture: source Version: 4.90.1-1 Distribution: unstable Urgency: high Maintainer: Exim4 Maintainers <pkg-exim4-maintain...@lists.alioth.debian.org> Changed-By: Andreas Metzler <ametz...@debian.org> Closes: 890000 Description: exim4-base - support files for all Exim MTA (v4) packages exim4-config - configuration for the Exim MTA (v4) exim4-daemon-heavy - Exim MTA (v4) daemon with extended features, including exiscan-ac exim4-daemon-light - lightweight Exim MTA (v4) daemon exim4-dev - header files for the Exim MTA (v4) packages exim4 - metapackage to ease Exim MTA (v4) installation eximon4 - monitor application for the Exim MTA (v4) (X11 interface) Changes: exim4 (4.90.1-1) unstable; urgency=high . * New upstream version, fixing CVE-2018-6789. Closes: #890000 + Drop 75_*.patch. Checksums-Sha1: 90bd38a507181049ad58af21753a130ae702fe95 2846 exim4_4.90.1-1.dsc ae89fd6fe0d377f68b4c4b96d9e3d0d630226aba 1721460 exim4_4.90.1.orig.tar.xz 197b5526450715f51703da9470f3dcaa8d9f70c0 488 exim4_4.90.1.orig.tar.xz.asc cb36f0043731b465b6860143f94bb34daf942f13 447784 exim4_4.90.1-1.debian.tar.xz Checksums-Sha256: f79d749257143ffc5ed00db2feab8fe9fe48e92fa9ff85efbe2f50b159fa2c38 2846 exim4_4.90.1-1.dsc 5c98dfd12043be5751b88ef64d5363cd99284236eaeec6316b062a7628c2f726 1721460 exim4_4.90.1.orig.tar.xz 79e78f034abd8ca446baabc807350690583f87fc62bee6a70865597de8111282 488 exim4_4.90.1.orig.tar.xz.asc ee752a3d79c2aad226c759d5a7bf1f77e50a47d4623fe41eaea0f869626e685d 447784 exim4_4.90.1-1.debian.tar.xz Files: 7e996e02d76643e022e4304f7a6c4968 2846 mail standard exim4_4.90.1-1.dsc 0095c67c9954a51c67424a11e429ebc7 1721460 mail standard exim4_4.90.1.orig.tar.xz 43f30b5f9eb53ca77b90996ec1d4aa1a 488 mail standard exim4_4.90.1.orig.tar.xz.asc 5f1311525dd4839a6a517adc7d5e8a39 447784 mail standard exim4_4.90.1-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAlp+6hsACgkQpU8BhUOC FITckQ//aRaFNzL2kGzHsmUelSbKEOc9EPpEkNMswmyiYtgAEP0Hc3RsuZkIMouQ ktWoZ0mU6sY7XrW+mFIJhVSKPHK5PzJVJWg3B8ziRCKwRaijK5CYYwaE2nHmWmuJ TqmYVbwmyjW4ggY0K27oj/0waxN3YllaYyoPXY/q8+kCRoOR+GagFudiE81m6RUV 0H/VGOMLDhLRZTSqNCgND2GsEnB3YfGzAmPevQGVOjlNQIXzgztbdhSQMnf255pl 2WVFwQ9xbgyPo+VCZm/ZyPu7yqDSUcttjIF9FLyqtaBJCPvA51xWYhKUJMKWHatJ o3C4Il1dUpcnHoo9gS0c8rQNyY+QwsBhK59c4uz7EhpVc4Cf5aKhj+vEzpAOApXb v/SdvLyEi/EeVBE91Jtc7LEpleTLVqNguJuDtDzjtiTKnYT7VQ9r+KludSUz01BC pmaGCwYG3NE13w5X38dNokH83ijgZBb2JH/10iOTlnTYweunve0uwsi7o8zWa1DJ 9vEBvvOub8PTybYZGeFE3fz08d2Tpe7IFc/CV6sRFy984Erex3Ej89ugLKQ50Dct GWaGrGn1k2eSKpW5eEHOfKD/myARCisdgtb0kH1gRue6SHoK7B2aG1dOwiLZMoTk dq7I4eeHBDqxjPRz5kAY11nbnBk+sPujmUOlWY1LfLaS49XwVmU= =scUA -----END PGP SIGNATURE-----
--- End Message ---
