On 17.05.2021 16:44, Leo Famulari wrote: > On Mon, May 17, 2021 at 12:10:26PM +0200, Taylan Kammer wrote: >> Hi Guix people, >> >> Just wanted to make sure everyone's aware, since we package Exim: >> >> https://blog.qualys.com/vulnerabilities-research/2021/05/04/21nails-multiple-vulnerabilities-in-exim-mail-server >> >> "Last fall, the Qualys Research Team engaged in a thorough code audit of Exim >> and discovered 21 unique vulnerabilities. Ten of these vulnerabilities can be >> exploited remotely. Some of them leading to provide root privileges on the >> remote system. And eleven can be exploited locally with most of them can be >> exploited in either default configuration or in a very common configuration. >> Some of the vulnerabilities can be chained together to obtain a full remote >> unauthenticated code execution and gain root privileges on the Exim Server. >> Most of the vulnerabilities discovered by the Qualys Research Team for e.g. >> CVE-2020-28017 affects all versions of Exim going back all the way to 2004 >> (going back to the beginning of its Git history 17 years ago)." > > Fixed in commit 4ca8a00263 (gnu: Exim: Update to 4.94.2 [security > fixes].) > > https://git.savannah.gnu.org/cgit/guix.git/commit/?id=4ca8a002633f5d5c88c689fd41a686b5cdff33ec >
On the same day that article was published, neat! :-) -- Taylan
